From 320485ae06e93da206049f4c3706db4e4fec554b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Jan 2016 14:03:03 +0100 Subject: refactor PVP Metadata provider functionality --- .../auth/invoke/SignatureVerificationInvoker.java | 142 -------------- .../parser/VerifyXMLSignatureResponseParser.java | 211 --------------------- 2 files changed, 353 deletions(-) delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java deleted file mode 100644 index 72a7d3ba1..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ /dev/null @@ -1,142 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.invoke; - -import java.util.Vector; - -import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; - -import org.apache.axis.message.SOAPBodyElement; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.SignatureVerificationService; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; -import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; -import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * Invoker of the SignatureVerification web service of MOA-SPSS.
- * Either invokes the web service, or calls the corresponding API, depending on configuration data. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class SignatureVerificationInvoker { - /** This QName Object identifies the SignatureVerification endpoint of the web service */ - private static final QName SERVICE_QNAME = new QName("SignatureVerification"); - - /** - * Method verifyXMLSignature. - * @param request to be sent - * @return Element with the answer - * @throws ServiceException if an error occurs - */ - public Element verifyXMLSignature(Element request) throws ServiceException { - return doCall(SERVICE_QNAME, request); - } - - /** - * Method doCall. - * @param serviceName the name of the service - * @param request the request to be sent - * @return Element the answer - * @throws ServiceException if an error occurs - */ - protected Element doCall(QName serviceName, Element request) throws ServiceException { - ConnectionParameter authConnParam = null; - try { - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - String endPoint; - AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); - authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(serviceName, params); - Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); - } - else { - SignatureVerificationService svs = SignatureVerificationService.getInstance(); - VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); - - VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - - //Logger.setHierarchy("moa.id.auth"); - return result.getDocumentElement(); - } - } - catch (Exception ex) { - if (authConnParam != null) { - throw new ServiceException("service.00", new Object[] { ex.toString()}, ex); - } else { - throw new ServiceException("service.03", new Object[] { ex.toString()}, ex); - } - } - } -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java deleted file mode 100644 index 7bce406e0..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ /dev/null @@ -1,211 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.parser; - -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Parses a <VerifyXMLSignatureResponse> returned by - * MOA-SPSS. - * This class implements the Singleton pattern - * - * @author Stefan Knirsch - * @version $Id$ - */ - - -public class VerifyXMLSignatureResponseParser { - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching MOA Namespaces */ - private static final String MOA = Constants.MOA_PREFIX + ":"; - /** Xpath prefix for reaching DSIG Namespaces */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/"; - - /** Xpath expression to the X509SubjectName element */ - private static final String DSIG_SUBJECT_NAME_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509SubjectName"; - /** Xpath expression to the X509Certificate element */ - private static final String DSIG_X509_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - DSIG + "X509Certificate"; - /** Xpath expression to the PublicAuthority element */ - private static final String PUBLIC_AUTHORITY_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - MOA + "PublicAuthority"; - /** Xpath expression to the PublicAuthorityCode element */ - private static final String PUBLIC_AUTHORITY_CODE_XPATH = - PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code"; - /** Xpath expression to the QualifiedCertificate element */ - private static final String QUALIFIED_CERTIFICATE_XPATH = - ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" + - MOA + "QualifiedCertificate"; - - /** Xpath expression to the SignatureCheckCode element */ - private static final String SIGNATURE_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureCheck/" + MOA + "Code"; - /** Xpath expression to the XMLDSIGManifestCheckCode element */ - private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code"; - /** Xpath expression to the SignatureManifestCheckCode element */ - private static final String SIGNATURE_MANIFEST_CHECK_CODE_XPATH = - ROOT + MOA + "SignatureManifestCheck/" + MOA + "Code"; - /** Xpath expression to the CertificateCheckCode element */ - private static final String CERTIFICATE_CHECK_CODE_XPATH = - ROOT + MOA + "CertificateCheck/" + MOA + "Code"; - - - /** This is the root element of the XML-Document provided by the Security Layer Card*/ - private Element verifyXMLSignatureResponse; - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming String will be created - * @param xmlResponse <InfoboxReadResponse> as String - * @throws ParseException on any parsing error - */ - public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{ - try { - InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8")); - - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s); - } - catch (Throwable t) { - throw new ParseException("parser.01", new Object[] { t.toString() }, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * A DOM-representation of the incoming Inputstream will be created - * @param xmlResponse <InfoboxReadResponse> as InputStream - * @throws Exception on any parsing error - */ - public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception - { - try { - verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - } - - /** - * Constructor for VerifyXMLSignatureResponseParser. - * The incoming Element will be used for further operations - * @param xmlResponse <InfoboxReadResponse> as Element - */ - public VerifyXMLSignatureResponseParser(Element xmlResponse) - { - verifyXMLSignatureResponse =xmlResponse; - - } - - /** - * Parse identity link from <InfoboxReadResponse> - * @return Identity link - * @throws ParseException on any parsing error - */ - - public VerifyXMLSignatureResponse parseData() throws ParseException { - - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); - - try { - - String s = DOMUtils.serializeNode(verifyXMLSignatureResponse); - respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,"")); - Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH); - respData.setQualifiedCertificate(e!=null); - - Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue( - verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true); - - respData.setX509certificate(new X509Certificate(in)); - Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH); - respData.setPublicAuthority(publicAuthority != null); - respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,"")); - respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue()); - - String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null); - if (xmlDsigCheckCode!=null) { - respData.setXmlDSIGManigest(true); - respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue()); - } else { - respData.setXmlDSIGManigest(false); - } - String signatureManifestCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_MANIFEST_CHECK_CODE_XPATH,null); - if (signatureManifestCheckCode != null) { - respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); - } - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); - } - catch (Throwable t) { - throw new ParseException("parser.01", null, t); - } - return respData; - } - - -} -- cgit v1.2.3 From 1b7401488933f031a68dfe929b25db86279b52d2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 15 Feb 2016 18:12:06 +0100 Subject: First untested part: Refactor authentication modules and process management to Spring --- .../src/main/webapp/WEB-INF/applicationContext.xml | 7 +- .../moa/id/advancedlogging/MOAReversionLogger.java | 46 +- .../moa/id/advancedlogging/StatisticLogger.java | 108 +- .../moa/id/auth/AuthenticationSessionCleaner.java | 43 +- .../moa/id/auth/BaseAuthenticationServer.java | 64 +- .../moa/id/auth/MOAIDAuthConstants.java | 5 +- .../moa/id/auth/MOAIDAuthInitializer.java | 5 +- .../id/auth/MOAIDAuthSpringResourceProvider.java | 6 +- .../id/auth/builder/AuthenticationDataBuilder.java | 63 +- .../moa/id/auth/builder/DataURLBuilder.java | 23 +- .../moa/id/auth/builder/LoginFormBuilder.java | 3 +- .../moa/id/auth/data/AuthenticationSession.java | 52 +- .../id/auth/modules/AbstractAuthServletTask.java | 87 +- .../id/auth/modules/BKUSelectionModuleImpl.java | 68 ++ .../tasks/CreateInterfedeartionRequestTask.java | 20 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 119 ++ .../internal/tasks/FinalizeAuthenticationTask.java | 50 +- .../tasks/GenerateBKUSelectionFrameTask.java | 102 ++ .../tasks/ReceiveInterfederationResponseTask.java | 3 + .../tasks/RestartAuthProzessManagement.java | 123 ++ .../StartAuthentificationParameterParser.java | 30 +- .../moa/id/auth/servlet/AbstractController.java | 238 ++++ .../AbstractProcessEngineSignalController.java | 84 ++ .../moa/id/auth/servlet/AuthServlet.java | 883 ++++++-------- .../GeneralProcessEngineSignalController.java | 51 + .../servlet/GenerateIFrameTemplateServlet.java | 336 +++--- .../id/auth/servlet/IDPSingleLogOutServlet.java | 57 +- .../moa/id/auth/servlet/LogOutServlet.java | 20 +- .../auth/servlet/ProcessEngineSignalServlet.java | 122 -- .../moa/id/auth/servlet/RedirectServlet.java | 28 +- .../servlet/SAML2InterfederationSignalServlet.java | 4 +- .../id/auth/servlet/SSOSendAssertionServlet.java | 353 +++--- .../moa/id/config/auth/IOAAuthParameters.java | 2 + .../config/auth/data/DynamicOAAuthParameters.java | 9 + .../moa/id/entrypoints/DispatcherServlet.java | 1234 ++++++++++---------- .../moa/id/moduls/AuthenticationManager.java | 668 ++++------- .../at/gv/egovernment/moa/id/moduls/IAction.java | 2 - .../gv/egovernment/moa/id/moduls/IModulInfo.java | 12 +- .../at/gv/egovernment/moa/id/moduls/IRequest.java | 159 ++- .../egovernment/moa/id/moduls/IRequestStorage.java | 41 + .../gv/egovernment/moa/id/moduls/ModulUtils.java | 92 +- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 266 +++-- .../egovernment/moa/id/moduls/RequestStorage.java | 78 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 85 +- .../egovernment/moa/id/process/ProcessEngine.java | 11 + .../moa/id/process/ProcessEngineImpl.java | 42 +- .../process/dao/ProcessInstanceStoreDAOImpl.java | 8 +- .../protocols/AbstractProtocolModulController.java | 268 +++++ .../protocols/ProtocolFinalizationController.java | 199 ++++ .../UniqueSessionIdentifierInterceptor.java | 93 ++ .../id/protocols/pvp2x/AttributQueryAction.java | 15 +- .../id/protocols/pvp2x/AuthenticationAction.java | 6 +- .../moa/id/protocols/pvp2x/MetadataAction.java | 9 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 446 +++---- .../id/protocols/pvp2x/PVPAssertionStorage.java | 27 +- .../id/protocols/pvp2x/PVPTargetConfiguration.java | 1 - .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 22 +- .../protocols/pvp2x/binding/ArtifactBinding.java | 121 -- .../id/protocols/pvp2x/binding/PostBinding.java | 3 +- .../pvp2x/requestHandler/ArtifactResolution.java | 82 -- .../pvp2x/requestHandler/AuthnRequestHandler.java | 12 +- .../pvp2x/requestHandler/RequestManager.java | 5 +- .../moa/id/storage/AssertionStorage.java | 227 ---- .../id/storage/AuthenticationSessionStoreage.java | 1130 ------------------ .../storage/DBAuthenticationSessionStoreage.java | 1049 +++++++++++++++++ .../moa/id/storage/DBExceptionStoreImpl.java | 175 --- .../moa/id/storage/DBTransactionStorage.java | 215 ++++ .../moa/id/storage/ExceptionStoreImpl.java | 58 - .../id/storage/IAuthenticationSessionStoreage.java | 281 +++++ .../moa/id/storage/IExceptionStore.java | 29 - .../moa/id/storage/ITransactionStorage.java | 90 ++ .../at/gv/egovernment/moa/id/util/HTTPUtils.java | 9 + ...t.gv.egovernment.moa.id.auth.modules.AuthModule | 2 + .../auth/modules/internal/BKUSelection.process.xml | 30 + .../main/resources/moaid.authentication.beans.xml | 61 + .../main/resources/moaid.configuration.beans.xml | 44 - .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 2 + .../egovernment/moa/id/commons/MOAIDConstants.java | 1 + .../moa/id/auth/AuthenticationServer.java | 92 +- ...enCardAuthenticationSpringResourceProvider.java | 63 + .../AuthenticationBlockAssertionBuilder.java | 6 +- .../auth/builder/StartAuthenticationBuilder.java | 70 -- .../id/auth/modules/internal/AuthModuleImpl.java | 44 + .../modules/internal/DefaultAuthModuleImpl.java | 36 - .../internal/tasks/CertificateReadRequestTask.java | 74 +- .../internal/tasks/CreateIdentityLinkFormTask.java | 71 +- .../modules/internal/tasks/GetForeignIDTask.java | 102 +- .../internal/tasks/GetMISSessionIDTask.java | 112 +- .../tasks/InitializeBKUAuthenticationTask.java | 60 +- .../tasks/PrepareAuthBlockSignatureTask.java | 87 +- .../internal/tasks/PrepareGetMISMandateTask.java | 100 +- .../tasks/VerifyAuthenticationBlockTask.java | 119 +- .../internal/tasks/VerifyCertificateTask.java | 106 +- .../internal/tasks/VerifyIdentityLinkTask.java | 75 +- ...tizenCardAuthProcessEngineSignalController.java | 52 + .../moa/id/util/CitizenCardServletUtils.java | 10 +- ...iz.components.spring.api.SpringResourceProvider | 1 + ...t.gv.egovernment.moa.id.auth.modules.AuthModule | 2 +- .../internal/DefaultAuthentication.process.xml | 22 +- .../resources/moaid_citizencard_auth.beans.xml | 47 + .../oauth20/protocol/OAuth20AuthAction.java | 18 +- .../oauth20/protocol/OAuth20AuthRequest.java | 8 +- .../oauth20/protocol/OAuth20BaseRequest.java | 4 +- .../oauth20/protocol/OAuth20Protocol.java | 73 +- .../oauth20/protocol/OAuth20TokenAction.java | 19 +- .../oauth20/protocol/OAuth20TokenRequest.java | 6 + .../moa/id/protocols/saml1/GetArtifactAction.java | 17 +- .../saml1/GetAuthenticationDataService.java | 25 +- .../protocols/saml1/SAML1AuthenticationServer.java | 19 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 97 +- .../moa/id/auth/servlet/MonitoringServlet.java | 27 +- 112 files changed, 6844 insertions(+), 5447 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml create mode 100644 id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml delete mode 100644 id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index d0c786751..0774bd277 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -18,19 +18,22 @@ + + + + + - - diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 7ac026888..17e39f766 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -27,10 +27,12 @@ import java.util.Arrays; import java.util.Date; import java.util.List; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -42,9 +44,10 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("MOAReversionLogger") public class MOAReversionLogger { - - private static MOAReversionLogger instance = null; + + @Autowired protected AuthConfiguration authConfig; private static final List defaultEventCodes = Arrays.asList( MOAIDEventConstants.SESSION_CREATED, @@ -69,17 +72,6 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER ); - - - public static synchronized MOAReversionLogger getInstance() { - if (instance == null) { - instance = new MOAReversionLogger(); - MOAIDEventLog.reload(); - - } - - return instance; - } public void logEvent(IOAAuthParameters oaConfig, int eventCode, String message) { @@ -91,8 +83,8 @@ public class MOAReversionLogger { int eventCode) { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, - pendingRequest.getSessionIdentifier(), - pendingRequest.getRequestID())); + pendingRequest.getUniqueSessionIdentifier(), + pendingRequest.getUniqueTransactionIdentifier())); } @@ -101,8 +93,8 @@ public class MOAReversionLogger { if (selectOASpecificEventCodes(oaConfig).contains(eventCode)) MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, - pendingRequest.getSessionIdentifier(), - pendingRequest.getRequestID() + pendingRequest.getUniqueSessionIdentifier(), + pendingRequest.getUniqueTransactionIdentifier() )); } @@ -140,8 +132,8 @@ public class MOAReversionLogger { */ public void logEvent(IRequest pendingRequest, int eventCode) { MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, - pendingRequest.getSessionIdentifier(), - pendingRequest.getRequestID())); + pendingRequest.getUniqueSessionIdentifier(), + pendingRequest.getUniqueTransactionIdentifier())); } @@ -249,15 +241,9 @@ public class MOAReversionLogger { } public List getDefaulttReversionsLoggingEventCodes() { - try { - List configuredDefaultEventCodes = AuthConfigurationProviderFactory.getInstance().getDefaultRevisionsLogEventCodes(); - if (configuredDefaultEventCodes != null) - return configuredDefaultEventCodes; - - } catch (ConfigurationException e) { - Logger.error("Access to configuration FAILED.", e); - - } + List configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes(); + if (configuredDefaultEventCodes != null) + return configuredDefaultEventCodes; return defaultEventCodes; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 5487152cf..87b3bc9ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -32,6 +32,8 @@ import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import org.apache.commons.lang3.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; @@ -47,16 +49,16 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("StatisticLogger") public class StatisticLogger { private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request"; @@ -73,45 +75,19 @@ public class StatisticLogger { private static final String ERRORTYPE_MANDATE = "mandate"; private static final String ERRORTYPE_MOAID = "moa-id"; private static final String ERRORTYPE_SZRGW = "szrgw"; - - private static StatisticLogger instance; - - private boolean isAktive = false; - - public static StatisticLogger getInstance() { - if (instance == null) - instance = new StatisticLogger(); - return instance; - } - - private StatisticLogger() { - try { - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - - if (config != null) - isAktive = config.isAdvancedLoggingActive(); - - } catch (ConfigurationException e) { - Logger.error("StatisticLogger can not be inizialized", e); - } - } - + @Autowired AuthConfiguration authConfig; + @Autowired IAuthenticationSessionStoreage authenticatedSessionStorage; + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { - if ( isAktive && protocolRequest != null && authData != null) { + if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) { - OAAuthParameter dbOA = null; - try { - dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); + IOAAuthParameters dbOA = null; + dbOA = protocolRequest.getOnlineApplicationConfiguration(); - if (dbOA == null) { - Logger.warn("Advanced logging failed: OA can not be found in database."); - return; - } - - } catch (ConfigurationException e1) { - Logger.error("Access MOA-ID configuration FAILED.", e1); + if (dbOA == null) { + Logger.warn("Advanced logging failed: OA can not be found in database."); return; } @@ -221,7 +197,7 @@ public class StatisticLogger { } public void logErrorOperation(Throwable throwable) { - if ( isAktive ) { + if ( authConfig.isAdvancedLoggingActive() ) { StatisticLog dblog = new StatisticLog(); //set actual date and time @@ -249,7 +225,7 @@ public class StatisticLogger { public void logErrorOperation(Throwable throwable, IRequest errorRequest) { - if (isAktive && throwable != null && errorRequest != null) { + if (authConfig.isAdvancedLoggingActive() && throwable != null && errorRequest != null) { StatisticLog dblog = new StatisticLog(); //set actual date and time @@ -260,44 +236,45 @@ public class StatisticLogger { dblog.setProtocoltype(errorRequest.requestedModule()); dblog.setProtocolsubtype(errorRequest.requestedAction()); - try { - OAAuthParameter dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(errorRequest.getOAURL()); - if (dbOA != null) { - dblog.setOafriendlyName(dbOA.getFriendlyName()); - dblog.setOatarget(dbOA.getTarget()); - //dblog.setOaID(dbOA.getHjid()); - dblog.setBusinessservice(isBusinessService(dbOA)); - - - AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID()); + IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration(); + if (dbOA != null) { + dblog.setOafriendlyName(dbOA.getFriendlyName()); + dblog.setOatarget(dbOA.getTarget()); + //dblog.setOaID(dbOA.getHjid()); + dblog.setBusinessservice(isBusinessService(dbOA)); + + try { + AuthenticationSession moasession = authenticatedSessionStorage. + getSession(errorRequest.getMOASessionIdentifier()); if (moasession != null) { if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { dblog.setBkuurl(moasession.getBkuURL()); dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); } - + dblog.setMandatelogin(moasession.getUseMandate()); } - - generateErrorLogFormThrowable(throwable, dblog); + } catch (MOADatabaseException e) { + Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information."); - - try { - StatisticLogDBUtils.saveOrUpdate(dblog); + } + + generateErrorLogFormThrowable(throwable, dblog); - } catch (MOADatabaseException e) { - Logger.warn("Statistic Log can not be stored into Database", e); - } + + + try { + StatisticLogDBUtils.saveOrUpdate(dblog); + + } catch (MOADatabaseException e) { + Logger.warn("Statistic Log can not be stored into Database", e); } - } catch (ConfigurationException e) { - Logger.error("Access MOA-ID configuration FAILED.", e); - return; } } } - private boolean isBusinessService(OAAuthParameter dbOA) { + private boolean isBusinessService(IOAAuthParameters dbOA) { if (dbOA.getOaType().equals("businessService")) return true; @@ -360,7 +337,7 @@ public class StatisticLogger { } - private String findBKUType(String bkuURL, OAAuthParameter dbOA) { + private String findBKUType(String bkuURL, IOAAuthParameters dbOA) { if (dbOA != null) { if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU))) @@ -376,14 +353,13 @@ public class StatisticLogger { Logger.trace("Staticic Log search BKUType from DefaultBKUs"); try { - AuthConfiguration authconfig = AuthConfigurationProviderFactory.getInstance(); - if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) return IOAAuthParameters.ONLINEBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) return IOAAuthParameters.LOCALBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) return IOAAuthParameters.HANDYBKU; } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 1f12675ca..a1ba00e02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -3,6 +3,14 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Date; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -13,22 +21,47 @@ import at.gv.egovernment.moa.logging.Logger; * @author Paul Ivancsics * @version $Id$ */ +@Service("AuthenticationSessionCleaner") public class AuthenticationSessionCleaner implements Runnable { + @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; + @Autowired private ITransactionStorage transactionStorage; + @Autowired protected AuthConfiguration authConfig; + /** interval the AuthenticationSessionCleaner is run in */ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min /** * Runs the thread. Cleans the AuthenticationServer session store * and authentication data store from garbage, then sleeps for given interval, and restarts. + * + * Cleans up expired session and authentication data stores. + * */ public void run() { while (true) { try { Logger.debug("AuthenticationSessionCleaner run"); - BaseAuthenticationServer.cleanup(); - } - catch (Exception e) { + Date now = new Date(); + + try { + int sessionTimeOutCreated = authConfig.getSSOCreatedTimeOut() * 1000; + int sessionTimeOutUpdated = authConfig.getSSOUpdatedTimeOut() * 1000; + int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000; + + //clean AuthenticationSessionStore + authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean TransactionStorage + transactionStorage.clean(now, authDataTimeOut); + + + } catch (Exception e) { + Logger.error("Session cleanUp FAILED!" , e); + + } + + } catch (Exception e) { Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e); } try { @@ -42,10 +75,10 @@ public class AuthenticationSessionCleaner implements Runnable { /** * start the sessionCleaner */ - public static void start() { + public static void start(Runnable clazz) { // start the session cleanup thread Thread sessionCleaner = - new Thread(new AuthenticationSessionCleaner(), "AuthenticationSessionCleaner"); + new Thread(clazz, "AuthenticationSessionCleaner"); sessionCleaner.setName("SessionCleaner"); sessionCleaner.setDaemon(true); sessionCleaner.setPriority(Thread.MIN_PRIORITY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java index 5e3b6653b..1ce6fa1e9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java @@ -1,37 +1,13 @@ package at.gv.egovernment.moa.id.auth; -import java.io.UnsupportedEncodingException; -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.opensaml.xml.util.XMLHelper; - -import org.w3c.dom.Element; +import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.client.SZRGWClient; -import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.xsd.mis.MandateIdentifiers; -import at.gv.util.xsd.mis.Target; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import at.gv.util.xsd.srzgw.MISType; -import at.gv.util.xsd.srzgw.MISType.Filters; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -43,6 +19,9 @@ import at.gv.util.xsd.srzgw.MISType.Filters; */ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { + @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; + @Autowired protected AuthConfiguration authConfig; + /** * Retrieves a session from the session store. * @@ -50,11 +29,11 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { * @return AuthenticationSession stored with given session ID (never {@code null}). * @throws AuthenticationException in case the session id does not reflect a valic, active session. */ - public static AuthenticationSession getSession(String id) + public AuthenticationSession getSession(String id) throws AuthenticationException { AuthenticationSession session; try { - session = AuthenticationSessionStoreage.getSession(id); + session = authenticationSessionStorage.getSession(id); if (session == null) throw new AuthenticationException("auth.02", new Object[]{id}); @@ -68,33 +47,4 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { } } - /** - * Cleans up expired session and authentication data stores. - */ - public static void cleanup() { - long now = new Date().getTime(); - - try { - int sessionTimeOutCreated = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; - int sessionTimeOutUpdated = AuthConfigurationProviderFactory.getInstance().getSSOUpdatedTimeOut() * 1000; - int authDataTimeOut = AuthConfigurationProviderFactory.getInstance().getTransactionTimeOut() * 1000; - - //clean AuthenticationSessionStore - AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); - - //clean AssertionStore - AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); - - //clean ExeptionStore - DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); - exstore.clean(now, authDataTimeOut); - - } catch (Exception e) { - Logger.error("Session cleanUp FAILED!" , e); - - } - - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index fa30f9ffd..082ebcdcd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -10,8 +10,6 @@ import java.util.List; import java.util.Map; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; - import iaik.asn1.ObjectID; @@ -35,6 +33,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PARAM_ACTION = "ACTION"; public static final String PARAM_SSO = "SSO"; public static final String INTERFEDERATION_IDP = "interIDP"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; public static final String PARAM_SLOSTATUS = "status"; public static final String PARAM_SLORESTART = "restart"; @@ -130,6 +129,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String REQ_BKU_TYPE_HANDY = "handy"; public static final List REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + public static final List LEGACYPARAMETERWHITELIST + = Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID); public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 4a004cdf0..5968736f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -223,7 +223,6 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer { // Initialize configuration provider AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext); - //test, if MOA-ID is already configured authConf.getPublicURLPrefix(); @@ -245,7 +244,9 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer { // Starts the session cleaner thread to remove unpicked authentication data - AuthenticationSessionCleaner.start(); + AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class); + AuthenticationSessionCleaner.start(sessioncleaner); + MOAGarbageCollector.start(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java index 06a1f0936..a82a958db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java @@ -40,8 +40,10 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider { public Resource[] getResourcesToLoad() { ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthSpringResourceProvider.class); ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthSpringResourceProvider.class); - - return new Resource[] {configurationDBConfig, moaidauthConfig}; + ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthSpringResourceProvider.class); + + return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans}; + } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index fe29dd2b7..5bde82899 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -22,8 +22,6 @@ */ package at.gv.egovernment.moa.id.auth.builder; -import iaik.x509.X509Certificate; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response; import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration; import at.gv.util.ex.EgovUtilException; import at.gv.util.wsdl.szr.SZRException; import at.gv.util.xsd.szr.PersonInfoType; +import iaik.x509.X509Certificate; /** * @author tlenz * */ +@Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends MOAIDAuthConstants { - public static IAuthData buildAuthenticationData(IRequest protocolRequest, + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired protected AuthConfiguration authConfig; + + public IAuthData buildAuthenticationData(IRequest protocolRequest, AuthenticationSession session, List reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } //reuse some parameters if it is a reauthentication - OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); if (activeOA != null) { authdata.setSessionIndex(activeOA.getAssertionSessionID()); authdata.setNameID(activeOA.getUserNameID()); @@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); + InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); IOAAuthParameters oaParam = null; if (reqAttributes == null) { //get OnlineApplication from MOA-ID-Auth configuration - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaID); + oaParam = authConfig.getOnlineApplicationParameter(oaID); //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway if (oaParam.isSTORKPVPGateway()) @@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } else { //get attributes from interfederated IDP - OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes); //mark attribute request as used @@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @throws BuildException * @throws DynamicOABuildException */ - public static IAuthData buildAuthenticationData(IRequest req, + public IAuthData buildAuthenticationData(IRequest req, AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException { return buildAuthenticationData(req, session, null); } @@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param reqQueryAttr * @throws ConfigurationException */ - private static void getAuthDataFromInterfederation( + private void getAuthDataFromInterfederation( AuthenticationData authdata, AuthenticationSession session, IOAAuthParameters oaParam, IRequest req, InterfederationSessionStore interfIDP, OAAuthParameter idp, List reqQueryAttr) throws BuildException, ConfigurationException{ @@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //IDP is a service provider IDP and request interfederated IDP to collect attributes } else { //get PVP 2.1 attributes from protocol specific requested attributes - attributs = req.getRequestedAttributes(); + attributs = (List) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES); } - Response intfResp = (Response) req.getInterfederationResponse().getResponse(); + Response intfResp = + (Response) req.getGenericData( + RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse(); AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(intfResp); @@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - private static void buildAuthDataFormInterfederationResponse( + private void buildAuthDataFormInterfederationResponse( AuthenticationData authData, AuthenticationSession session, AssertionAttributeExtractor extractor, @@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (MiscUtil.isEmpty(authData.getIdentificationValue())) { Logger.info("No baseID found. Connect SZR to reveive baseID ..."); try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig(); + EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); if (eGovClientsConfig != null) { SZRClient szrclient = new SZRClient(eGovClientsConfig); @@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - } catch (ConfigurationException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - } catch (EgovUtilException e) { Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME @@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param authData * @return */ - private static boolean matchsReceivedbPKToOnlineApplication( + private boolean matchsReceivedbPKToOnlineApplication( IOAAuthParameters oaParam, AuthenticationData authData) { String oaTarget = null; @@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { return false; } - private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { IdentityLink identityLink = session.getIdentityLink(); @@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } try { - authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); + authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); //set max. SSO session time if (authData.isSsoSession()) { - long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; + long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); authData.setSsoSessionValidTo(ssoSessionValidTo); @@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { + private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { if (oaParam.getBusinessService()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; @@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion; - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - if (config.isIdentityLinkResigning()) { - resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey()); + if (authConfig.isIdentityLinkResigning()) { + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey()); } else { resignedilAssertion = businessServiceIdl.getSamlAssertion(); } @@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { + private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU @@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst)) - target = protocolRequest.getTarget(); + target = protocolRequest.getGenericData("target", String.class); else target = oaParam.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index d4350f97b..9a2baf873 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -47,7 +47,6 @@ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; /** * Builds a DataURL parameter meant for the security layer implementation @@ -76,31 +75,13 @@ public class DataURLBuilder { * @return String */ public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - -// String individualDataURLPrefix = null; - String dataURL; - - //is removed from config in MOA-ID 2.0 - //check if an individual prefix is configured -// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). -// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); -// -// if (null != individualDataURLPrefix) { -// -// //check individualDataURLPrefix -// if(!individualDataURLPrefix.startsWith("http")) -// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); -// -// //when ok then use it -// dataURL = individualDataURLPrefix + authServletName; -// } else - + String dataURL; if (!authBaseURL.endsWith("/")) authBaseURL += "/"; dataURL = authBaseURL + authServletName; - dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); + dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID); return dataURL; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 99ba49d26..c22432d0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; @@ -119,7 +118,7 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) { + public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) { String value = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index ae3ec9a9b..3849eb8a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -36,8 +36,6 @@ package at.gv.egovernment.moa.id.auth.data; -import iaik.x509.X509Certificate; - import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; @@ -53,6 +51,7 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * Session data to be stored between AuthenticationServer API calls. @@ -218,16 +217,7 @@ public class AuthenticationSession implements Serializable { */ private String pushInfobox; - // private AuthenticationData authData; - - // protocol selection - private String action; - private String modul; - - private String processInstanceId; - private boolean authenticated; - private boolean authenticatedUsed = false; private boolean ssoRequested = false; @@ -238,31 +228,7 @@ public class AuthenticationSession implements Serializable { private boolean isForeigner; private Map genericSessionDataStorate = new HashedMap(); - - public String getModul() { - return modul; - } - - public void setModul(String modul) { - this.modul = modul; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - public boolean isAuthenticatedUsed() { - return authenticatedUsed; - } - - public void setAuthenticatedUsed(boolean authenticatedUsed) { - this.authenticatedUsed = authenticatedUsed; - } - public boolean isAuthenticated() { return authenticated; } @@ -852,22 +818,6 @@ public class AuthenticationSession implements Serializable { return sessionCreated; } - /** - * Returns the identifier of the process instance associated with this moaid session. - * @return The process instance id (may be {@code null} if no process has been created yet). - */ - public String getProcessInstanceId() { - return processInstanceId; - } - - /** - * Sets the process instance identifier in order to associate a certain process instance with this moaid session. - * @param processInstanceId The process instance id. - */ - public void setProcessInstanceId(String processInstanceId) { - this.processInstanceId = processInstanceId; - } - public Map getGenericSessionDataStorage() { return genericSessionDataStorate; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 67ddd170a..a73fd6858 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -1,6 +1,12 @@ package at.gv.egovernment.moa.id.auth.modules; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -24,17 +30,23 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.lang3.ArrayUtils; +import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.storage.IExceptionStore; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,6 +57,13 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public abstract class AbstractAuthServletTask extends MoaIdTask { + @Autowired private StatisticLogger statisticLogger; + @Autowired private ITransactionStorage transactionStorage; + @Autowired protected IRequestStorage requestStoreage; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected AuthConfiguration authConfig; + protected static final String ERROR_CODE_PARAM = "errorid"; protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, @@ -66,11 +85,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { req.setAttribute("LogLevel", "debug"); } - - StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(exceptionThrown); - - + statisticLogger.logErrorOperation(exceptionThrown); + // forward this to errorpage-auth.jsp where the HTML error page is // generated ServletContext context = req.getServletContext(); @@ -132,31 +148,42 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown); } + - IExceptionStore store = DBExceptionStoreImpl.getStore(); - String id = store.storeException(exceptionThrown); - - if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { - - String redirectURL = null; - - redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id - + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - return; + try { + String key = Random.nextRandom(); + transactionStorage.put(key, exceptionThrown); - } else { + if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) { + String redirectURL = null; + + redirectURL = ServletUtils.getBaseUrl(req) + "/"; + redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + + "?" + ERROR_CODE_PARAM + "=" + key + + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - //Exception can not be stored in database + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + return; + + } else { + //Exception can not be stored in database + handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp); + } + + } catch (MOADatabaseException e) { + Logger.warn("Exception can not be stored to Database.", e); handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp); + } + + + + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java new file mode 100644 index 000000000..8b02a5bf6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules; + +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class BKUSelectionModuleImpl implements AuthModule { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + boolean performBKUSelection = false; + Object performBKUSelectionObj = context.get("performBKUSelection"); + if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) + performBKUSelection = (boolean) performBKUSelectionObj; + + if (performBKUSelection) + return "BKUSelectionProcess"; + + else + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml" }; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index 4a6ecd56a..f1ab58ee0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -44,9 +44,9 @@ import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -55,13 +55,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("CreateInterfedeartionRequestTask") public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -84,8 +84,8 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { boolean requiredLocalAuthentication = true; - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); String idpEntityID = (String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID); @@ -105,8 +105,10 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID); OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); + String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { - Logger.info("Requested interfederation IDP " + pendingReq.getRequestedIDP() + " is not valid for interfederation."); + Logger.info("Requested interfederation IDP " + requestedIDP + " is not valid for interfederation."); Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP()) + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed())); Logger.info("Switch to local authentication on this IDP ... "); @@ -252,18 +254,18 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { //build and send request without an error requiredLocalAuthentication = false; - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID()); } else { - Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() + Logger.warn("Requested IDP " + requestedIDP + " does not support POST or Redirect Binding."); } } else { - Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() + Logger.warn("Requested IDP " + requestedIDP + " is not found in InterFederation configuration"); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java new file mode 100644 index 000000000..fe3e8680c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -0,0 +1,119 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service("EvaluateBKUSelectionTask") +public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //load pending request + String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); + pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moaSession = null; + String moaSessionID = pendingReq.getMOASessionIdentifier(); + try { + moaSession = authenticatedSessionStorage.getSession(moaSessionID); + + if (moaSession == null) { + Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moaSessionID}); + + } + + // set parameter execution context + Enumeration reqParamNames = request.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName)) + executionContext.put(paramName, request.getParameter(paramName)); + + } + + Logger.info("BKU is selected finished -> Start BKU communication ..."); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moaSessionID}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + + + + } catch (MOAIDException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("EvaluateBKUSelectionTask has an internal error", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 712ebb731..ed309d85a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -34,10 +35,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("FinalizeAuthenticationTask") public class FinalizeAuthenticationTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -56,8 +57,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); @@ -66,7 +67,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { } //get Session from context - String moasessionid = (String) executionContext.get(PARAM_SESSIONID); + String moasessionid = pendingReq.getMOASessionIdentifier(); AuthenticationSession session = null; if (MiscUtil.isEmpty(moasessionid)) { Logger.warn("MOASessionID is empty."); @@ -74,9 +75,14 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { } try { - session = AuthenticationSessionStoreage.getSession(moasessionid); - AuthenticationSessionStoreage.changeSessionID(session); - + session = authenticatedSessionStorage.getSession(moasessionid); + if (session == null) { + Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { moasessionid }); + + } + + } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { moasessionid }); @@ -86,25 +92,25 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { throw new MOAIDException("auth.18", new Object[] {}); } finally { - executionContext.remove(PARAM_SESSIONID); + executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); } - - session.setAuthenticatedUsed(false); - session.setAuthenticated(true); - - String oldsessionID = session.getSessionID(); + //set MOASession to authenticated and store MOASession + session.setAuthenticated(true); + String newMOASessionID = authenticatedSessionStorage.changeSessionID(session); - //Session is implicte stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + //set pendingRequest to authenticated and set new MOASessionID + ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); + pendingReq.setAuthenticated(true); + requestStoreage.storePendingRequest(pendingReq); Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); - String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(pendingReq.requestedModule(), pendingReq.requestedAction(), pendingReq.getRequestID()), newMOASessionID); - + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), + AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); + response.setContentType("text/html"); response.setStatus(302); response.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java new file mode 100644 index 000000000..1bdc132d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -0,0 +1,102 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.io.PrintWriter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("GenerateBKUSelectionFrameTask") +public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + + } + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + + //load Parameters from OnlineApplicationConfiguration + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + + } + + //Build authentication form + String publicURLPreFix = pendingReq.getAuthURL(); + if (publicURLPreFix.endsWith("/")) + publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); + String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), + pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + + + } catch (MOAIDException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("FinalizeAuthenticationTask has an internal error", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java index f05ff07e9..77aab8ddb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext; * @author tlenz * */ +@Service("ReceiveInterfederationResponseTask") public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java new file mode 100644 index 000000000..d8b558846 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -0,0 +1,123 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessEngine; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("RestartAuthProzessManagement") +public class RestartAuthProzessManagement extends AbstractAuthServletTask { + + @Autowired ProcessEngine processEngine; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + + } + + //create a new execution context and copy all elements to new context + ExecutionContext newec = new ExecutionContextImpl(); + Set entries = executionContext.keySet(); + for (String key : entries) { + newec.put(key, executionContext.get(key)); + + } + + //remove BKU selection flag + newec.remove("performBKUSelection"); + + + Logger.debug("Swicht to specific authentication process after BKU is selected"); + + // select and create new process instance + String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); + if (processDefinitionId == null) { + Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID()); + throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() }); + } + + String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec); + + // keep process instance id in moa session + ((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId); + + // make sure pending request has been persisted before running the process + try { + requestStoreage.storePendingRequest(pendingReq); + + } catch (MOAIDException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() }); + + } + + Logger.info("BKU is selected -> Start BKU communication ..."); + + // start process + processEngine.start(processInstanceId); + + + } catch (MOAIDException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("RestartAuthProzessManagement has an internal error", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index e659c9447..8af8ed238 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.parser; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; @@ -54,8 +53,6 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String templateURL, String useMandate, String ccc, - String module, - String action, HttpServletRequest req, IRequest protocolReq) throws WrongParametersException, MOAIDException { @@ -129,7 +126,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!oaParam.getBusinessService()) { if (StringUtils.isEmpty(targetConfig) - || (module.equals("id_saml1") && + || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && !StringUtils.isEmpty(target)) ) { //INFO: ONLY SAML1 legacy mode @@ -278,25 +275,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ public static void parse(ExecutionContext ec, HttpServletRequest req, AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { - - - String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); - String action = request.requestedAction();//req.getParameter(PARAM_ACTION); - - modul = StringEscapeUtils.escapeHtml(modul); - action = StringEscapeUtils.escapeHtml(action); -// if(modul == null) { -// modul = SAML1Protocol.PATH; -// } -// -// if(action == null) { -// action = SAML1Protocol.GETARTIFACT; -// } - moasession.setModul(modul); - moasession.setAction(action); - + //get Parameters from request - String target = (String) ec.get(PARAM_TARGET); String oaURL = (String) ec.get(PARAM_OA); String bkuURL = (String) ec.get(PARAM_BKU); String templateURL = (String) ec.get(PARAM_TEMPLATE); @@ -312,9 +292,11 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } oaURL = request.getOAURL(); - target = request.getTarget(); + + //only needed for SAML1 + String target = request.getGenericData("target", String.class); - parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java new file mode 100644 index 000000000..26e24f5b4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -0,0 +1,238 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.IRequestStorage; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractController extends MOAIDAuthConstants { + + public static final String ERROR_CODE_PARAM = "errorid"; + + @Autowired protected StatisticLogger statisticLogger; + @Autowired protected IRequestStorage requestStorage; + @Autowired protected ITransactionStorage transactionStorage; + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected AuthConfiguration authConfig; + + + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { + + Throwable loggedException = null; + + if (exceptionThrown != null + && exceptionThrown instanceof ProcessExecutionException) { + ProcessExecutionException procExc = + (ProcessExecutionException) exceptionThrown; + if (procExc.getCause() != null && + procExc.getCause() instanceof TaskExecutionException) { + TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); + loggedException = taskExc.getOriginalException(); + + } + } + + if (loggedException == null) + loggedException = exceptionThrown; + + + if (!(loggedException instanceof MOAIDException)) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.error(loggedException.getMessage(), loggedException); + + } else { + Logger.error(loggedException.getMessage()); + + } + } + + //store error into transaction store + try { + String key = Random.nextRandom(); + transactionStorage.put(key, exceptionThrown); + + if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) { + String redirectURL = null; + + redirectURL = ServletUtils.getBaseUrl(req); + redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + + "?" + ERROR_CODE_PARAM + "=" + key + + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + return; + + } else { + //Exception can not be stored in database + handleErrorNoRedirect(loggedException, req, resp); + + } + + } catch (MOADatabaseException e) { + Logger.warn("Exception can not be stored to Database.", e); + handleErrorNoRedirect(loggedException, req, resp); + + } + + + } + + + /** + * Handles all exceptions with no pending request. + * Therefore, the error is written to the users browser + * + * @param throwable + * @param req + * @param resp + * @throws IOException + */ + protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp) throws IOException { + + //log Exception into statistic database + statisticLogger.logErrorOperation(throwable); + + //write errror to console + Logger.error(throwable.getMessage(), throwable); + + //return error to Web browser + if (throwable instanceof MOAIDException) + MOAIDExceptionHandler(req, resp, (MOAIDException)throwable); + + else + GenericExceptionHandler(req, resp, (Exception)throwable); + } + + @ExceptionHandler({MOAIDException.class}) + public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException { + if (e instanceof ProtocolNotActiveException) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + return; + + } else if (e instanceof AuthnRequestValidatorException) { + AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; + //log Error Message + statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); + return; + + } else if (e instanceof InvalidProtocolRequestException) { + //write log entry + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //send error response + ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); + String code = utils.mapInternalErrorToExternalError(e.getMessageId()); + String descr = e.getMessage(); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + + "(Errorcode=" + code + + " | Description=" + descr + ")"); + return; + } else if (e instanceof ConfigurationException) { + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + + "(Errorcode=9199" + +" | Description="+ e.getMessage() + ")"); + return; + + //TODO: check exception type + } else if (e instanceof MOAIDException) { + String samlRequest = req.getParameter("SAMLRequest"); + if (MiscUtil.isNotEmpty(samlRequest)) + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + else + Logger.error("Failed to generate a valid protocol request!"); + + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + + "(Errorcode=6000" + +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); + return; + + } + + } + + @ExceptionHandler({Exception.class}) + public void GenericExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception exception) throws IOException { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + + "(Errorcode=9199" + +" | Description="+ exception.getMessage() + ")"); + return; + + } + + @ExceptionHandler({IOException.class}) + public void IOExceptionHandler(HttpServletRequest req, HttpServletResponse resp, IOException exception) { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + return; + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java new file mode 100644 index 000000000..375afca4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.ProcessEngine; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Servlet that resumes a suspended process (in case of asynchronous tasks). + * + * @author tknall + * + */ +public abstract class AbstractProcessEngineSignalController extends AbstractController { + + @Autowired ProcessEngine processEngine; + + protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); + + try { + if (pendingRequestID == null) { + throw new IllegalStateException("Unable to determine MOA pending-request id."); + } + + IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //add transactionID and unique sessionID to Logger + TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); + TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); + + // process instance is mandatory + if (pendingReq.getProcessInstanceId() == null) { + throw new IllegalStateException("MOA session does not provide process instance id."); + } + + // wake up next task + processEngine.signal(pendingReq.getProcessInstanceId()); + + } catch (Exception ex) { + handleError(null, ex, req, resp, pendingRequestID); + + } finally { + //MOASessionDBUtils.closeSession(); + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + + } + + /** + * Retrieves the current pending-request id from the HttpServletRequest parameter + * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}. + *

+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the + * respective pending-request id. + * + * @param request + * The unterlying HttpServletRequest. + * @return The current pending-request id. + */ + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index fe24d45dd..fb6c71846 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -1,507 +1,378 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileItemFactory; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.disk.DiskFileItemFactory; -import org.apache.commons.fileupload.servlet.ServletFileUpload; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.NoSuchBeanDefinitionException; -import org.springframework.beans.factory.NoUniqueBeanDefinitionException; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.storage.IExceptionStore; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.URLDecoder; - -/** - * Base class for MOA-ID Auth Servlets, providing standard error handling and - * constant names. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthServlet extends HttpServlet { - - /** - * - */ - private static final long serialVersionUID = -6929905344382283738L; - - protected static final String ERROR_CODE_PARAM = "errorid"; - - /** - * The process engine. - */ - private ProcessEngine processEngine; - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - Logger.debug("GET " + this.getServletName()); - - this.setNoCachingHeadersInHttpRespone(req, resp); - } - - protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp) { - - if (null != errorMessage) { - Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage); - } - - if (null != exceptionThrown) { - if (null == errorMessage) - errorMessage = exceptionThrown.getMessage(); - Logger.error(errorMessage, exceptionThrown); - req.setAttribute("ExceptionThrown", exceptionThrown); - } - - if (Logger.isDebugEnabled()) { - req.setAttribute("LogLevel", "debug"); - } - - - StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(exceptionThrown); - - - // forward this to errorpage-auth.jsp where the HTML error page is - // generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context - .getRequestDispatcher("/errorpage-auth.jsp"); - try { - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, - MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, - MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Handles an error.
> - *

    - *
  • Logs the error
    • - *
  • Places error message and exception thrown into the request as request - * attributes (to be used by "/errorpage-auth.jsp")
    • - *
  • Sets HTTP status 500 (internal server error)
    • - *
- * - * @param errorMessage - * error message - * @param exceptionThrown - * exception thrown - * @param req - * servlet request - * @param resp - * servlet response - */ - protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { - - Throwable loggedException = null; - - if (exceptionThrown != null - && exceptionThrown instanceof ProcessExecutionException) { - ProcessExecutionException procExc = - (ProcessExecutionException) exceptionThrown; - if (procExc.getCause() != null && - procExc.getCause() instanceof TaskExecutionException) { - TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); - loggedException = taskExc.getOriginalException(); - - } - } - - if (loggedException == null) - loggedException = exceptionThrown; - - - if (!(loggedException instanceof MOAIDException)) { - Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); - - } else { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { - Logger.error(loggedException.getMessage(), loggedException); - - } else { - Logger.error(loggedException.getMessage()); - - } - } - - IExceptionStore store = DBExceptionStoreImpl.getStore(); - String id = store.storeException(loggedException); - - if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { - - String redirectURL = null; - - redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id - + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - return; - - } else { - - //Exception can not be stored in database - handleErrorNoRedirect(errorMessage, loggedException, req, resp); - } - } - - /** - * Handles a WrongParametersException. - * - * @param req - * servlet request - * @param resp - * servlet response - */ - protected void handleWrongParameters(WrongParametersException ex, - HttpServletRequest req, HttpServletResponse resp) { - Logger.error(ex.toString()); - req.setAttribute("WrongParameters", ex.getMessage()); - - // forward this to errorpage-auth.jsp where the HTML error page is - // generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context - .getRequestDispatcher("/errorpage-auth.jsp"); - try { - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, - MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, - MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Logs all servlet parameters for debugging purposes. - */ - protected void logParameters(HttpServletRequest req) { - for (Enumeration params = req.getParameterNames(); params - .hasMoreElements();) { - String parname = (String) params.nextElement(); - Logger.debug("Parameter " + parname + req.getParameter(parname)); - } - } - - /** - * Parses the request input stream for parameters, assuming parameters are - * encoded UTF-8 (no standard exists how browsers should encode them). - * - * @param req - * servlet request - * - * @return mapping parameter name -> value - * - * @throws IOException - * if parsing request parameters fails. - * - * @throws FileUploadException - * if parsing request parameters fails. - */ - protected Map getParameters(HttpServletRequest req) throws IOException, - FileUploadException { - - Map parameters = new HashMap(); - - if (ServletFileUpload.isMultipartContent(req)) { - // request is encoded as mulitpart/form-data - FileItemFactory factory = new DiskFileItemFactory(); - ServletFileUpload upload = null; - upload = new ServletFileUpload(factory); - List items = null; - items = upload.parseRequest(req); - for (int i = 0; i < items.size(); i++) { - FileItem item = (FileItem) items.get(i); - if (item.isFormField()) { - // Process only form fields - no file upload items - String logString = item.getString("UTF-8"); - - // TODO use RegExp - String startS = ""; - String endS = "urn:publicid:gv.at:baseid"; - String logWithMaskedBaseid = logString; - int start = logString.indexOf(startS); - if (start > -1) { - int end = logString.indexOf(endS); - if (end > -1) { - logWithMaskedBaseid = logString.substring(0, start); - logWithMaskedBaseid += startS; - logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; - logWithMaskedBaseid += logString.substring(end, - logString.length()); - } - } - parameters - .put(item.getFieldName(), item.getString("UTF-8")); - Logger.debug("Processed multipart/form-data request parameter: \nName: " - + item.getFieldName() - + "\nValue: " - + logWithMaskedBaseid); - } - } - } - - else { - // request is encoded as application/x-www-urlencoded - InputStream in = req.getInputStream(); - - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, - "UTF-8"); - parameters.put(paramName, paramValue); - } - } while (paramName.length() > 0); - in.close(); - } - - return parameters; - } - - /** - * Reads bytes up to a delimiter, consuming the delimiter. - * - * @param in - * input stream - * @param delimiter - * delimiter character - * @return String constructed from the read bytes - * @throws IOException - */ - protected String readBytesUpTo(InputStream in, char delimiter) - throws IOException { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - boolean done = false; - int b; - while (!done && (b = in.read()) >= 0) { - if (b == delimiter) - done = true; - else - bout.write(b); - } - return bout.toString(); - } - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - super.init(servletConfig); - } - - -// public void contextDestroyed(ServletContextEvent arg0) { -// Security.removeProvider((new IAIK()).getName()); -// Security.removeProvider((new ECCProvider()).getName()); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +// +//import javax.servlet.RequestDispatcher; +//import javax.servlet.ServletConfig; +//import javax.servlet.ServletContext; +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServlet; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.springframework.beans.BeansException; +//import org.springframework.beans.factory.NoSuchBeanDefinitionException; +//import org.springframework.beans.factory.NoUniqueBeanDefinitionException; +//import org.springframework.web.context.WebApplicationContext; +//import org.springframework.web.context.support.WebApplicationContextUtils; +// +//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.process.ProcessEngine; +//import at.gv.egovernment.moa.id.process.ProcessExecutionException; +//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; +//import at.gv.egovernment.moa.id.storage.IExceptionStore; +//import at.gv.egovernment.moa.id.util.ServletUtils; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +///** +// * Base class for MOA-ID Auth Servlets, providing standard error handling and +// * constant names. +// * +// * @author Paul Ivancsics +// * @version $Id$ +// */ +//public class AuthServlet extends HttpServlet { +// +// /** +// * +// */ +// private static final long serialVersionUID = -6929905344382283738L; +// +// protected static final String ERROR_CODE_PARAM = "errorid"; +// +// /** +// * The process engine. +// */ +// private ProcessEngine processEngine; +// +// @Override +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// Logger.debug("GET " + this.getServletName()); +// +// this.setNoCachingHeadersInHttpRespone(req, resp); // } - - /** - * Set response headers to avoid caching - * - * @param request - * HttpServletRequest - * @param response - * HttpServletResponse - */ - protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, - HttpServletResponse response) { - response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, - MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, - MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, - MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - } - - /** - * Adds a parameter to a URL. - * - * @param url - * the URL - * @param paramname - * parameter name - * @param paramvalue - * parameter value - * @return the URL with parameter added - */ - protected static String addURLParameter(String url, String paramname, - String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - - /** - * Checks if HTTP requests are allowed - * - * @param authURL - * requestURL - * @throws AuthenticationException - * if HTTP requests are not allowed - * @throws ConfigurationException - */ - protected void checkIfHTTPisAllowed(String authURL) - throws AuthenticationException, ConfigurationException { - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - - //Removed from MOA-ID 2.0 config -// String boolStr = AuthConfigurationProvider -// .getInstance() -// .getGenericConfigurationParameter( -// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - //&& (false == BoolUtils.valueOf(boolStr)) - ) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - - } - - - /** - * Returns the underlying process engine instance. - * - * @return The process engine (never {@code null}). - * @throws NoSuchBeanDefinitionException - * if no {@link ProcessEngine} bean was found. - * @throws NoUniqueBeanDefinitionException - * if more than one {@link ProcessEngine} bean was found. - * @throws BeansException - * if a problem getting the {@link ProcessEngine} bean occurred. - * @throws IllegalStateException - * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a - * Spring web environment. - */ - public synchronized ProcessEngine getProcessEngine() { - if (processEngine == null) { - WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); - if (ctx == null) { - throw new IllegalStateException( - "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); - } - processEngine = ctx.getBean(ProcessEngine.class); - } - return processEngine; - } - -} +// +// protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, +// HttpServletRequest req, HttpServletResponse resp) { +// +// if (null != errorMessage) { +// Logger.error(errorMessage); +// req.setAttribute("ErrorMessage", errorMessage); +// } +// +// if (null != exceptionThrown) { +// if (null == errorMessage) +// errorMessage = exceptionThrown.getMessage(); +// Logger.error(errorMessage, exceptionThrown); +// req.setAttribute("ExceptionThrown", exceptionThrown); +// } +// +// if (Logger.isDebugEnabled()) { +// req.setAttribute("LogLevel", "debug"); +// } +// +// +// StatisticLogger logger = StatisticLogger.getInstance(); +// logger.logErrorOperation(exceptionThrown); +// +// +// // forward this to errorpage-auth.jsp where the HTML error page is +// // generated +// ServletContext context = getServletContext(); +// RequestDispatcher dispatcher = context +// .getRequestDispatcher("/errorpage-auth.jsp"); +// try { +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +// MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +// MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// dispatcher.forward(req, resp); +// } catch (ServletException e) { +// Logger.error(e); +// } catch (IOException e) { +// Logger.error(e); +// } +// } +// +// /** +// * Handles an error.
> +// *
    +// *
  • Logs the error
    • +// *
  • Places error message and exception thrown into the request as request +// * attributes (to be used by "/errorpage-auth.jsp")
    • +// *
  • Sets HTTP status 500 (internal server error)
    • +// *
+// * +// * @param errorMessage +// * error message +// * @param exceptionThrown +// * exception thrown +// * @param req +// * servlet request +// * @param resp +// * servlet response +// */ +// protected void handleError(String errorMessage, Throwable exceptionThrown, +// HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { +// +// Throwable loggedException = null; +// +// if (exceptionThrown != null +// && exceptionThrown instanceof ProcessExecutionException) { +// ProcessExecutionException procExc = +// (ProcessExecutionException) exceptionThrown; +// if (procExc.getCause() != null && +// procExc.getCause() instanceof TaskExecutionException) { +// TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); +// loggedException = taskExc.getOriginalException(); +// +// } +// } +// +// if (loggedException == null) +// loggedException = exceptionThrown; +// +// +// if (!(loggedException instanceof MOAIDException)) { +// Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); +// +// } else { +// if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { +// Logger.error(loggedException.getMessage(), loggedException); +// +// } else { +// Logger.error(loggedException.getMessage()); +// +// } +// } +// +// IExceptionStore store = DBExceptionStoreImpl.getStore(); +// String id = store.storeException(loggedException); +// +// if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { +// +// String redirectURL = null; +// +// redirectURL = ServletUtils.getBaseUrl(req); +// +// //TODO: DEVELOPMENT +//// redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id +//// + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// return; +// +// } else { +// +// //Exception can not be stored in database +// handleErrorNoRedirect(errorMessage, loggedException, req, resp); +// } +// } +// +// /** +// * Handles a WrongParametersException. +// * +// * @param req +// * servlet request +// * @param resp +// * servlet response +// */ +// protected void handleWrongParameters(WrongParametersException ex, +// HttpServletRequest req, HttpServletResponse resp) { +// Logger.error(ex.toString()); +// req.setAttribute("WrongParameters", ex.getMessage()); +// +// // forward this to errorpage-auth.jsp where the HTML error page is +// // generated +// ServletContext context = getServletContext(); +// RequestDispatcher dispatcher = context +// .getRequestDispatcher("/errorpage-auth.jsp"); +// try { +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +// MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +// MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// dispatcher.forward(req, resp); +// } catch (ServletException e) { +// Logger.error(e); +// } catch (IOException e) { +// Logger.error(e); +// } +// } +// +// +// /** +// * Calls the web application initializer. +// * +// * @see javax.servlet.Servlet#init(ServletConfig) +// */ +// public void init(ServletConfig servletConfig) throws ServletException { +// super.init(servletConfig); +// } +// +// +// /** +// * Set response headers to avoid caching +// * +// * @param request +// * HttpServletRequest +// * @param response +// * HttpServletResponse +// */ +// protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, +// HttpServletResponse response) { +// response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +// MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +// MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// } +// +// /** +// * Adds a parameter to a URL. +// * +// * @param url +// * the URL +// * @param paramname +// * parameter name +// * @param paramvalue +// * parameter value +// * @return the URL with parameter added +// */ +// protected static String addURLParameter(String url, String paramname, +// String paramvalue) { +// String param = paramname + "=" + paramvalue; +// if (url.indexOf("?") < 0) +// return url + "?" + param; +// else +// return url + "&" + param; +// } +// +// /** +// * Checks if HTTP requests are allowed +// * +// * @param authURL +// * requestURL +// * @throws AuthenticationException +// * if HTTP requests are not allowed +// * @throws ConfigurationException +// */ +// protected void checkIfHTTPisAllowed(String authURL) +// throws AuthenticationException, ConfigurationException { +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// +// //Removed from MOA-ID 2.0 config +//// String boolStr = AuthConfigurationProvider +//// .getInstance() +//// .getGenericConfigurationParameter( +//// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// //&& (false == BoolUtils.valueOf(boolStr)) +// ) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// +// } +// +// +// /** +// * Returns the underlying process engine instance. +// * +// * @return The process engine (never {@code null}). +// * @throws NoSuchBeanDefinitionException +// * if no {@link ProcessEngine} bean was found. +// * @throws NoUniqueBeanDefinitionException +// * if more than one {@link ProcessEngine} bean was found. +// * @throws BeansException +// * if a problem getting the {@link ProcessEngine} bean occurred. +// * @throws IllegalStateException +// * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a +// * Spring web environment. +// */ +// public synchronized ProcessEngine getProcessEngine() { +// if (processEngine == null) { +// WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); +// if (ctx == null) { +// throw new IllegalStateException( +// "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); +// } +// processEngine = ctx.getBean(ProcessEngine.class); +// } +// return processEngine; +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java new file mode 100644 index 000000000..6bccd5b88 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -0,0 +1,51 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +/** + * @author tlenz + * + */ +@Controller +public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController { + + + @RequestMapping(value = {"/GenerateIframeTemplate", + "/SSOSendAssertionServlet", + "/signalProcess" + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 15d596049..663a14881 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -1,168 +1,168 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.util.Enumeration; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class GenerateIFrameTemplateServlet extends AuthServlet { - - private static final long serialVersionUID = 1L; - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request"); - - String pendingRequestID = null; - - try { - String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); - moasessionid = StringEscapeUtils.escapeHtml(moasessionid); - AuthenticationSession moasession = null; - try { - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); - moasession = AuthenticationSessionStoreage.getSession(moasessionid); - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { - moasessionid}); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - - - - ExecutionContext ec = new ExecutionContextImpl(); - // set execution context - Enumeration reqParamNames = req.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName)) - ec.put(paramName, req.getParameter(paramName)); - - } - - ec.put("pendingRequestID", pendingRequestID); - ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid); - -// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); -// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); -// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); -// ec.put("ccc", moasession.getCcc()); -// ec.put("useMandate", moasession.getUseMandate()); -// ec.put("bkuURL", moasession.getBkuURL()); - - // select and create process instance - String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); - if (processDefinitionId == null) { - Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); - throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); - } - - String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); - - // keep process instance id in moa session - moasession.setProcessInstanceId(processInstanceId); - - // make sure moa session has been persisted before running the process - try { - AuthenticationSessionStoreage.storeSession(moasession); - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); - } - - Logger.info("BKU is selected -> Start BKU communication ..."); - - // start process - getProcessEngine().start(processInstanceId); - - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } catch (ProcessExecutionException e) { - Throwable cause = e.getCause(); - if (cause != null && cause instanceof TaskExecutionException) { - Throwable taskCause = cause.getCause(); - if (taskCause != null && taskCause instanceof WrongParametersException) { - WrongParametersException internalEx = (WrongParametersException) taskCause; - handleWrongParameters(internalEx, req, resp); - return; - - } else if (taskCause != null && taskCause instanceof MOAIDException) { - MOAIDException moaTaskCause = (MOAIDException) taskCause; - handleError(null, moaTaskCause, req, resp, pendingRequestID); - return; - - } - } - - Logger.error("BKUSelectionServlet has an interal Error.", e); - - } catch (Exception e) { - Logger.error("BKUSelectionServlet has an interal Error.", e); - - } - - finally { - - } - } - - - - - - - - - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +//import java.util.Enumeration; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +//import at.gv.egovernment.moa.id.process.ProcessExecutionException; +//import at.gv.egovernment.moa.id.process.api.ExecutionContext; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class GenerateIFrameTemplateServlet extends AuthServlet { +// +// private static final long serialVersionUID = 1L; +// +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request"); +// +// String pendingRequestID = null; +// +// try { +// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasessionid = StringEscapeUtils.escapeHtml(moasessionid); +// AuthenticationSession moasession = null; +// try { +// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); +// moasession = AuthenticationSessionStoreage.getSession(moasessionid); +// +// } catch (MOADatabaseException e) { +// Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); +// throw new MOAIDException("init.04", new Object[] { +// moasessionid}); +// +// } catch (Throwable e) { +// Logger.info("No HTTP Session found!"); +// throw new MOAIDException("auth.18", new Object[] {}); +// } +// +// +// +// ExecutionContext ec = new ExecutionContextImpl(); +// // set execution context +// Enumeration reqParamNames = req.getParameterNames(); +// while(reqParamNames.hasMoreElements()) { +// String paramName = reqParamNames.nextElement(); +// if (MiscUtil.isNotEmpty(paramName)) +// ec.put(paramName, req.getParameter(paramName)); +// +// } +// +// ec.put("pendingRequestID", pendingRequestID); +// ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid); +// +//// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); +//// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); +//// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); +//// ec.put("ccc", moasession.getCcc()); +//// ec.put("useMandate", moasession.getUseMandate()); +//// ec.put("bkuURL", moasession.getBkuURL()); +// +// // select and create process instance +// String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); +// if (processDefinitionId == null) { +// Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); +// throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); +// } +// +// String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); +// +// // keep process instance id in moa session +// moasession.setProcessInstanceId(processInstanceId); +// +// // make sure moa session has been persisted before running the process +// try { +// AuthenticationSessionStoreage.storeSession(moasession); +// } catch (MOADatabaseException e) { +// Logger.error("Database Error! MOASession is not stored!"); +// throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); +// } +// +// Logger.info("BKU is selected -> Start BKU communication ..."); +// +// // start process +// getProcessEngine().start(processInstanceId); +// +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// +// catch (MOAIDException ex) { +// handleError(null, ex, req, resp, pendingRequestID); +// +// } catch (ProcessExecutionException e) { +// Throwable cause = e.getCause(); +// if (cause != null && cause instanceof TaskExecutionException) { +// Throwable taskCause = cause.getCause(); +// if (taskCause != null && taskCause instanceof WrongParametersException) { +// WrongParametersException internalEx = (WrongParametersException) taskCause; +// handleWrongParameters(internalEx, req, resp); +// return; +// +// } else if (taskCause != null && taskCause instanceof MOAIDException) { +// MOAIDException moaTaskCause = (MOAIDException) taskCause; +// handleError(null, moaTaskCause, req, resp, pendingRequestID); +// return; +// +// } +// } +// +// Logger.error("BKUSelectionServlet has an interal Error.", e); +// +// } catch (Exception e) { +// Logger.error("BKUSelectionServlet has an interal Error.", e); +// +// } +// +// finally { +// +// } +// } +// +// +// +// +// +// +// +// +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index fe5cd1ac0..48292cee1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -43,8 +45,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -56,10 +57,13 @@ import at.gv.egovernment.moa.util.URLEncoder; * @author tlenz * */ -public class IDPSingleLogOutServlet extends AuthServlet { +@Controller +public class IDPSingleLogOutServlet extends AbstractController { - private static final long serialVersionUID = -1301786072691577221L; - + @Autowired SSOManager ssoManager; + @Autowired AuthenticationManager authManager; + @Autowired IAuthenticationSessionStoreage authenicationStorage; + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("receive IDP SingleLogOut Request"); @@ -79,9 +83,8 @@ public class IDPSingleLogOutServlet extends AuthServlet { return; } - - SSOManager ssomanager = SSOManager.getInstance(); - String ssoid = ssomanager.getSSOSessionID(req); + + String ssoid = ssoManager.getSSOSessionID(req); Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); @@ -91,9 +94,9 @@ public class IDPSingleLogOutServlet extends AuthServlet { if (tokkenObj != null && tokkenObj instanceof String) { tokken = (String) tokkenObj; try { - status = AssertionStorage.getInstance().get(tokken, String.class); + status = transactionStorage.get(tokken, String.class); if (MiscUtil.isNotEmpty(status)) { - AssertionStorage.getInstance().remove(tokken); + transactionStorage.remove(tokken); } VelocityContext context = new VelocityContext(); @@ -104,13 +107,13 @@ public class IDPSingleLogOutServlet extends AuthServlet { context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssomanager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { - handleErrorNoRedirect(e.getMessage(), e, req, resp); + handleErrorNoRedirect(e, req, resp); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e.getMessage(), e, req, resp); + handleErrorNoRedirect(e, req, resp); } @@ -118,16 +121,14 @@ public class IDPSingleLogOutServlet extends AuthServlet { } else if (MiscUtil.isNotEmpty(ssoid)) { try { - if (ssomanager.isValidSSOSession(ssoid, null)) { + if (ssoManager.isValidSSOSession(ssoid, null)) { - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); + String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = AuthenticationSessionStoreage - .getSession(moaSessionID); + AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID); if(authSession != null) { - authmanager.performSingleLogOut(req, resp, authSession, authURL); + authManager.performSingleLogOut(req, resp, authSession, authURL); return; } @@ -147,7 +148,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { if (MiscUtil.isNotEmpty(restartProcess)) { Logger.info("Restart Single LogOut process after timeout ... "); try { - SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class); + SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer.hasFrontChannelOA()) sloContainer.putFailedOA("differntent OAs"); @@ -171,13 +172,13 @@ public class IDPSingleLogOutServlet extends AuthServlet { else statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; - AssertionStorage.getInstance().put(artifact, statusCode); - redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); + transactionStorage.put(artifact, statusCode); + redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } - //redirect to Redirect Servlet - String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); + //redirect to Redirect Servlet + String url = authURL + "/RedirectServlet"; + url = HTTPUtils.addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); url = resp.encodeRedirectURL(url); resp.setContentType("text/html"); @@ -205,10 +206,11 @@ public class IDPSingleLogOutServlet extends AuthServlet { MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); try { - ssomanager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { e.printStackTrace(); + } return; } @@ -218,10 +220,11 @@ public class IDPSingleLogOutServlet extends AuthServlet { context.put("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); try { - ssomanager.printSingleLogOutInfo(context, resp); + ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { e.printStackTrace(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index a5504ec4c..4ed276814 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -51,6 +51,7 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -58,9 +59,8 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -70,14 +70,16 @@ import at.gv.egovernment.moa.util.MiscUtil; public class LogOutServlet { private static final String REDIRECT_URL = "redirect"; + @Autowired private SSOManager ssomanager; + @Autowired private AuthenticationManager authmanager; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; + @RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET}) public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { Logger.debug("receive LogOut Request"); String redirectUrl = (String) req.getParameter(REDIRECT_URL); - - SSOManager ssomanager = SSOManager.getInstance(); - + try { //get SSO token from request String ssoid = ssomanager.getSSOSessionID(req); @@ -103,15 +105,13 @@ public class LogOutServlet { //TODO: Single LogOut Implementation //delete SSO session and MOA session - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); - - RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); - + String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid); authmanager.performOnlyIDPLogOut(req, resp, moasessionid); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); } else { Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); + } //Remove SSO token diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java deleted file mode 100644 index f3e3ae8a4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ /dev/null @@ -1,122 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.logging.Logger; - -/** - * Servlet that resumes a suspended process (in case of asynchronous tasks). - * - * @author tknall - * - */ -public class ProcessEngineSignalServlet extends AuthServlet { - - private static final long serialVersionUID = 1L; - - /** - * Sets response headers that prevent caching (code taken from {@link AuthServlet}). - * - * @param resp - * The HttpServletResponse. - */ - private void setNoCachingHeaders(HttpServletResponse resp) { - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - } - - /** - * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}. - */ - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - this.doPost(req, resp); - } - - /** - * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is - * retrieved from the MOA session referred to by the request parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}. - */ - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req)); - - setNoCachingHeaders(resp); - String pendingRequestID = null; - try { - - if (sessionID == null) { - throw new IllegalStateException("Unable to determine MOA session id."); - } - - // retrieve moa session - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID); - AuthenticationSession session = BaseAuthenticationServer.getSession(sessionID); - - //add transactionID and unique sessionID to Logger - if (extendedSessionInformation != null) - TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId()); - TransactionIDUtils.setTransactionId(pendingRequestID); - - // process instance is mandatory - if (session.getProcessInstanceId() == null) { - throw new IllegalStateException("MOA session does not provide process instance id."); - } - - // wake up next task - getProcessEngine().signal(session.getProcessInstanceId()); - - } catch (Exception ex) { - handleError(null, ex, req, resp, pendingRequestID); - - } finally { - //MOASessionDBUtils.closeSession(); - TransactionIDUtils.removeTransactionId(); - TransactionIDUtils.removeSessionId(); - - } - - } - - /** - * Retrieves the current MOA session id from the HttpServletRequest parameter - * {@link MOAIDAuthConstants#PARAM_SESSIONID}. - *

- * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the - * respective MOA session id. - * - * @param request - * The unterlying HttpServletRequest. - * @return The current MOA session id. - */ - public String getMoaSessionId(HttpServletRequest request) { - return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID)); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index a914659b0..ba8ace6c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -25,13 +25,16 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; - import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -42,18 +45,16 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; - -public class RedirectServlet extends AuthServlet{ - - private static final long serialVersionUID = 1L; +@Controller +public class RedirectServlet { public static final String REDIRCT_PARAM_URL = "redirecturl"; - private static final String DEFAULT_REDIRECTTARGET = "_parent"; + @Autowired SSOManager ssoManager; - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + @RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET) + public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); @@ -89,12 +90,12 @@ public class RedirectServlet extends AuthServlet{ if (MiscUtil.isNotEmpty(target)) { // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, // URLEncoder.encode(session.getTarget(), "UTF-8")); - url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, + url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(target, "UTF-8")); } - url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, + url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(artifact, "UTF-8")); url = resp.encodeRedirectURL(url); @@ -109,8 +110,7 @@ public class RedirectServlet extends AuthServlet{ } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service Logger.info("Receive an interfederation redirect request for IDP " + interIDP); - SSOManager sso = SSOManager.getInstance(); - sso.setInterfederationIDPCookie(req, resp, interIDP); + ssoManager.setInterfederationIDPCookie(req, resp, interIDP); Logger.debug("Redirect to " + url); url = resp.encodeRedirectURL(url); @@ -141,7 +141,7 @@ public class RedirectServlet extends AuthServlet{ } + } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java index 62ee1ed85..1d18ccb2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java @@ -28,9 +28,7 @@ package at.gv.egovernment.moa.id.auth.servlet; */ public class SAML2InterfederationSignalServlet extends - ProcessEngineSignalServlet { - - private static final long serialVersionUID = 8208970012249149156L; + AbstractProcessEngineSignalController { //TODO: getMOASessionID from SAML2 relayState diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 064431a6b..4c895e387 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -1,176 +1,177 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class SSOSendAssertionServlet extends AuthServlet{ - - private static final long serialVersionUID = 1L; - - private static final String PARAM = "value"; - private static final String MODULE = "mod"; - private static final String ACTION = "action"; - private static final String ID = "identifier"; - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - String id = null; - Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request"); - try { - - Object idObject = req.getParameter(ID); - - if (idObject != null && (idObject instanceof String)) { - id = (String) idObject; - } - - String value = req.getParameter(PARAM); - value = StringEscapeUtils.escapeHtml(value); - if (!ParamValidatorUtils.isValidUseMandate(value)) - throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); - - //get module and action - Object moduleObject = req.getParameter(MODULE); - String module = null; - if (moduleObject != null && (moduleObject instanceof String)) { - module = (String) moduleObject; - } - - - Object actionObject = req.getParameter(ACTION); - String action = null; - if (actionObject != null && (actionObject instanceof String)) { - action = (String) actionObject; - } - - if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { - Logger.warn("No Moduel or Action parameter received!"); - throw new WrongParametersException("Module or Action is empty", "", "auth.10"); - } - - - SSOManager ssomanager = SSOManager.getInstance(); - //get SSO Cookie for Request - String ssoId = ssomanager.getSSOSessionID(req); - - //check SSO session - if (ssoId != null) { - String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); - - if (correspondingMOASession != null) { - Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + - "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); - - - AuthenticationSessionStoreage.destroySession(correspondingMOASession); - - ssomanager.deleteSSOSessionID(req, resp); - } - } - - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); - - String moaSessionID = null; - - if (isValidSSOSession) { - - - //check UseMandate flag - String valueString = null;; - if ((value != null) && (value.compareTo("") != 0)) { - valueString = value; - } else { - valueString = "false"; - } - - if (valueString.compareToIgnoreCase("true") == 0) { - moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); - AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); - - //log event - //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - IRequest pendingReq = RequestStorage.getPendingRequest(id); - MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); - - String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), - ModulUtils.buildAuthURL(module, action, id), ""); - - resp.setContentType("text/html"); - resp.setStatus(302); - - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - } - - else { - throw new AuthenticationException("auth.21", new Object[] {}); - } - - } else { - handleError("SSO Session is not valid", null, req, resp, id); - } - - - } catch (MOADatabaseException e) { - handleError("SSO Session is not found", e, req, resp, id); - - } catch (WrongParametersException e) { - handleError("Parameter is not valid", e, req, resp, id); - - } catch (AuthenticationException e) { - handleError(e.getMessage(), e, req, resp, id); - - } catch (Exception e) { - Logger.error("SSOSendAssertion has an interal Error.", e); - } - - } - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.moduls.IRequest; +//import at.gv.egovernment.moa.id.moduls.RequestStorage; +//import at.gv.egovernment.moa.id.moduls.SSOManager; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class SSOSendAssertionServlet extends AuthServlet{ +// +// private static final long serialVersionUID = 1L; +// +// private static final String PARAM = "value"; +// private static final String MODULE = "mod"; +// private static final String ACTION = "action"; +// private static final String ID = "identifier"; +// +// protected void doPost(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// +// String id = null; +// Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request"); +// try { +// +// Object idObject = req.getParameter(ID); +// +// if (idObject != null && (idObject instanceof String)) { +// id = (String) idObject; +// } +// +// String value = req.getParameter(PARAM); +// value = StringEscapeUtils.escapeHtml(value); +// if (!ParamValidatorUtils.isValidUseMandate(value)) +// throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); +// +// //get module and action +// Object moduleObject = req.getParameter(MODULE); +// String module = null; +// if (moduleObject != null && (moduleObject instanceof String)) { +// module = (String) moduleObject; +// } +// +// +// Object actionObject = req.getParameter(ACTION); +// String action = null; +// if (actionObject != null && (actionObject instanceof String)) { +// action = (String) actionObject; +// } +// +// if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { +// Logger.warn("No Moduel or Action parameter received!"); +// throw new WrongParametersException("Module or Action is empty", "", "auth.10"); +// } +// +// +// SSOManager ssomanager = SSOManager.getInstance(); +// //get SSO Cookie for Request +// String ssoId = ssomanager.getSSOSessionID(req); +// +// //check SSO session +// if (ssoId != null) { +// String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); +// +// if (correspondingMOASession != null) { +// Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + +// "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); +// +// +// AuthenticationSessionStoreage.destroySession(correspondingMOASession); +// +// ssomanager.deleteSSOSessionID(req, resp); +// } +// } +// +// boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); +// +// String moaSessionID = null; +// +// if (isValidSSOSession) { +// +// +// //check UseMandate flag +// String valueString = null;; +// if ((value != null) && (value.compareTo("") != 0)) { +// valueString = value; +// } else { +// valueString = "false"; +// } +// +// if (valueString.compareToIgnoreCase("true") == 0) { +// moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); +// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); +// AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); +// +// //log event +// //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); +// IRequest pendingReq = RequestStorage.getPendingRequest(id); +// MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); +// +// //TODO: only for development!!!!!!! +//// String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), +//// ModulUtils.buildAuthURL(module, action, id), ""); +// +// String redirectURL = "Remove commants in Class:SSOSendAssertionServlet Line:141"; +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// } +// +// else { +// throw new AuthenticationException("auth.21", new Object[] {}); +// } +// +// } else { +// handleError("SSO Session is not valid", null, req, resp, id); +// } +// +// +// } catch (MOADatabaseException e) { +// handleError("SSO Session is not found", e, req, resp, id); +// +// } catch (WrongParametersException e) { +// handleError("Parameter is not valid", e, req, resp, id); +// +// } catch (AuthenticationException e) { +// handleError(e.getMessage(), e, req, resp, id); +// +// } catch (Exception e) { +// Logger.error("SSOSendAssertion has an interal Error.", e); +// } +// +// } +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index b68f42086..7f0a1c157 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -74,6 +74,8 @@ public interface IOAAuthParameters { public boolean isSTORKPVPGateway(); + public boolean isRemovePBKFromAuthBlock(); + /** * @return the identityLinkDomainIdentifier */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 386e04f45..171940063 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -486,4 +486,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ // TODO Auto-generated method stub return false; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock() + */ + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index d1c3401a1..c7f86c167 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,624 +1,624 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.entrypoints; - -import java.io.IOException; -import java.util.Iterator; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class DispatcherServlet extends AuthServlet{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - public static final String PARAM_TARGET_MODULE = "mod"; - public static final String PARAM_TARGET_ACTION = "action"; - public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; - -// @Override -// public void init(ServletConfig config) throws ServletException { -// try { -// super.init(config); -// MOAIDAuthInitializer.initialize(); -// Logger.info(MOAIDMessageProvider.getInstance().getMessage( -// "init.00", null)); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.entrypoints; +// +//import java.io.IOException; +//import java.util.Iterator; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +//import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +//import at.gv.egovernment.moa.id.data.IAuthData; +//import at.gv.egovernment.moa.id.data.SLOInformationInterface; +//import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +//import at.gv.egovernment.moa.id.moduls.IAction; +//import at.gv.egovernment.moa.id.moduls.IModulInfo; +//import at.gv.egovernment.moa.id.moduls.IRequest; +//import at.gv.egovernment.moa.id.moduls.ModulStorage; +//import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +//import at.gv.egovernment.moa.id.moduls.RequestStorage; +//import at.gv.egovernment.moa.id.moduls.SSOManager; +//import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; +//import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +//import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +//import at.gv.egovernment.moa.id.util.Random; +//import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class DispatcherServlet extends AuthServlet{ +// +// /** +// * +// */ +// private static final long serialVersionUID = 1L; +// +// public static final String PARAM_TARGET_MODULE = "mod"; +// public static final String PARAM_TARGET_ACTION = "action"; +// public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; +// +//// @Override +//// public void init(ServletConfig config) throws ServletException { +//// try { +//// super.init(config); +//// MOAIDAuthInitializer.initialize(); +//// Logger.info(MOAIDMessageProvider.getInstance().getMessage( +//// "init.00", null)); +//// +//// Logger.info("Dispatcher Servlet initialization finished."); +//// +//// } catch (Exception ex) { +//// Logger.fatal( +//// MOAIDMessageProvider.getInstance().getMessage("init.02", +//// null), ex); +//// +//// //throw new ServletException(ex); +//// +//// } +//// +//// } +// +// protected void processRequest(HttpServletRequest req, +// HttpServletResponse resp) throws ServletException, IOException { +// boolean isValidSSOSession = false; +// boolean useSSOOA = false; +// String protocolRequestID = null; // -// Logger.info("Dispatcher Servlet initialization finished."); +// try { +// Logger.debug("REQUEST: " + req.getRequestURI()); +// Logger.debug("QUERY : " + req.getQueryString()); +// +// +//// *** start of error handling *** +// +// String errorid = req.getParameter(ERROR_CODE_PARAM); +// if (errorid != null) { +// +// Throwable throwable = DBExceptionStoreImpl.getStore() +// .fetchException(errorid); +// DBExceptionStoreImpl.getStore().removeException(errorid); +// +// Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); +// +// //Map errorRequests = RequestStorage.getPendingRequest(req.getSession()); +// +// String pendingRequestID = null; +// if (idObject != null && (idObject instanceof String)) { +// pendingRequestID = (String) idObject; +// } +// +// if (throwable != null) { +// +// IRequest errorRequest = null; +// if (pendingRequestID != null) { +// errorRequest = RequestStorage.getPendingRequest(pendingRequestID); +// +// } +// +// if (errorRequest != null) { +// RequestStorage.removePendingRequest(pendingRequestID); +// MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); +// +// try { +// IModulInfo handlingModule = ModulStorage +// .getModuleByPath(errorRequest +// .requestedModule()); +// if (handlingModule != null) { +// +// if (handlingModule.generateErrorMessage( +// throwable, req, resp, errorRequest)) { +// +// //log Error Message +// StatisticLogger logger = StatisticLogger.getInstance(); +// logger.logErrorOperation(throwable, errorRequest); +// +// //remove MOASession +// AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); +// if (moaSession != null) +// AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +// +// return; +// +// } else { +// handleErrorNoRedirect(throwable.getMessage(), throwable, +// req, resp); +// +// } +// } +// +// } catch (Throwable e) { +// Logger.error(e); +// handleErrorNoRedirect(throwable.getMessage(), +// throwable, req, resp); +// } +// +// } else { +// handleErrorNoRedirect(throwable.getMessage(), throwable, +// req, resp); +// } +// +// } else +// handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null), +// null, req, resp); +// +// return; +// } +// +//// *** end of error handling *** +// +// +//// *** start of protocol specific stuff *** +// +// Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); +// String module = null; +// if (moduleObject != null && (moduleObject instanceof String)) { +// module = (String) moduleObject; +// } +// +// if (module == null) { +// module = (String) req.getAttribute(PARAM_TARGET_MODULE); +// } +// +// Object actionObject = req.getParameter(PARAM_TARGET_ACTION); +// String action = null; +// if (actionObject != null && (actionObject instanceof String)) { +// action = (String) actionObject; +// } +// +// if (action == null) { +// action = req.getParameter(PARAM_TARGET_ACTION); +// } +// +// Logger.debug("dispatching to " + module + " protocol " + action); +// +// IModulInfo info = ModulStorage.getModuleByPath(module); +// +// IAction moduleAction = null; +// +// if (info == null) { +// +// Iterator modules = ModulStorage.getAllModules() +// .iterator(); +// while (modules.hasNext()) { +// info = modules.next(); +// moduleAction = info.canHandleRequest(req, resp); +// if (moduleAction != null) { +// action = moduleAction.getDefaultActionName(); +// module = info.getPath(); +// break; +// } +// info = null; +// } +// +// if (moduleAction == null) { +// resp.sendError(HttpServletResponse.SC_NOT_FOUND); +// Logger.error("Protocol " + module +// + " has no module registered"); +// return; +// } +// } +// +// if (moduleAction == null) { +// moduleAction = info.getAction(action); +// +// if (moduleAction == null) { +// resp.sendError(HttpServletResponse.SC_NOT_FOUND); +// Logger.error("Action " + action + " is not available!"); +// return; +// } +// } +// +// //get SSO Cookie for Request +// SSOManager ssomanager = SSOManager.getInstance(); +// String ssoId = ssomanager.getSSOSessionID(req); // -// } catch (Exception ex) { -// Logger.fatal( -// MOAIDMessageProvider.getInstance().getMessage("init.02", -// null), ex); +// IRequest protocolRequest = null; +// String uniqueSessionIdentifier = null; // -// //throw new ServletException(ex); +// try { +// Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); +// +// if (idObject != null && (idObject instanceof String)) { +// +// protocolRequestID = (String) idObject; +// protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); +// +// //get IRequest if it exits +// if (protocolRequest != null) { +// Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); +// +// } else { +// Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); +// handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", +// null, req, resp); +// return; +// } +// } else { +// try { +// +// //load unique session identifier with SSO-sessionID +// uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); +// if (MiscUtil.isEmpty(uniqueSessionIdentifier)) +// uniqueSessionIdentifier = Random.nextRandom(); +// TransactionIDUtils.setSessionId(uniqueSessionIdentifier); +// +// //set transactionID to Logger +// protocolRequestID = Random.nextRandom(); +// TransactionIDUtils.setTransactionId(protocolRequestID); +// +// //log information for security and process reversion +// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); +// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID); +// MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr()); +// +// protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID); +// +// //request is a valid interfederation response +// if (protocolRequest != null && +// protocolRequest.getInterfederationResponse() != null ) { +// Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); +// +// //reload SP protocol implementation +// info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); +// moduleAction = info.getAction(protocolRequest.requestedAction()); +// +// //create interfederated MOASession +// String sessionID = +// AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); +// req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); +// +// Logger.info("PreProcessing of SSO interfederation response complete. "); +// +// //request is a not valid interfederation response +// } else if (protocolRequest != null && +// MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { +// +// OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); +// if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { +// // -> send end error to service provider +// Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() +// + " FAILED. Sending error message to service provider."); +// MOAIDException e = new MOAIDException("auth.27", new Object[]{}); +// IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); +// if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) +// handleErrorNoRedirect(e.getMessage(), e, req, +// resp); +// +// return; +// +// } else +// //-> Restart local authentication +// Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() +// + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); +// +// //request is a new authentication request +// } else if (protocolRequest != null && +// MiscUtil.isEmpty(protocolRequest.getRequestID())) { +// //Start new Authentication +// protocolRequest.setModule(module); +// +// //if preProcessing has not set a specific action from decoded request +// // then set the default action +// if (MiscUtil.isEmpty(protocolRequest.requestedAction())) +// protocolRequest.setAction(action); +// else +// moduleAction = info.getAction(protocolRequest.requestedAction()); +// +// protocolRequest.setRequestID(protocolRequestID); +// protocolRequest.setSessionIdentifier(uniqueSessionIdentifier); +// RequestStorage.setPendingRequest(protocolRequest); +// Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); +// +// +// } else { +// Logger.error("Failed to generate a valid protocol request!"); +// resp.setContentType("text/html;charset=UTF-8"); +// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); +// return; +// +// } +// +// } catch (ProtocolNotActiveException e) { +// resp.getWriter().write(e.getMessage()); +// resp.setContentType("text/html;charset=UTF-8"); +// resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); +// return; +// +// } catch (AuthnRequestValidatorException e) { +// //log Error Message +// StatisticLogger logger = StatisticLogger.getInstance(); +// logger.logErrorOperation(e, e.getErrorRequest()); +// +// //TODO: maybe add some error message handling??? +// +// return; +// +// }catch (InvalidProtocolRequestException e) { +// ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); +// String code = utils.mapInternalErrorToExternalError(e.getMessageId()); +// String descr = e.getMessage(); +// Logger.error("Protocol validation FAILED!"); +// resp.setContentType("text/html;charset=UTF-8"); +// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + +// "(Errorcode=" + code + +// " | Description=" + descr + ")"); +// return; +// } catch (ConfigurationException e) { +// resp.setContentType("text/html;charset=UTF-8"); +// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +// "(Errorcode=9199" +// +" | Description="+ e.getMessage() + ")"); +// return; +// +// } catch (MOAIDException e) { +// Logger.error("Failed to generate a valid protocol request!"); +// resp.setContentType("text/html;charset=UTF-8"); +// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +// "(Errorcode=6000" +// +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); +// return; +// +// } +// } +// +//// *** end of protocol specific stuff *** +// +// if (protocolRequest != null) +// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), +// protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule()); +// +//// *** start handling authentication *** +// +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// +// String moasessionID = null; +// String newSSOSessionId = null; +// AuthenticationSession moasession = null; +// IAuthData authData = null; +// +// boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); +// +// if (needAuthentication) { +// +// //check if interfederation IDP is requested +// ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); +// +// //check SSO session +// if (ssoId != null) { +// String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); +// +// if (correspondingMOASession != null) { +// Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + +// "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); +// +// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), +// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); +// +// AuthenticationSessionStoreage.destroySession(correspondingMOASession); +// ssomanager.deleteSSOSessionID(req, resp); +// } +// } +// +// //load Parameters from OnlineApplicationConfiguration +// OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() +// .getOnlineApplicationParameter(protocolRequest.getOAURL()); +// +// if (oaParam == null) { +// throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); +// } +// +// +// isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); +// useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); +// +// +// //if a legacy request is used SSO should not be allowed, actually +// boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); +// +// if (protocolRequest.isPassiv() +// && protocolRequest.forceAuth()) { +// // conflict! +// throw new NoPassivAuthenticationException(); +// } +// +// boolean tryperform = authmanager.tryPerformAuthentication( +// req, resp); +// +// if (tryperform) +// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), +// protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); +// else +// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), +// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL()); +// +// if (protocolRequest.forceAuth()) { +// if (!tryperform) { +// authmanager.doAuthentication(req, resp, +// protocolRequest); +// return; +// } +// } else if (protocolRequest.isPassiv()) { +// if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { +// // Passive authentication ok! +// } else { +// throw new NoPassivAuthenticationException(); +// } +// } else { +// if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { +// // Is authenticated .. proceed +// } else { +// // Start authentication! +// authmanager.doAuthentication(req, resp, +// protocolRequest); +// return; +// } +// } +// +// if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension +// { +// +// if (useSSOOA && isValidSSOSession) { +// +// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), +// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); +// +// moasessionID = ssomanager.getMOASession(ssoId); +// moasession = AuthenticationSessionStoreage.getSession(moasessionID); +// +// //use new OAParameter +// if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { +// authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); +// return; +// } +// +// } else { +// moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasession = AuthenticationSessionStoreage.getSession(moasessionID); +// +// } +// //save SSO session usage in Database +// if (useSSOOA) { +// newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); +// +// if (MiscUtil.isNotEmpty(newSSOSessionId)) { +// ssomanager.setSSOSessionID(req, resp, newSSOSessionId); +// +// } else { +// ssomanager.deleteSSOSessionID(req, resp); +// +// } +// } +// +// } else { +// moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); +// moasession = AuthenticationSessionStoreage.getSession(moasessionID); +// moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); +// +// } +// +// //build authenticationdata from session information and OA configuration +// authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); +// } +// +//// *** end handling authentication *** +// +//// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** +// +// SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); +// +// RequestStorage.removePendingRequest(protocolRequestID); +// +// if (needAuthentication) { +// boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA; +// +// if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension +// && !moasession.getUseMandate()) { +// +// try { +// //Store OA specific SSO session information +// AuthenticationSessionStoreage.addSSOInformation(moasessionID, +// newSSOSessionId, assertionID, protocolRequest); +// +// } catch (AuthenticationException e) { +// Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); +// +// authmanager.performOnlyIDPLogOut(req, resp, moasessionID); +// isSSOSession = false; +// } +// +// } else { +// authmanager.performOnlyIDPLogOut(req, resp, moasessionID); +// } +// +// //Advanced statistic logging +// StatisticLogger logger = StatisticLogger.getInstance(); +// logger.logSuccessOperation(protocolRequest, authData, isSSOSession); +// +// } +// +//// *** end finalizing authentication *** +// +// } catch (Throwable e) { +// Logger.warn("An authentication error occured: ", e);; +// // Try handle module specific, if not possible rethrow +// if (!info.generateErrorMessage(e, req, resp, protocolRequest)) +// handleErrorNoRedirect(e.getMessage(), e, req, +// resp); +// +// } // +// //log transaction_destroy to reversionslog +// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// +// } catch (MOAIDException ex) { +// handleError(null, ex, req, resp, protocolRequestID); +// +// } catch (Throwable e) { +// handleErrorNoRedirect(e.getMessage(), e, req, +// resp); // } // +// finally { +// +// +// TransactionIDUtils.removeTransactionId(); +// TransactionIDUtils.removeSessionId(); +// } +// +// Logger.debug("Clossing Dispatcher processing loop"); +// } +// +// @Override +// protected void doGet(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// processRequest(req, resp); +// } +// +// @Override +// protected void doPost(HttpServletRequest req, HttpServletResponse resp) +// throws ServletException, IOException { +// processRequest(req, resp); // } - - protected void processRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException { - boolean isValidSSOSession = false; - boolean useSSOOA = false; - String protocolRequestID = null; - - try { - Logger.debug("REQUEST: " + req.getRequestURI()); - Logger.debug("QUERY : " + req.getQueryString()); - - -// *** start of error handling *** - - String errorid = req.getParameter(ERROR_CODE_PARAM); - if (errorid != null) { - - Throwable throwable = DBExceptionStoreImpl.getStore() - .fetchException(errorid); - DBExceptionStoreImpl.getStore().removeException(errorid); - - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - - //Map errorRequests = RequestStorage.getPendingRequest(req.getSession()); - - String pendingRequestID = null; - if (idObject != null && (idObject instanceof String)) { - pendingRequestID = (String) idObject; - } - - if (throwable != null) { - - IRequest errorRequest = null; - if (pendingRequestID != null) { - errorRequest = RequestStorage.getPendingRequest(pendingRequestID); - - } - - if (errorRequest != null) { - RequestStorage.removePendingRequest(pendingRequestID); - MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); - - try { - IModulInfo handlingModule = ModulStorage - .getModuleByPath(errorRequest - .requestedModule()); - if (handlingModule != null) { - - if (handlingModule.generateErrorMessage( - throwable, req, resp, errorRequest)) { - - //log Error Message - StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(throwable, errorRequest); - - //remove MOASession - AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); - if (moaSession != null) - AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - return; - - } else { - handleErrorNoRedirect(throwable.getMessage(), throwable, - req, resp); - - } - } - - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(throwable.getMessage(), - throwable, req, resp); - } - - } else { - handleErrorNoRedirect(throwable.getMessage(), throwable, - req, resp); - } - - } else - handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null), - null, req, resp); - - return; - } - -// *** end of error handling *** - - -// *** start of protocol specific stuff *** - - Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); - String module = null; - if (moduleObject != null && (moduleObject instanceof String)) { - module = (String) moduleObject; - } - - if (module == null) { - module = (String) req.getAttribute(PARAM_TARGET_MODULE); - } - - Object actionObject = req.getParameter(PARAM_TARGET_ACTION); - String action = null; - if (actionObject != null && (actionObject instanceof String)) { - action = (String) actionObject; - } - - if (action == null) { - action = req.getParameter(PARAM_TARGET_ACTION); - } - - Logger.debug("dispatching to " + module + " protocol " + action); - - IModulInfo info = ModulStorage.getModuleByPath(module); - - IAction moduleAction = null; - - if (info == null) { - - Iterator modules = ModulStorage.getAllModules() - .iterator(); - while (modules.hasNext()) { - info = modules.next(); - moduleAction = info.canHandleRequest(req, resp); - if (moduleAction != null) { - action = moduleAction.getDefaultActionName(); - module = info.getPath(); - break; - } - info = null; - } - - if (moduleAction == null) { - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - Logger.error("Protocol " + module - + " has no module registered"); - return; - } - } - - if (moduleAction == null) { - moduleAction = info.getAction(action); - - if (moduleAction == null) { - resp.sendError(HttpServletResponse.SC_NOT_FOUND); - Logger.error("Action " + action + " is not available!"); - return; - } - } - - //get SSO Cookie for Request - SSOManager ssomanager = SSOManager.getInstance(); - String ssoId = ssomanager.getSSOSessionID(req); - - IRequest protocolRequest = null; - String uniqueSessionIdentifier = null; - - try { - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - - if (idObject != null && (idObject instanceof String)) { - - protocolRequestID = (String) idObject; - protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); - - //get IRequest if it exits - if (protocolRequest != null) { - Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); - - } else { - Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); - handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", - null, req, resp); - return; - } - } else { - try { - - //load unique session identifier with SSO-sessionID - uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); - if (MiscUtil.isEmpty(uniqueSessionIdentifier)) - uniqueSessionIdentifier = Random.nextRandom(); - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); - - //set transactionID to Logger - protocolRequestID = Random.nextRandom(); - TransactionIDUtils.setTransactionId(protocolRequestID); - - //log information for security and process reversion - MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); - MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID); - MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr()); - - protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID); - - //request is a valid interfederation response - if (protocolRequest != null && - protocolRequest.getInterfederationResponse() != null ) { - Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); - - //reload SP protocol implementation - info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); - moduleAction = info.getAction(protocolRequest.requestedAction()); - - //create interfederated MOASession - String sessionID = - AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); - req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); - - Logger.info("PreProcessing of SSO interfederation response complete. "); - - //request is a not valid interfederation response - } else if (protocolRequest != null && - MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { - - OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { - // -> send end error to service provider - Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() - + " FAILED. Sending error message to service provider."); - MOAIDException e = new MOAIDException("auth.27", new Object[]{}); - IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); - if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) - handleErrorNoRedirect(e.getMessage(), e, req, - resp); - - return; - - } else - //-> Restart local authentication - Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() - + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); - - //request is a new authentication request - } else if (protocolRequest != null && - MiscUtil.isEmpty(protocolRequest.getRequestID())) { - //Start new Authentication - protocolRequest.setModule(module); - - //if preProcessing has not set a specific action from decoded request - // then set the default action - if (MiscUtil.isEmpty(protocolRequest.requestedAction())) - protocolRequest.setAction(action); - else - moduleAction = info.getAction(protocolRequest.requestedAction()); - - protocolRequest.setRequestID(protocolRequestID); - protocolRequest.setSessionIdentifier(uniqueSessionIdentifier); - RequestStorage.setPendingRequest(protocolRequest); - Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - - - } else { - Logger.error("Failed to generate a valid protocol request!"); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); - return; - - } - - } catch (ProtocolNotActiveException e) { - resp.getWriter().write(e.getMessage()); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); - return; - - } catch (AuthnRequestValidatorException e) { - //log Error Message - StatisticLogger logger = StatisticLogger.getInstance(); - logger.logErrorOperation(e, e.getErrorRequest()); - - //TODO: maybe add some error message handling??? - - return; - - }catch (InvalidProtocolRequestException e) { - ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); - String code = utils.mapInternalErrorToExternalError(e.getMessageId()); - String descr = e.getMessage(); - Logger.error("Protocol validation FAILED!"); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + - "(Errorcode=" + code + - " | Description=" + descr + ")"); - return; - } catch (ConfigurationException e) { - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + - "(Errorcode=9199" - +" | Description="+ e.getMessage() + ")"); - return; - - } catch (MOAIDException e) { - Logger.error("Failed to generate a valid protocol request!"); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + - "(Errorcode=6000" - +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); - return; - - } - } - -// *** end of protocol specific stuff *** - - if (protocolRequest != null) - MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), - protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule()); - -// *** start handling authentication *** - - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - - String moasessionID = null; - String newSSOSessionId = null; - AuthenticationSession moasession = null; - IAuthData authData = null; - - boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); - - if (needAuthentication) { - - //check if interfederation IDP is requested - ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); - - //check SSO session - if (ssoId != null) { - String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); - - if (correspondingMOASession != null) { - Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + - "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); - - MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), - protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - - AuthenticationSessionStoreage.destroySession(correspondingMOASession); - ssomanager.deleteSSOSessionID(req, resp); - } - } - - //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(protocolRequest.getOAURL()); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); - } - - - isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); - useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - - //if a legacy request is used SSO should not be allowed, actually - boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); - - if (protocolRequest.isPassiv() - && protocolRequest.forceAuth()) { - // conflict! - throw new NoPassivAuthenticationException(); - } - - boolean tryperform = authmanager.tryPerformAuthentication( - req, resp); - - if (tryperform) - MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), - protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); - else - MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), - protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL()); - - if (protocolRequest.forceAuth()) { - if (!tryperform) { - authmanager.doAuthentication(req, resp, - protocolRequest); - return; - } - } else if (protocolRequest.isPassiv()) { - if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { - // Passive authentication ok! - } else { - throw new NoPassivAuthenticationException(); - } - } else { - if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { - // Is authenticated .. proceed - } else { - // Start authentication! - authmanager.doAuthentication(req, resp, - protocolRequest); - return; - } - } - - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension - { - - if (useSSOOA && isValidSSOSession) { - - MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), - protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); - - moasessionID = ssomanager.getMOASession(ssoId); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); - - //use new OAParameter - if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { - authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); - return; - } - - } else { - moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); - - } - //save SSO session usage in Database - if (useSSOOA) { - newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - - if (MiscUtil.isNotEmpty(newSSOSessionId)) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - - } - } - - } else { - moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); - moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); - - } - - //build authenticationdata from session information and OA configuration - authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); - } - -// *** end handling authentication *** - -// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** - - SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); - - RequestStorage.removePendingRequest(protocolRequestID); - - if (needAuthentication) { - boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA; - - if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension - && !moasession.getUseMandate()) { - - try { - //Store OA specific SSO session information - AuthenticationSessionStoreage.addSSOInformation(moasessionID, - newSSOSessionId, assertionID, protocolRequest); - - } catch (AuthenticationException e) { - Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); - - authmanager.performOnlyIDPLogOut(req, resp, moasessionID); - isSSOSession = false; - } - - } else { - authmanager.performOnlyIDPLogOut(req, resp, moasessionID); - } - - //Advanced statistic logging - StatisticLogger logger = StatisticLogger.getInstance(); - logger.logSuccessOperation(protocolRequest, authData, isSSOSession); - - } - -// *** end finalizing authentication *** - - } catch (Throwable e) { - Logger.warn("An authentication error occured: ", e);; - // Try handle module specific, if not possible rethrow - if (!info.generateErrorMessage(e, req, resp, protocolRequest)) - handleErrorNoRedirect(e.getMessage(), e, req, - resp); - - } - - //log transaction_destroy to reversionslog - MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); - - } catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - - } catch (MOAIDException ex) { - handleError(null, ex, req, resp, protocolRequestID); - - } catch (Throwable e) { - handleErrorNoRedirect(e.getMessage(), e, req, - resp); - } - - finally { - - - TransactionIDUtils.removeTransactionId(); - TransactionIDUtils.removeSessionId(); - } - - Logger.debug("Clossing Dispatcher processing loop"); - } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - processRequest(req, resp); - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - processRequest(req, resp); - } -} +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index c38bbc68f..b6df5e5c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; -import java.lang.reflect.InvocationTargetException; -import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; @@ -38,39 +36,21 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.VelocityContext; -import org.joda.time.DateTime; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.NameIDPolicy; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.RequestedAuthnContext; import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -78,93 +58,93 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; import at.gv.egovernment.moa.id.process.ProcessExecutionException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("MOAID_AuthenticationManager") public class AuthenticationManager extends MOAIDAuthConstants { - private static final AuthenticationManager INSTANCE = new AuthenticationManager(); public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; public static final int SLOTIMEOUT = 30 * 1000; //30 sec - @Autowired - private ProcessEngine processEngine; + @Autowired private ProcessEngine processEngine; + @Autowired private SSOManager ssoManager; + @Autowired private IRequestStorage requestStoreage; + @Autowired private ITransactionStorage transactionStorage; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; + @Autowired private MOAReversionLogger revisionsLogger; + @Autowired protected AuthConfiguration authConfig; - private AuthenticationManager() { - } - - public static AuthenticationManager getInstance() { - return INSTANCE; + public AuthenticationManager() { + } - + /** - * Checks if this request can authenticate a MOA Session + * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated + * + * @param protocolRequest Authentication request which is actually in process + * @param moaSession MOASession with authentication information or null if no MOASession exists * - * @param request - * @param response - * @return + * @return true if session is already authenticated, otherwise false + * @throws MOAIDException */ - public boolean tryPerformAuthentication(HttpServletRequest request, - HttpServletResponse response) { - - String sessionID = (String) request.getParameter(PARAM_SESSIONID); - if (sessionID != null) { - Logger.debug("Find MOASession: " + sessionID); - AuthenticationSession authSession; - try { - authSession = AuthenticationSessionStoreage.getSession(sessionID); - - if (authSession != null) { - Logger.info("MOASession found! A: " - + authSession.isAuthenticated() + ", AU " - + authSession.isAuthenticatedUsed()); - if (authSession.isAuthenticated() - && !authSession.isAuthenticatedUsed()) { - authSession.setAuthenticatedUsed(true); - - AuthenticationSessionStoreage.storeSession(authSession); - - return true; // got authenticated - } - } + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + + //if no MOASession exist -> authentication is required + if (moaSession == null) { + return false; - } catch (MOADatabaseException e) { - return false; - } catch (BuildException e) { + } else { + //if MOASession is Found but not authenticated --> authentication is required + if (!moaSession.isAuthenticated()) { return false; } + + //if MOASession is already authenticated and protocol-request is authenticated + // --> no authentication is required any more + else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + return true; + + // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest + } else if (!protocolRequest.isAuthenticated() + && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); + protocolRequest.setAuthenticated(true); + protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + return true; + + } + + // force authentication as backup solution + else { + Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); + return false; + + } } - return false; } public void performSingleLogOut(HttpServletRequest httpReq, @@ -193,11 +173,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - SSOManager ssomanager = SSOManager.getInstance(); - //store active OAs to SLOContaine - List dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session); - List dbIDPs = AuthenticationSessionStoreage.getAllActiveIDPsFromMOASession(session); + List dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); + List dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); SLOInformationContainer sloContainer = new SLOInformationContainer(); sloContainer.setSloRequest(pvpReq); sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer); @@ -205,8 +183,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { //terminate MOASession try { - AuthenticationSessionStoreage.destroySession(session.getSessionID()); - ssomanager.deleteSSOSessionID(httpReq, httpResp); + authenticatedSessionStore.destroySession(session.getSessionID()); + ssoManager.deleteSSOSessionID(httpReq, httpResp); } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); @@ -276,7 +254,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } - AssertionStorage.getInstance().put(relayState, sloContainer); + //put SLO process-information into transaction storage + transactionStorage.put(relayState, sloContainer); if (MiscUtil.isEmpty(authURL)) authURL = pvpReq.getAuthURL(); @@ -289,7 +268,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { context.put("redirectURLs", sloReqList); context.put("timeoutURL", timeOutURL); context.put("timeout", SLOTIMEOUT); - ssomanager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp); } else { @@ -309,7 +288,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { else context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssomanager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp); } @@ -327,7 +306,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { VelocityContext context = new VelocityContext(); context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - ssomanager.printSingleLogOutInfo(context, httpResp); + ssoManager.printSingleLogOutInfo(context, httpResp); } @@ -352,8 +331,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { AuthenticationSession authSession; try { - authSession = AuthenticationSessionStoreage - .getSession(moaSessionID); + authSession = authenticatedSessionStore.getSession(moaSessionID); if(authSession == null) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); @@ -364,10 +342,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); - MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - AuthenticationSessionStoreage.destroySession(moaSessionID); + authenticatedSessionStore.destroySession(moaSessionID); //session.invalidate(); @@ -378,366 +356,209 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - public void doAuthentication(HttpServletRequest request, - HttpServletResponse response, IRequest target) - throws ServletException, IOException, MOAIDException { - - Logger.info("Starting authentication ..."); - MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_START); - - if (MiscUtil.isEmpty(target.getRequestedIDP())) { - perfomLocalAuthentication(request, response, target); - - } else { - Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); - MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION); - buildPVP21AuthenticationRequest(request, response, target); - - } - } - - public void sendTransmitAssertionQuestion(HttpServletRequest request, - HttpServletResponse response, IRequest target, OAAuthParameter oaParam) - throws ServletException, IOException, MOAIDException { - - String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam, - target.getAuthURL()); - MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); - - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(form); - out.flush(); - } + /** + * Authenticates the authentication request {pendingReq}, which is actually processed + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * + * @return Return already authenticated MOASession if exists, otherwise return null + * @throws MOADatabaseException + * @throws MOAIDException + * @throws IOException + * @throws ServletException + * + */ + public AuthenticationSession doAuthentication(HttpServletRequest httpReq, + HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { - private void buildPVP21AuthenticationRequest(HttpServletRequest request, - HttpServletResponse response, IRequest target) - throws ServletException, IOException, MOAIDException { - - boolean requiredLocalAuthentication = true; + //generic authentication request validation + if (pendingReq.isPassiv() + && pendingReq.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + //get SSO cookie from http request + String ssoId = ssoManager.getSSOSessionID(httpReq); - Logger.debug("Build PVP 2.1 authentication request"); - - //get IDP metadata + //check if interfederation IDP is requested + ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq); - OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); - OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); - - if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { - Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); - Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP()) - + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed())); - Logger.info("Switch to local authentication on this IDP ... "); - - perfomLocalAuthentication(request, response, target); - return; - - } + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId); - try { - EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). - getEntityDescriptor(target.getRequestedIDP()); - - if (idpEntity != null ) { + if (correspondingMOASession != null) { + Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); - //fetch endpoint from IDP metadata - SingleSignOnService redirectEndpoint = null; - for (SingleSignOnService sss : - idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { - - // use POST binding as default if it exists - //TODO: maybe use RedirectBinding as default - if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - redirectEndpoint = sss; - - } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && - redirectEndpoint == null ) - redirectEndpoint = sss; - } - - if (redirectEndpoint != null) { - - AuthnRequest authReq = SAML2Utils - .createSAMLObject(AuthnRequest.class); - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); - - //send passive AuthnRequest - authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation()); - - authReq.setAssertionConsumerServiceIndex(0); - authReq.setIssueInstant(new DateTime()); - Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); - String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0); - issuer.setValue(serviceURL); - - issuer.setFormat(NameIDType.ENTITY); - authReq.setIssuer(issuer); - NameIDPolicy policy = SAML2Utils - .createSAMLObject(NameIDPolicy.class); - policy.setAllowCreate(true); - policy.setFormat(NameID.TRANSIENT); - authReq.setNameIDPolicy(policy); - - authReq.setDestination(redirectEndpoint.getLocation()); - - RequestedAuthnContext reqAuthContext = - SAML2Utils.createSAMLObject(RequestedAuthnContext.class); - - AuthnContextClassRef authnClassRef = - SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - - //check if STORK protocol module is in ClassPath - Class storkRequstTemplate = null; - Integer storkSecClass = null; - try { - storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest"); - if (storkRequstTemplate != null && - storkRequstTemplate.isInstance(target)) { - Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null); - storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null); - - } - - } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { - - - } - - if (sp != null && sp.isSTORKPVPGateway()) { - //use PVP SecClass instead of STORK QAA level - String secClass = null; - if (storkRequstTemplate != null && - storkRequstTemplate.isInstance(target)) { - - try { - secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( - PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); - - } catch (Exception e) { - Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e); - - } - } - - if (MiscUtil.isNotEmpty(secClass)) - authnClassRef.setAuthnContextClassRef(secClass); - else - authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3"); - - } else { - if (storkRequstTemplate != null && - storkRequstTemplate.isInstance(target)) { - //use requested QAA level from STORK request - try { - authnClassRef.setAuthnContextClassRef( - PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); - Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef() - + " from STORK request"); - - } catch (Exception e) { - Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e); - - } - - } - - if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) - //TODO: switch to eIDAS QAA-levels - authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); - - } - - reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); - reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); - authReq.setRequestedAuthnContext(reqAuthContext); - - IEncoder binding = null; - if (redirectEndpoint.getBinding().equals( - SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); - - } else if (redirectEndpoint.getBinding().equals( - SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); - - } - - binding.encodeRequest(request, response, authReq, - redirectEndpoint.getLocation(), target.getRequestID()); - - //build and send request without an error - requiredLocalAuthentication = false; - - MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID()); - - - } else { - Logger.warn("Requested IDP " + target.getRequestedIDP() - + " does not support POST or Redirect Binding."); - - } - - } else { - Logger.warn("Requested IDP " + target.getRequestedIDP() - + " is not found in InterFederation configuration"); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); + authenticatedSessionStore.destroySession(correspondingMOASession); + ssoManager.deleteSSOSessionID(httpReq, httpResp); } + } + + // check if Service-Provider allows SSO sessions + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); + + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); + + //if a legacy request is used SSO should not be allowed in case of mandate authentication + boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); + + //check if SSO Session is valid + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + + //check if SSO is allowed for the actually executed request + boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested); + pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); - } catch (MetadataProviderException e) { - Logger.error("IDP metadata error." , e); - - } catch (NoSuchAlgorithmException e) { - Logger.error("Build IDP authentication request FAILED.", e); - - } catch (MessageEncodingException e) { - Logger.error("Build IDP authentication request FAILED.", e); - - } catch (SecurityException e) { - Logger.error("Build IDP authentication request FAILED.", e); + //get MOASession from SSO-Cookie if SSO is allowed + AuthenticationSession moaSession = null; + if (isValidSSOSession && isSSOAllowed) { + String moasessionID = ssoManager.getMOASession(ssoId); + moaSession = authenticatedSessionStore.getSession(moasessionID); + if (moaSession == null) + Logger.info("No MOASession FOUND with provided SSO-Cookie."); + else { + Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); + revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO); + + } } + + //check if session is already authenticated + boolean tryperform = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - if (requiredLocalAuthentication) { - Logger.info("Switch to local authentication on this IDP ... "); - if (idp.isPerformLocalAuthenticationOnInterfederationError()) - perfomLocalAuthentication(request, response, target); + //perfom SSO-Consents question if it it required + if (tryperform && isSSOAllowed && oaParam.useSSOQuestion()) { + sendTransmitAssertionQuestion(httpReq, httpResp, pendingReq, oaParam); + return null; - else - throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()}); } + + //force new authentication authentication process + if (pendingReq.forceAuth()) { + startAuthenticationProcess(httpReq, httpResp, pendingReq); + return null; + + } else if (pendingReq.isPassiv()) { + if (tryperform) { + // Passive authentication ok! + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); + return moaSession; + + } else { + throw new NoPassivAuthenticationException(); + + } + } else { + if (tryperform) { + // Is authenticated .. proceed + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); + return moaSession; + + } else { + // Start authentication! + startAuthenticationProcess(httpReq, httpResp, pendingReq); + return null; + } + } } - private void perfomLocalAuthentication(HttpServletRequest request, - HttpServletResponse response, IRequest target) + private void startAuthenticationProcess(HttpServletRequest httpReq, + HttpServletResponse httpResp, RequestImpl pendingReq) throws ServletException, IOException, MOAIDException { - Logger.debug("Starting authentication on this IDP ..."); - - response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + Logger.info("Starting authentication ..."); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_START); - List legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols(); - - //is legacy allowed - boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); + //is legacy allowed + List legacyallowed_prot = authConfig.getLegacyAllowedProtocols(); + boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule()); //check legacy request parameter - boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); + //create MOASession object AuthenticationSession moasession; try { - //check if an MOASession exists and if not create an new MOASession - //moasession = getORCreateMOASession(request); - moasession = AuthenticationSessionStoreage.createSession(target); + moasession = authenticatedSessionStore.createSession(pendingReq); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); throw new MOAIDException("init.04", new Object[] {}); + } + //create authentication process execution context try { + // create execution context + ExecutionContext executionContext = new ExecutionContextImpl(); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID, + MiscUtil.isNotEmpty( + pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - if (legacyallowed && legacyparamavail) { - - // create execution context - ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID()); - executionContext.put("pendingRequestID", target.getRequestID()); - - executionContext.put("isLegacyRequest", true); - - Enumeration reqParamNames = request.getParameterNames(); + boolean leagacyMode = (legacyallowed && legacyparamavail); + executionContext.put("isLegacyRequest", leagacyMode); + executionContext.put("performBKUSelection", leagacyMode + && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); + + //add leagcy parameters to context + if (leagacyMode) { + Enumeration reqParamNames = httpReq.getParameterNames(); while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName)) - executionContext.put(paramName, request.getParameter(paramName)); + if (MiscUtil.isNotEmpty(paramName) && + MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)) + executionContext.put(paramName, httpReq.getParameter(paramName)); } - - // create process instance - String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); + } + // create process instance + String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); - if (processDefinitionId == null) { - Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() ); - throw new MOAIDException("process.02",new Object[] { - moasession.getSessionID()}); - } + if (processDefinitionId == null) { + Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() ); + throw new MOAIDException("process.02",new Object[] { + moasession.getSessionID()}); + } - String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); + String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); - // keep process instance id in moa session - moasession.setProcessInstanceId(processInstanceId); + // keep process instance id in protocol pending-request + pendingReq.setProcessInstanceId(processInstanceId); - // make sure moa session has been persisted before running the process - try { - AuthenticationSessionStoreage.storeSession(moasession); - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } - - // start process - processEngine.start(processInstanceId); - - } else { - MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), - target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); - - //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(target.getOAURL()); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); - } - - else { - - //check if an MOASession exists and if not create an new MOASession - //moasession = getORCreateMOASession(request); - - //set OnlineApplication configuration in Session - moasession.setOAURLRequested(target.getOAURL()); - moasession.setAction(target.requestedAction()); - moasession.setModul(target.requestedModule()); - } - - //Build authentication form - - - String publicURLPreFix = target.getAuthURL(); - if (publicURLPreFix.endsWith("/")) - publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); - String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); - - //store MOASession - try { - AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } - - //set MOAIDSession - //request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + + // make sure moa session has been persisted before running the process + try { + authenticatedSessionStore.storeSession(moasession); - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(loginForm); - out.flush(); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); } + + // start process + processEngine.start(processInstanceId); + } catch (ProcessExecutionException e) { Throwable cause = e.getCause(); if (cause != null && cause instanceof TaskExecutionException) { @@ -746,11 +567,36 @@ public class AuthenticationManager extends MOAIDAuthConstants { MOAIDException moaTaskCause = (MOAIDException) taskCause; Logger.warn(taskCause); throw moaTaskCause; - + } - } - - throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e); - } + } + + throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), moasession }, e); + } + } + + private void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, IOAAuthParameters oaParam) + throws ServletException, IOException, MOAIDException { + + //TODO: change to process management version!!!! + + //set authenticated flag to false, because user consents is required + target.setAuthenticated(false); + + +// String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), +// target.requestedAction(), target.getRequestID(), oaParam, +// target.getAuthURL()); + + String form =null; + + revisionsLogger.logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index fda92d71a..7833e795e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.moduls; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index bdbb1b458..79e52f6e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -25,22 +25,12 @@ package at.gv.egovernment.moa.id.moduls; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; public interface IModulInfo { //public List getServlets(); public String getName(); public String getPath(); - - public IAction getAction(String action); - - public IRequest preProcess(HttpServletRequest request, - HttpServletResponse response, String action, String sessionID, String transactionID) - throws MOAIDException; - - public IAction canHandleRequest(HttpServletRequest request, - HttpServletResponse response); - + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 4ae271bbc..f5d381e42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,32 +22,121 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.util.Date; -import java.util.List; - -import org.opensaml.saml2.core.Attribute; - +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public interface IRequest { + + /** + * Indicates the module, which implements this authentication protocol. + * The class, which is referenced, had to implement the 'IModulInfo' interface. + * + * @return Full-qualified name of the class which implements this protocol + */ + public String requestedModule(); + + /** + * Indicates the protocol specific action, which should executed if the request is processed. + * The class, which is referenced, had to implement the 'IAction' interface. + * + * @return Full-qualified name of the class which implements the action + */ + public String requestedAction(); + + /** + * Unique identifier, which indicates the service provider. + * In case of SAML1 protocol, it is the OA http-GET parameter + * + * @return Unique identifier for the service provider + */ public String getOAURL(); + + /** + * Indicates the passive flag in authentication requests. + * If the passive flag is set, the identification and authentication process + * failed if no active SSO session is found. + * + * @return true, if the is passive flag is set in authentication request, otherwise false + */ public boolean isPassiv(); + + /** + * Indicates the force authentication flag in authentication request + * If this flag is set, a new identification and authentication process + * is carried out in any case. + * + * @return true, if the force authentication flag is set, otherwise false + */ public boolean forceAuth(); - public boolean isSSOSupported(); - public String requestedModule(); - public String requestedAction(); - public void setModule(String module); - public void setAction(String action); - public String getTarget(); - public void setRequestID(String id); - public String getRequestID(); - public String getSessionIdentifier(); - public void setSessionIdentifier(String sessionIdentifier); - public String getRequestedIDP(); - public MOAResponse getInterfederationResponse(); - public List getRequestedAttributes(); - public IOAAuthParameters getOnlineApplicationConfiguration(); + + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @return The request-data object or null if no data is found with this key + */ + public Object getGenericData(String key); + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @param clazz The class type which is stored with this key + * @return The request-data object or null if no data is found with this key + */ + public T getGenericData(String key, final Class clazz); + + /** + * Store a generic data-object to request with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage + */ + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; + + /** + * Hold the identifier of this request object. + * This identifier can be used to load the request from request storage + * + * @return Request identifier + */ + public String getRequestID(); + + + /** + * Hold the identifier of the MOASession which is associated with this request + * + * @return MOASession identifier if a associated session exists, otherwise null + */ + public String getMOASessionIdentifier(); + + + /** + * Holds a unique transaction identifier, which could be used for looging + * This transaction identifier is unique for a single identification and authentication process + * + * @return Unique transaction identifier. + */ + public String getUniqueTransactionIdentifier(); + + /** + * Holds a unique session identifier, which could be used for logging + * This session identifier is unique for the full Single Sign-On session time + * + * @return Unique session identifier + */ + public String getUniqueSessionIdentifier(); + + + /** + * Hold the identifier if the process instance, which is associated with this request + * + * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null + */ + public String getProcessInstanceId(); + /** * get the IDP URL PreFix, which was used for authentication request @@ -57,5 +146,33 @@ public interface IRequest { public String getAuthURL(); public String getAuthURLWithOutSlash(); - //public void setTarget(); + /** + * Indicates if this pending request needs authentication + * + * @return true if this request needs authentication, otherwise false + */ + public boolean isNeedAuthentication(); + + /** + * Indicates, if this pending request needs Single Sign-On (SSO) functionality + * + * @return true if this request needs SSO, otherwise false + */ + public boolean needSingleSignOnFunctionality(); + public void setNeedSingleSignOnFunctionality(boolean needSSO); + + /** + * Indicates, if this pending request is already authenticated + * + * @return true if this request is already authenticated, otherwise false + */ + public boolean isAuthenticated(); + public void setAuthenticated(boolean isAuthenticated); + + /** + * Get get Service-Provider configuration which is associated with this request. + * + * @return Service-Provider configuration + */ + public IOAAuthParameters getOnlineApplicationConfiguration(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java new file mode 100644 index 000000000..6f46edce3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java @@ -0,0 +1,41 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; + +/** + * @author tlenz + * + */ +public interface IRequestStorage { + + public IRequest getPendingRequest(String pendingReqID); + + public void storePendingRequest(IRequest pendingRequest) throws MOAIDException; + + public void removePendingRequest(String requestID); + + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 99b7f4217..13768a343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -1,46 +1,46 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; - - -public class ModulUtils { - - public static final String UNAUTHDISPATCHER = "dispatcher"; - public static final String AUTHDISPATCHER = "dispatcher"; - - public static String buildUnauthURL(String modul, String action, String pendingRequestID) { - return UNAUTHDISPATCHER + "?" + - DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + - DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - } - - public static String buildAuthURL(String modul, String action, String pendingRequestID) { - return AUTHDISPATCHER + - "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + - DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - } -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.moduls; +// +//import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +// +// +//public class ModulUtils { +// +// public static final String UNAUTHDISPATCHER = "dispatcher"; +// public static final String AUTHDISPATCHER = "dispatcher"; +// +// public static String buildUnauthURL(String modul, String action, String pendingRequestID) { +// return UNAUTHDISPATCHER + "?" + +// DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + +// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + +// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +// } +// +// public static String buildAuthURL(String modul, String action, String pendingRequestID) { +// return AUTHDISPATCHER + +// "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + +// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + +// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +// } +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index cdaade1bb..bba9f66ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -25,45 +25,73 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; import java.net.MalformedURLException; import java.net.URL; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public abstract class RequestImpl implements IRequest, Serializable{ - private static final long serialVersionUID = 1L; + public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; + public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; - private String oaURL; - private boolean passiv = false; - private boolean force = false; - private boolean ssosupport = false; + private static final long serialVersionUID = 1L; + private String module = null; private String action = null; - private String target = null; + private String requestID; - private String sessionIdentifier; - private IOAAuthParameters OAConfiguration = null; + private String moaSessionIdentifier; + private String processInstanceId; + + private String uniqueTransactionIdentifer; + private String uniqueSessionIdentifer; + + private String oaURL; private String authURL = null; + + private IOAAuthParameters OAConfiguration = null; + + private boolean passiv = false; + private boolean force = false; - //MOA-ID interfederation - private String requestedIDP = null; - private MOAResponse response = null; + private boolean needAuthentication = true; + private boolean isAuthenticated = false; + private boolean needSSO = false; + + + private Map genericDataStorage = new HashMap(); /** * @throws ConfigurationException * */ - public RequestImpl(HttpServletRequest req) throws ConfigurationException { + public RequestImpl(HttpServletRequest req) throws ConfigurationException { + //set requestID + requestID = Random.nextRandom(); + + //set unique transaction identifier for logging + uniqueTransactionIdentifer = Random.nextRandom(); + TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); + + + //check if End-Point is valid String authURLString = HTTPUtils.extractAuthURLFromRequest(req); URL authURL; try { @@ -122,7 +150,16 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.authURL = resultURL.toExternalForm(); } - } + } + + //set unique session identifier + String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER); + if (MiscUtil.isNotEmpty(uniqueID)) + uniqueSessionIdentifer = uniqueID; + + else + Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!"); + } /** @@ -156,83 +193,44 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.force = force; } - public boolean isSSOSupported() { - return ssosupport; - } - - public String requestedModule() { - return module; - } - public String requestedAction() { return action; } - public void setSsosupport(boolean ssosupport) { - this.ssosupport = ssosupport; - } - - public void setModule(String module) { - this.module = module; - } - public void setAction(String action) { this.action = action; } - - public String getTarget() { - return target; - } - public void setTarget(String target) { - this.target = target; - } - - public void setRequestID(String id) { - this.requestID = id; - - } - - public String getRequestID() { - return requestID; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() + /** + * @return the module */ - @Override - public String getRequestedIDP() { - return requestedIDP; + public String requestedModule() { + return module; } /** - * @param requestedIDP the requestedIDP to set + * @param module the module to set */ - public void setRequestedIDP(String requestedIDP) { - this.requestedIDP = requestedIDP; + public void setModule(String module) { + this.module = module; } - /** - * @return the response - */ - public MOAResponse getInterfederationResponse() { - return response; + public void setRequestID(String id) { + this.requestID = id; + } - /** - * @param response the response to set - */ - public void setInterfederationResponse(MOAResponse response) { - this.response = response; + public String getRequestID() { + return requestID; } - public String getSessionIdentifier() { - return this.sessionIdentifier; + public String getMOASessionIdentifier() { + return this.moaSessionIdentifier; } - public void setSessionIdentifier(String sessionIdentifier) { - this.sessionIdentifier = sessionIdentifier; + public void setMOASessionIdentifier(String moaSessionIdentifier) { + this.moaSessionIdentifier = moaSessionIdentifier; } @@ -246,6 +244,36 @@ public abstract class RequestImpl implements IRequest, Serializable{ } + public String getUniqueTransactionIdentifier() { + return this.uniqueTransactionIdentifer; + + } + + public String getUniqueSessionIdentifier() { + return this.uniqueSessionIdentifer; + + } + + public String getProcessInstanceId() { + return this.processInstanceId; + + } + + public void setUniqueTransactionIdentifier(String id) { + this.uniqueTransactionIdentifer = id; + + } + + public void setUniqueSessionIdentifier(String id) { + this.uniqueSessionIdentifer = id; + + } + + public void setProcessInstanceId(String id) { + this.processInstanceId = id; + + } + /** * @return the authURL */ @@ -261,11 +289,99 @@ public abstract class RequestImpl implements IRequest, Serializable{ } -// /** -// * @param authURL the authURL to set -// */ -// public void setAuthURL(String authURL) { -// this.authURL = authURL; -// } + /** + * @return the needAuthentication + */ + public boolean isNeedAuthentication() { + return needAuthentication; + } + + /** + * @param needAuthentication the needAuthentication to set + */ + public void setNeedAuthentication(boolean needAuthentication) { + this.needAuthentication = needAuthentication; + } + + /** + * @return the isAuthenticated + */ + public boolean isAuthenticated() { + return isAuthenticated; + } + + /** + * @param isAuthenticated the isAuthenticated to set + */ + public void setAuthenticated(boolean isAuthenticated) { + this.isAuthenticated = isAuthenticated; + } + + public boolean needSingleSignOnFunctionality() { + return needSSO; + } + public void setNeedSingleSignOnFunctionality(boolean needSSO) { + this.needSSO = needSSO; + + } + + public Object getGenericData(String key) { + if (MiscUtil.isNotEmpty(key)) { + return genericDataStorage.get(key); + + } + + Logger.warn("Can not load generic request-data with key='null'"); + return null; + } + + public T getGenericData(String key, final Class clazz) { + if (MiscUtil.isNotEmpty(key)) { + Object data = genericDataStorage.get(key); + + if (data == null) + return null; + + try { + @SuppressWarnings("unchecked") + T test = (T) data; + return test; + + } catch (Exception e) { + Logger.warn("Generic request-data object can not be casted to requested type", e); + return null; + + } + + } + + Logger.warn("Can not load generic request-data with key='null'"); + return null; + + } + + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + if (MiscUtil.isEmpty(key)) { + Logger.warn("Generic request-data can not be stored with a 'null' key"); + throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null); + + } + + if (object != null) { + if (!Serializable.class.isInstance(object)) { + Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface"); + throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null); + + } + } + + if (genericDataStorage.containsKey(key)) + Logger.debug("Overwrite generic request-data with key:" + key); + else + Logger.trace("Add generic request-data with key:" + key + " to session."); + + genericDataStorage.put(key, object); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index f0b12431a..66ca42398 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -22,23 +22,32 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; -public class RequestStorage { +@Service("RequestStorage") +public class RequestStorage implements IRequestStorage{ - public static IRequest getPendingRequest(String pendingReqID) { + @Autowired ITransactionStorage transactionStorage; + @Autowired ProcessInstanceStoreDAO processInstanceStore; + + @Override + public IRequest getPendingRequest(String pendingReqID) { try { - AssertionStorage storage = AssertionStorage.getInstance(); - IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); + IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class); //set transactionID and sessionID to Logger - TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); - TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier()); + TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); return pendingRequest; @@ -49,12 +58,11 @@ public class RequestStorage { } } - public static void setPendingRequest(Object pendingRequest) throws MOAIDException { - try { - AssertionStorage storage = AssertionStorage.getInstance(); - + @Override + public void storePendingRequest(IRequest pendingRequest) throws MOAIDException { + try { if (pendingRequest instanceof IRequest) { - storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); + transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); } else { throw new MOAIDException("auth.20", null); @@ -69,12 +77,52 @@ public class RequestStorage { } - public static void removePendingRequest(String requestID) { + @Override + public void removePendingRequest(String requestID) { if (requestID != null) { - AssertionStorage storage = AssertionStorage.getInstance(); - storage.remove(requestID); + + //remove process-management execution instance + try { + IRequest pendingReq = getPendingRequest(requestID); + + if (pendingReq != null && + pendingReq.getProcessInstanceId() != null) { + processInstanceStore.remove(pendingReq.getProcessInstanceId()); + + } + + } catch (MOADatabaseException e) { + Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e); + + } + + transactionStorage.remove(requestID); } } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException { + + if (pendingRequest instanceof RequestImpl) { + String newRequestID = Random.nextRandom(); + + Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() + + " to " + newRequestID); + + ((RequestImpl)pendingRequest).setRequestID(newRequestID); + storePendingRequest(pendingRequest); + + return newRequestID; + + } else { + Logger.error("PendingRequest object is not of type 'RequestImpl.class'"); + throw new MOAIDException("internal.00", null); + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 2a618272f..89d50425b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -40,23 +40,27 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.hibernate.Query; import org.hibernate.Session; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("MOAID_SSOManager") public class SSOManager { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; @@ -65,27 +69,29 @@ public class SSOManager { private static final String SSOCOOKIE = "MOA_ID_SSO"; private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; - private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec - private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; + @Autowired protected AuthConfiguration authConfig; - private static SSOManager instance = null; - - public static SSOManager getInstance() { - if (instance == null) { - instance = new SSOManager(); - - } - - return instance; - } - + /** + * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists. + * Set the requested interfederation IDP as attribte of the {protocolRequest} + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws SessionDataStorageException + * + **/ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest protocolRequest) { + IRequest protocolRequest) throws SessionDataStorageException { String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); - if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { - Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + String interfederationIDP = + protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + if (MiscUtil.isNotEmpty(interfederationIDP)) { + Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP); return; } @@ -95,14 +101,14 @@ public class SSOManager { RequestImpl moaReq = (RequestImpl) protocolRequest; if (MiscUtil.isNotEmpty(interIDP)) { Logger.info("Receive SSO request for interfederation IDP " + interIDP); - moaReq.setRequestedIDP(interIDP); + moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP); } else { //check if IDP cookie is set String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); - moaReq.setRequestedIDP(cookie); + moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie); deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } @@ -120,7 +126,7 @@ public class SSOManager { } - public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException { + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException { // search SSO Session if (ssoSessionID == null) { @@ -128,7 +134,7 @@ public class SSOManager { return false; } - AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID); if (storedSession == null) return false; @@ -137,7 +143,7 @@ public class SSOManager { //check if session is out of lifetime Date now = new Date(); - long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; + long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime); if (now.after(ssoSessionValidTo)) { Logger.info("Found outdated SSO session information. Start reauthentication process ... "); @@ -150,12 +156,16 @@ public class SSOManager { storedSession.isInterfederatedSSOSession() && !storedSession.isAuthenticated()) { - if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) { - InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); + String interfederationIDP = + protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + + if (MiscUtil.isEmpty(interfederationIDP)) { + InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); if (selectedIDP != null) { //no local SSO session exist -> request interfederated IDP - ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix()); + protocolRequest.setGenericDataToSession( + RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); @@ -174,16 +184,17 @@ public class SSOManager { } public String getMOASession(String ssoSessionID) { - return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); } + //TODO: refactor for faster DB access public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); return extSessionInformation.getUniqueSessionId(); } @@ -253,14 +264,6 @@ public class SSOManager { } public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - int ssoTimeOut; - try { - ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut(); - - } catch (ConfigurationException e) { - Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); - ssoTimeOut = DEFAULTSSOTIMEOUT; - } setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } @@ -285,12 +288,12 @@ public class SSOManager { if (MiscUtil.isNotEmpty(ssoSessionID)) { - AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID); if (storedSession == null) return false; - InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID); + InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID); if (selectedIDP != null) { //no local SSO session exist -> request interfederated IDP @@ -317,7 +320,7 @@ public class SSOManager { InputStream is = null; String pathLocation = null; try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); + String rootconfigdir = authConfig.getRootConfigFileDir(); pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; File file = new File(new URI(pathLocation)); is = new FileInputStream(file); @@ -359,7 +362,7 @@ public class SSOManager { BufferedReader reader = new BufferedReader(new InputStreamReader(is )); //set default elements to velocity context - context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + context.put("contextpath", authConfig.getPublicURLPrefix()); StringWriter writer = new StringWriter(); //velocityEngine.evaluate(context, writer, "SLO_Template", reader); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java index 5cf84abed..26301d664 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java @@ -61,6 +61,17 @@ public interface ProcessEngine { */ String createProcessInstance(String processDefinitionId) throws ProcessExecutionException; + + /** + * Delete a process instance + * + * @param processInstanceId + * The identifier of the respective process. + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist. + */ + void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException; + /** * Returns the process instance with a given {@code processInstanceId}. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index 096e5ee9e..6da695d75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -12,8 +12,9 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; @@ -21,13 +22,13 @@ import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; import at.gv.egovernment.moa.id.process.api.Task; import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl; import at.gv.egovernment.moa.id.process.model.EndEvent; import at.gv.egovernment.moa.id.process.model.ProcessDefinition; import at.gv.egovernment.moa.id.process.model.ProcessNode; import at.gv.egovernment.moa.id.process.model.StartEvent; import at.gv.egovernment.moa.id.process.model.TaskInfo; import at.gv.egovernment.moa.id.process.model.Transition; +import at.gv.egovernment.moa.util.MiscUtil; /** * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions. @@ -36,10 +37,11 @@ public class ProcessEngineImpl implements ProcessEngine { private Logger log = LoggerFactory.getLogger(getClass()); + @Autowired ProcessInstanceStoreDAO piStoreDao; + @Autowired ApplicationContext context; + private ProcessDefinitionParser pdp = new ProcessDefinitionParser(); - ProcessInstanceStoreDAO piStoreDao = ProcessInstanceStoreDAOImpl.getInstance(); - private Map processDefinitions = new ConcurrentHashMap(); private final static String MDC_CTX_PI_NAME = "processInstanceId"; @@ -176,17 +178,21 @@ public class ProcessEngineImpl implements ProcessEngine { if (clazz != null) { log.debug("Instantiating task implementing class '{}'.", clazz); - Class instanceClass = null; + Object instanceClass = null; try { - instanceClass = Class.forName(clazz, true, Thread.currentThread().getContextClassLoader()); + instanceClass = context.getBean(clazz); + } catch (Exception e) { throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); + } - if (!Task.class.isAssignableFrom(instanceClass)) { + if (instanceClass == null || !(instanceClass instanceof Task)) { throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + "."); + } try { - task = (Task) instanceClass.newInstance(); + task = (Task) instanceClass; + } catch (Exception e) { throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); } @@ -352,5 +358,25 @@ public class ProcessEngineImpl implements ProcessEngine { return pi; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String) + */ + @Override + public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException { + if (MiscUtil.isEmpty(processInstanceId)) { + throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty"); + + } + + try { + piStoreDao.remove(processInstanceId); + + } catch (MOADatabaseException e) { + throw new ProcessExecutionException("Unable to remove process instance.", e); + + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java index a75a5de8c..577e971db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java @@ -6,6 +6,7 @@ import org.hibernate.Transaction; import org.hibernate.criterion.Restrictions; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -14,16 +15,11 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; * Database backed implementation of the {@link ProcessInstanceStoreDAO} * interface. */ +@Service("ProcessInstanceStoreage") public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO { private Logger log = LoggerFactory.getLogger(getClass()); - private static ProcessInstanceStoreDAO instance = new ProcessInstanceStoreDAOImpl(); - - public static ProcessInstanceStoreDAO getInstance() { - return instance; - } - @Override public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java new file mode 100644 index 000000000..cc1886324 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java @@ -0,0 +1,268 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +public abstract class AbstractProtocolModulController extends AbstractController implements IModulInfo { + + public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol"; + + @Autowired protected ApplicationContext applicationContext; + @Autowired private SSOManager ssomanager; + @Autowired protected AuthenticationManager authmanager; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + + /** + * Initialize an authentication process for this protocol request + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws IOException + */ + protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, + RequestImpl pendingReq) throws IOException { + try { + if (pendingReq.isNeedAuthentication()) { + //request needs authentication --> start authentication process ... + + //load Parameters from OnlineApplicationConfiguration + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + } + + + AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); + if (moaSession != null) { + //authenticated MOASession already exists --> protocol-specific postProcessing can start directly + finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + + } + + } else { + executeProtocolSpecificAction(req, resp, pendingReq, null); + + } + + } catch (Exception e) { + buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + + } + } + + /** + * Finalize the requested protocol operation + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param moaSession MOASession object, which is used to generate the protocol specific authentication information + * @throws Exception + */ + protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq, AuthenticationSession moaSession) throws Exception { + + String newSSOSessionId = null; + + //if Single Sign-On functionality is enabled for this request + if (pendingReq.needSingleSignOnFunctionality()) { + + //Store SSO information into database + newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), + pendingReq.getOAURL()); + + //set SSO cookie to response + if (MiscUtil.isNotEmpty(newSSOSessionId)) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + + } + + } + + //build authenticationdata from session information and OA configuration + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession); + + //execute the protocol-specific action + SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); + + //check if SSO + boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId); + + //Store OA specific SSO session information if an SSO cookie is set + if (isSSOCookieSetted) { + try { + authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + } + + } else { + //remove MOASession from database + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + } + + //Advanced statistic logging + statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted); + + } + + /** + * Executes the requested protocol action + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param authData Service-provider specific authentication data + * + * @return Return Single LogOut information or null if protocol supports no SSO + * + * @throws Exception + */ + private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq, IAuthData authData) throws Exception { + try { + // request needs no authentication --> start request processing + Class clazz = Class.forName(pendingReq.requestedAction()); + if (clazz == null || + !clazz.isInstance(IAction.class)) { + Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + + } + + IAction protocolAction = (IAction) applicationContext.getBean(clazz); + return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); + + } catch (ClassNotFoundException e) { + Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + } + + } + + protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp, IRequest protocolRequest) throws IOException { + try { + + Class clazz = Class.forName(protocolRequest.requestedModule()); + if (clazz == null || + !clazz.isInstance(IModulInfo.class)) { + Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + + } + + IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + + if (handlingModule.generateErrorMessage( + throwable, req, resp, protocolRequest)) { + + //log Error Message + statisticLogger.logErrorOperation(throwable, protocolRequest); + + //remove MOASession + AuthenticationSession moaSession = authenticatedSessionStorage.getSession( + protocolRequest.getMOASessionIdentifier()); + if (moaSession != null) + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + return; + + } else { + handleErrorNoRedirect(throwable, req, resp); + + } + + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable, req, resp); + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName() + */ + @Override + public abstract String getName(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath() + */ + @Override + public abstract String getPath(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java new file mode 100644 index 000000000..ed53d1a20 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -0,0 +1,199 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class ProtocolFinalizationController extends AbstractProtocolModulController { + + @RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET}) + public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + + //read pendingRequest from http request + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + IRequest pendingReq = null; + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + pendingRequestID = (String) idObject; + pendingReq = requestStorage.getPendingRequest(pendingRequestID); + + } + + //receive an authentication error + String errorid = req.getParameter(ERROR_CODE_PARAM); + if (errorid != null) { + try { + //load stored exception from database + Throwable throwable = transactionStorage.get(errorid, Throwable.class); + transactionStorage.remove(errorid); + + if (throwable != null) { + if (pendingReq != null) { + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); + + //build protocol-specific error message if possible + buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); + + //log Error Message + statisticLogger.logErrorOperation(throwable, pendingReq); + + //get MOASession for this pendingRequest + AuthenticationSession moaSession = + authenticatedSessionStorage.getSession( + pendingReq.getMOASessionIdentifier()); + + //remove MOASession if someone is found + if (moaSession != null) + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + return; + + } else { + handleErrorNoRedirect(throwable, req, resp); + + } + } else { + handleErrorNoRedirect(new Exception( + MOAIDMessageProvider.getInstance().getMessage("auth.26", null)), + req, resp); + + } + + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(e, req, resp); + + } + + // receive a pending request + } else { + if (pendingReq == null) { + Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!"); + handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp); + return; + + } + try { + Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); + + //get MOASession from database + String sessionID = pendingReq.getMOASessionIdentifier(); + + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) { + throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12"); + + } + + //load MOASession from database + AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID); + if (moaSession == null) { + Logger.error("No MOASession with ID " + sessionID + " found.!"); + handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp); + return; + + } + + //check if MOASession and pending-request are authenticated + if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + + } else { + Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); + handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp); + return; + + } + + } catch (Exception e) { + Logger.error("Finalize authentication protocol FAILED." , e); + buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + + } + } + + //remove pending-request + requestStorage.removePendingRequest(pendingRequestID); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName() + */ + @Override + public String getName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath() + */ + @Override + public String getPath() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { + // TODO Auto-generated method stub + return false; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java new file mode 100644 index 000000000..e8b8022c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java @@ -0,0 +1,93 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { + + @Autowired private SSOManager ssomanager; + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) + */ + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(request); + + //search for unique session identifier + String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); + if (MiscUtil.isEmpty(uniqueSessionIdentifier)) + uniqueSessionIdentifier = Random.nextRandom(); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + + request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); + + return true; + } + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) + */ + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + + //set security headers + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + } + + /* (non-Javadoc) + * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) + */ + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) + throws Exception { + // TODO Auto-generated method stub + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 9327cabd7..c9a34496a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -36,8 +37,8 @@ import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; - -import java.util.Arrays; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -51,15 +52,19 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * */ +@Service("AttributQueryAction") public class AttributQueryAction implements IAction { + @Autowired IAuthenticationSessionStoreage authenticationSessionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + private final static List DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -86,7 +91,7 @@ public class AttributQueryAction implements IAction { //load moaSession String nameID = attrQuery.getSubject().getNameID().getValue(); - AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID); + AuthenticationSession session = authenticationSessionStorage.getSessionWithUserNameID(nameID); if (session == null) { Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); @@ -96,7 +101,7 @@ public class AttributQueryAction implements IAction { DateTime date = new DateTime(); //generate authData - authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); + authData = authDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); //add default attributes in case of mandates or STORK is in use List attrList = addDefaultAttributes(attrQuery, authData); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 04b7854b1..eb4cb8a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; +@Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, @@ -54,7 +57,8 @@ public class AuthenticationAction implements IAction { } public String getDefaultActionName() { - return (PVP2XProtocol.REDIRECT); + return "PVPAuthenticationRequestAction"; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 50f91df44..5c1c60dc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -62,6 +62,8 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -79,15 +81,18 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +@Service("pvpMetadataService") public class MetadataAction implements IAction { private static final int VALIDUNTIL_IN_HOURS = 24; - + + @Autowired private MOAReversionLogger revisionsLogger; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); EntitiesDescriptor idpEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index c0ec086ed..fc4928366 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -23,10 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.io.IOException; -import java.util.ArrayList; import java.util.Arrays; -import java.util.HashMap; -import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -55,10 +52,11 @@ import org.opensaml.ws.security.SecurityPolicyException; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.signature.SignableXMLObject; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -66,14 +64,9 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; @@ -103,7 +96,8 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { +@Controller +public class PVP2XProtocol extends AbstractProtocolModulController { public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -119,41 +113,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { public static final String ENDPOINT_SP = "sp"; public static final String PARAMETER_ENDPOINT = "endpointtype"; - - private static List decoder = new ArrayList(); - - private static HashMap actions = new HashMap(); - + public static final List DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( new String[] { PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME }); - static { - decoder.add(new PostBinding()); - decoder.add(new RedirectBinding()); - decoder.add(new SoapBinding()); - - actions.put(REDIRECT, new AuthenticationAction()); - actions.put(POST, new AuthenticationAction()); - actions.put(METADATA, new MetadataAction()); - actions.put(ATTRIBUTEQUERY, new AttributQueryAction()); - actions.put(SINGLELOGOUT, new SingleLogOutAction()); - - //TODO: insert getArtifact action - - instance = new PVP2XProtocol(); - + static { new VelocityLogAdapter(); - } - - private static PVP2XProtocol instance = null; - - public static PVP2XProtocol getInstance() { - if (instance == null) { - instance = new PVP2XProtocol(); - } - return instance; + } public String getName() { @@ -163,65 +131,139 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { public String getPath() { return PATH; } - - private IDecoder findDecoder(String action, HttpServletRequest req) { - Iterator decoderIT = decoder.iterator(); - while (decoderIT.hasNext()) { - IDecoder decoder = decoderIT.next(); - if (decoder.handleDecode(action, req)) { - return decoder; - } - } - - return null; - } - - private boolean isServiceProviderEndPointUsed(HttpServletRequest req) throws InvalidProtocolRequestException { - Object obj = req.getParameter(PARAMETER_ENDPOINT); - if (obj instanceof String) { - String param = (String) obj; - if (MiscUtil.isNotEmpty(param)) { - if (ENDPOINT_IDP.equals(param)) - return false; - - else if (ENDPOINT_SP.equals(param)) - return true; - } - } - - Logger.error("No valid PVP 2.1 entpoint descriptor"); - throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); - } public PVP2XProtocol() { super(); } - - public IRequest preProcess(HttpServletRequest request, - HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { - - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { + //PVP2.x metadata end-point + @RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET}) + public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + if (!authConfig.getAllowedProtocols().isPVP21Active()) { Logger.info("PVP2.1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } + //create pendingRequest object + PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class); + metadataAction.processRequest(new PVPTargetConfiguration(req), + req, resp, null); - - if(METADATA.equals(action)) { - return new PVPTargetConfiguration(request); + } + + //PVP2.x IDP POST-Binding end-point + @RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST}) + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + if (!authConfig.getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - IDecoder decoder = findDecoder(action, request); - if (decoder == null) { - return null; + try { + //create pendingRequest object + PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //get POST-Binding decoder implementation + PostBinding coder = applicationContext.getBean(PostBinding.class); + InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); + pendingReq.setRequest(msg); + + //preProcess Message + preProcess(req, resp, pendingReq); + + } catch (SecurityPolicyException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + + } catch (SecurityException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (Throwable e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + throw new MOAIDException(e.getMessage(), new Object[] {}); + } + } + + //PVP2.x IDP Redirect-Binding end-point + @RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET}) + public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + } + try { + //create pendingRequest object + PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + pendingReq.setModule(NAME); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //get POST-Binding decoder implementation + RedirectBinding coder = applicationContext.getBean(RedirectBinding.class); + InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); + pendingReq.setRequest(msg); + + //preProcess Message + preProcess(req, resp, pendingReq); + + } catch (SecurityPolicyException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + + } catch (SecurityException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (Throwable e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - InboundMessage msg = (InboundMessage) decoder.decode(request, response, isServiceProviderEndPointUsed(request)); + throw new MOAIDException(e.getMessage(), new Object[] {}); + } + } + + + + + public void preProcess(HttpServletRequest request, + HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { + InboundMessage msg = pendingReq.getRequest(); + if (MiscUtil.isEmpty(msg.getEntityID())) { throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); @@ -236,91 +278,76 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if (msg instanceof MOARequest && ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest) - return preProcessAuthRequest(request, response, (MOARequest) msg, sessionId, transactionId); + preProcessAuthRequest(request, response, pendingReq); else if (msg instanceof MOARequest && ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery) - return preProcessAttributQueryRequest(request, response, (MOARequest) msg, sessionId, transactionId); + preProcessAttributQueryRequest(request, response, pendingReq); else if (msg instanceof MOARequest && ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) - return preProcessLogOut(request, response, msg, sessionId, transactionId); + preProcessLogOut(request, response, pendingReq); else if (msg instanceof MOAResponse && ((MOAResponse)msg).getResponse() instanceof LogoutResponse) - return preProcessLogOut(request, response, msg, sessionId, transactionId); - - else if (msg instanceof MOAResponse && - ((MOAResponse)msg).getResponse() instanceof Response) { - //load service provider AuthRequest from session - - IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); - if (obj instanceof RequestImpl) { - RequestImpl iReqSP = (RequestImpl) obj; - - MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); - - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); - - if ( processedMsg != null ) { - iReqSP.setInterfederationResponse(processedMsg); - - MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); - - Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() - + ". Switch to original transaction with ID " + iReqSP.getRequestID()); - TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); - TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); - - } else { - Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." - +". Switch back local authentication process ..."); - - SSOManager ssomanager = SSOManager.getInstance(); - ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); - - iReqSP.setRequestedIDP(null); - - } - - return iReqSP; - - } - - Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); - return null; - - } else { + preProcessLogOut(request, response, pendingReq); + + else { Logger.error("Receive unsupported PVP21 message"); throw new MOAIDException("Unsupported PVP21 message", new Object[] {}); } - } catch (PVP2Exception e) { - String samlRequest = request.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw e; - - } catch (SecurityPolicyException e) { - String samlRequest = request.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); - } catch (SecurityException e) { - String samlRequest = request.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + //switch to session authentication + performAuthentication(request, response, pendingReq); + +// else if (msg instanceof MOAResponse && +// ((MOAResponse)msg).getResponse() instanceof Response) { +// //load service provider AuthRequest from session +// +// IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); +// if (obj instanceof RequestImpl) { +// RequestImpl iReqSP = (RequestImpl) obj; +// +// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); +// +// MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); +// +// if ( processedMsg != null ) { +// iReqSP.setInterfederationResponse(processedMsg); +// +// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); +// +// Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() +// + ". Switch to original transaction with ID " + iReqSP.getRequestID()); +// TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); +// TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); +// +// } else { +// Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." +// +". Switch back local authentication process ..."); +// +// SSOManager ssomanager = SSOManager.getInstance(); +// ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); +// +// iReqSP.setRequestedIDP(null); +// +// } +// +// return iReqSP; +// +// } +// +// Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); +// return null; + +// } - } catch (InvalidProtocolRequestException e) { - String samlRequest = request.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - throw e; - } catch (Throwable e) { - String samlRequest = request.getParameter("SAMLRequest"); - Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - - throw new MOAIDException(e.getMessage(), new Object[] {}); - } + + } public boolean generateErrorMessage(Throwable e, @@ -423,26 +450,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { return true; } - public IAction getAction(String action) { - return actions.get(action); - } - - public IAction canHandleRequest(HttpServletRequest request, - HttpServletResponse response) { - if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { - return getAction(REDIRECT); - - } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { - return getAction(POST); - - } - - if(METADATA.equals(request.getParameter("action"))) { - return getAction(METADATA); - } - return null; - } - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { @@ -458,12 +465,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { * @return * @throws MOAIDException */ - private IRequest preProcessLogOut(HttpServletRequest request, - HttpServletResponse response, InboundMessage inMsg, - String sessionId, String transactionId) throws MOAIDException { + private void preProcessLogOut(HttpServletRequest request, + HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException { - PVPTargetConfiguration config = new PVPTargetConfiguration(request); - + InboundMessage inMsg = pendingReq.getRequest(); MOARequest msg; if (inMsg instanceof MOARequest && ((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) { @@ -482,11 +487,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - config.setOAURL(oaURL); - config.setOnlineApplicationConfiguration(oa); - config.setBinding(msg.getRequestBinding()); + pendingReq.setOAURL(oaURL); + pendingReq.setOnlineApplicationConfiguration(oa); + pendingReq.setBinding(msg.getRequestBinding()); - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); @@ -524,23 +529,26 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { throw new MOAIDException("Unsupported request", new Object[] {}); - config.setRequest(inMsg); - config.setAction(SINGLELOGOUT); - return config; + pendingReq.setRequest(inMsg); + pendingReq.setAction(SINGLELOGOUT); + + //Single LogOut Request needs no authentication + pendingReq.setNeedAuthentication(false); + + //set protocol action, which should be executed + pendingReq.setAction(SingleLogOutAction.class.getName()); } /** * PreProcess AttributeQuery request * @param request * @param response - * @param moaRequest - * @return + * @param pendingReq * @throws Throwable */ - private IRequest preProcessAttributQueryRequest(HttpServletRequest request, - HttpServletResponse response, MOARequest moaRequest, - String sessionId, String transactionId) throws Throwable { - + private void preProcessAttributQueryRequest(HttpServletRequest request, + HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { + MOARequest moaRequest = ((MOARequest)pendingReq.getRequest()); AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest(); moaRequest.setEntityID(attrQuery.getIssuer().getValue()); @@ -571,29 +579,34 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } - PVPTargetConfiguration config = new PVPTargetConfiguration(request); - config.setRequest(moaRequest); - config.setOAURL(moaRequest.getEntityID()); - config.setOnlineApplicationConfiguration(oa); - config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + pendingReq.setRequest(moaRequest); + pendingReq.setOAURL(moaRequest.getEntityID()); + pendingReq.setOnlineApplicationConfiguration(oa); + pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + + //Attribute-Query Request needs authentication + pendingReq.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingReq.setAction(AttributQueryAction.class.getName()); + + //write revisionslog entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); - return config; } /** * PreProcess Authn request * @param request * @param response - * @param moaRequest - * @return + * @param pendingReq * @throws Throwable */ - private IRequest preProcessAuthRequest(HttpServletRequest request, - HttpServletResponse response, MOARequest moaRequest, - String sessionId, String transactionId) throws Throwable { - + private void preProcessAuthRequest(HttpServletRequest request, + HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { + + MOARequest moaRequest = ((MOARequest)pendingReq.getRequest()); SignableXMLObject samlReq = moaRequest.getSamlRequest(); if(!(samlReq instanceof AuthnRequest)) { @@ -620,7 +633,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } - //parse AssertionConsumerService AssertionConsumerService consumerService = null; if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && @@ -699,21 +711,25 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); - PVPTargetConfiguration config = new PVPTargetConfiguration(request); - config.setOAURL(oaURL); - config.setOnlineApplicationConfiguration(oa); - config.setBinding(consumerService.getBinding()); - config.setRequest(moaRequest); - config.setConsumerURL(consumerService.getLocation()); + pendingReq.setOAURL(oaURL); + pendingReq.setOnlineApplicationConfiguration(oa); + pendingReq.setBinding(consumerService.getBinding()); + pendingReq.setRequest(moaRequest); + pendingReq.setConsumerURL(consumerService.getLocation()); //parse AuthRequest - config.setPassiv(authReq.isPassive()); - config.setForce(authReq.isForceAuthn()); + pendingReq.setPassiv(authReq.isPassive()); + pendingReq.setForce(authReq.isForceAuthn()); + //AuthnRequest needs authentication + pendingReq.setNeedAuthentication(true); - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); + //set protocol action, which should be executed after authentication + pendingReq.setAction(AuthenticationAction.class.getName()); + + //write revisionslog entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); - return config; } /** @@ -753,5 +769,5 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { } return null; - } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index 5062646b6..0dd309154 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -25,27 +25,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.artifact.SAMLArtifactMap; import org.opensaml.xml.io.MarshallingException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +@Service("PVPAssertionStorage") public class PVPAssertionStorage implements SAMLArtifactMap { - - private static PVPAssertionStorage instance = null; - - public static PVPAssertionStorage getInstance() { - if(instance == null) { - instance = new PVPAssertionStorage(); - } - return instance; - } - - //private Map assertions = new HashMap(); - private AssertionStorage assertions = AssertionStorage.getInstance(); + @Autowired private ITransactionStorage transactionStorage; + public boolean contains(String artifact) { - return assertions.containsKey(artifact); + return transactionStorage.containsKey(artifact); } public void put(String artifact, String relyingPartyId, String issuerId, @@ -56,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap { samlMessage); try { - assertions.put(artifact, assertion); + transactionStorage.put(artifact, assertion); } catch (MOADatabaseException e) { // TODO Insert Error Handling, if Assertion could not be stored @@ -66,7 +59,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap { public SAMLArtifactMapEntry get(String artifact) { try { - return assertions.get(artifact, SAMLArtifactMapEntry.class); + return transactionStorage.get(artifact, SAMLArtifactMapEntry.class); } catch (MOADatabaseException e) { // TODO Insert Error Handling, if Assertion could not be read @@ -76,7 +69,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap { } public void remove(String artifact) { - assertions.remove(artifact); + transactionStorage.remove(artifact); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 0b402a0fd..07367e1d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 582f5939d..8928aaeca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -37,6 +37,8 @@ import org.hibernate.Transaction; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.metadata.SingleLogoutService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -57,8 +59,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -68,8 +70,14 @@ import at.gv.egovernment.moa.util.URLEncoder; * @author tlenz * */ +@Service("pvpSingleLogOutService") public class SingleLogOutAction implements IAction { + @Autowired private SSOManager ssomanager; + @Autowired private AuthenticationManager authManager; + @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; + @Autowired private ITransactionStorage transactionStorage; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) */ @@ -87,7 +95,7 @@ public class SingleLogOutAction implements IAction { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); AuthenticationSession session = - AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID( + authenticationSessionStorage.searchMOASessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); @@ -96,7 +104,6 @@ public class SingleLogOutAction implements IAction { + logOutReq.getNameID().getValue() + " and OA " + logOutReq.getIssuer().getValue()); Logger.info("Search active SSO session with SSO session cookie"); - SSOManager ssomanager = SSOManager.getInstance(); String ssoID = ssomanager.getSSOSessionID(httpReq); if (MiscUtil.isEmpty(ssoID)) { Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -110,7 +117,7 @@ public class SingleLogOutAction implements IAction { } else { String moasession = ssomanager.getMOASession(ssoID); try { - session = AuthenticationSessionStoreage.getSession(moasession); + session = authenticationSessionStorage.getSession(moasession); } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -124,8 +131,7 @@ public class SingleLogOutAction implements IAction { } } } - - AuthenticationManager authManager = AuthenticationManager.getInstance(); + authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq); } else if (pvpReq.getRequest() instanceof MOAResponse && @@ -235,7 +241,7 @@ public class SingleLogOutAction implements IAction { else statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR; - AssertionStorage.getInstance().put(artifact, statusCode); + transactionStorage.put(artifact, statusCode); redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java deleted file mode 100644 index 4d353ffcd..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ /dev/null @@ -1,121 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.signature.Signature; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; - -public class ArtifactBinding implements IDecoder, IEncoder { - - public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState) - throws MessageEncodingException, SecurityException { - - } - - public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState) - throws MessageEncodingException, SecurityException { - try { - Credential credentials = CredentialProvider - .getIDPAssertionSigningCredential(); - - Signature signer = CredentialProvider.getIDPSignature(credentials); - response.setSignature(signer); - - VelocityEngine engine = new VelocityEngine(); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); - engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); - engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); - engine.setProperty("classpath.resource.loader.class", - "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); - engine.init(); - - HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine, - "resources/templates/pvp_postbinding_template.html", - PVPAssertionStorage.getInstance()); - - encoder.setPostEncoding(false); - HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( - resp, true); - BasicSAMLMessageContext context = new BasicSAMLMessageContext(); - SingleSignOnService service = new SingleSignOnServiceBuilder() - .buildObject(); - service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); - service.setLocation(targetLocation); - context.setOutboundSAMLMessageSigningCredential(credentials); - context.setPeerEntityEndpoint(service); - context.setOutboundSAMLMessage(response); - context.setOutboundMessageTransport(responseAdapter); - - encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); - - } catch (Exception e) { - throw new SecurityException(e); - } - } - - public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, - SecurityException { - - return null; - } - - - public boolean handleDecode(String action, HttpServletRequest req) { - - return false; - } - - public String getSAML2BindingName() { - return SAMLConstants.SAML2_ARTIFACT_BINDING_URI; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index b8f7e6d80..9e176f724 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; @@ -48,6 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPPostBindingCoder") public class PostBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java deleted file mode 100644 index 7f6054f2d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ /dev/null @@ -1,82 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.joda.time.DateTime; -import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; -import org.opensaml.saml2.core.ArtifactResolve; -import org.opensaml.saml2.core.ArtifactResponse; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; - -public class ArtifactResolution implements IRequestHandler { - - public boolean handleObject(InboundMessage obj) { - return (obj instanceof MOARequest && - ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve); - } - - public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req, - HttpServletResponse resp, IAuthData authData) throws MOAIDException { - if (!handleObject(obj.getRequest())) { - throw new MOAIDException("pvp2.13", null); - } - - ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj.getRequest()).getSamlRequest(); - String artifactID = artifactResolve.getArtifact().getArtifact(); - - PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); - - if (!pvpAssertion.contains(artifactID)) { - throw new RequestDeniedException(); - } else { - try { - SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); - ArtifactResponse response = SAML2Utils - .createSAMLObject(ArtifactResponse.class); - response.setMessage(assertion.getSamlMessage()); - response.setIssueInstant(new DateTime()); - SoapBinding encoder = new SoapBinding(); - encoder.encodeRespone(req, resp, response, null, null); - } catch (Exception e) { - Logger.error("Failed to resolve artifact", e); - } - } - - return null; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 059e68865..974d90e11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -41,15 +41,14 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -92,12 +91,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { binding = new RedirectBinding(); - - } else if (consumerService.getBinding().equals( - SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { - // TODO: not supported YET!! - binding = new ArtifactBinding(); - + } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { binding = new PostBinding(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index b58b09f12..f26b2a735 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -30,12 +30,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; public class RequestManager { @@ -54,7 +51,7 @@ public class RequestManager { private RequestManager() { handler = new ArrayList(); handler.add(new AuthnRequestHandler()); - handler.add(new ArtifactResolution()); + } public SLOInformationInterface handle(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java deleted file mode 100644 index 3b97f3b08..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ /dev/null @@ -1,227 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -import java.io.Serializable; -import java.util.Date; -import java.util.List; - -import org.apache.commons.lang.SerializationUtils; -import org.hibernate.HibernateException; -import org.hibernate.Query; -import org.hibernate.Session; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class AssertionStorage { - - private static AssertionStorage instance = null; - - public static AssertionStorage getInstance() { - if(instance == null) { - instance = new AssertionStorage(); - } - return instance; - } - - public boolean containsKey(String artifact) { - try { - searchInDatabase(artifact); - return true; - - } catch (MOADatabaseException e) { - return false; - } - - } - - public void put(String artifact, Object assertion) throws MOADatabaseException { - //setup AssertionStore element - AssertionStore element = new AssertionStore(); - element.setArtifact(artifact); - element.setType(assertion.getClass().getName()); - element.setDatatime(new Date()); - - //serialize the Assertion for Database storage - byte[] data = SerializationUtils.serialize((Serializable) assertion); - element.setAssertion(data); - - //store AssertionStore element to Database - try { - MOASessionDBUtils.saveOrUpdate(element); - Logger.info(assertion.getClass().getName() + " with ID: " + artifact + " is stored in Database"); - } catch (MOADatabaseException e) { - Logger.warn("Sessioninformation could not be stored."); - throw new MOADatabaseException(e); - } - - } - - - /** - * @param samlArtifact - * @param class1 - * @param authdatatimeout - * @return - * @throws MOADatabaseException - * @throws AuthenticationException - */ - public T get(String samlArtifact, - final Class clazz) throws MOADatabaseException { - - try { - return get(samlArtifact, clazz, -1); - - } catch (AuthenticationException e) { - //this execption only occurs if an additional timeOut is used - Logger.error("This exeption should not occur!!!!", e); - return null; - } - } - - public T get(String artifact, final Class clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException { - - AssertionStore element = searchInDatabase(artifact); - - if (authdatatimeout > -1) { - //check timeout - long now = new Date().getTime(); - - if (now - element.getDatatime().getTime() > authdatatimeout) - throw new AuthenticationException("1207", new Object[] { artifact }); - } - - - //Deserialize Assertion - Object data = SerializationUtils.deserialize(element.getAssertion()); - - //check if assertion has the correct class type - try { - @SuppressWarnings("unchecked") - T test = (T) Class.forName(element.getType()).cast(data); - return test; - - } catch (Exception e) { - Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + artifact); - throw new MOADatabaseException("Sessioninformation Cast-Exception"); - } - } - - public void clean(long now, long authDataTimeOut) { - Date expioredate = new Date(now - authDataTimeOut); - - List results; - Session session = MOASessionDBUtils.getCurrentSession(); - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithTimeOut"); - query.setTimestamp("timeout", expioredate); - results = query.list(); - session.getTransaction().commit(); - - if (results.size() != 0) { - for(AssertionStore result : results) { - try { - cleanDelete(result); - Logger.info("Remove stored information with ID: " + result.getArtifact() - + " after timeout."); - - } catch (HibernateException e){ - Logger.warn("Sessioninformation with ID=" + result.getArtifact() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } - } - } - - public void remove(String artifact) { - - try { - AssertionStore element = searchInDatabase(artifact); - cleanDelete(element); - Logger.info("Remove stored information with ID: " + artifact); - - - } catch (MOADatabaseException e) { - Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + artifact - + "not found)"); - - } catch (HibernateException e) { - Logger.warn("Sessioninformation not removed! (Error during Database communication)", e); - } - } - - private void cleanDelete(AssertionStore element) { - try { - element.setAssertion("blank".getBytes()); - MOASessionDBUtils.saveOrUpdate(element); - - } catch (MOADatabaseException e) { - Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e); - - } finally { - if (!MOASessionDBUtils.delete(element)) - Logger.error("ShortTime session with artifact=" + element.getArtifact() - + " not removed! (Error during Database communication)"); - - } - - } - - @SuppressWarnings("rawtypes") - private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { - MiscUtil.assertNotNull(artifact, "artifact"); - Logger.trace("Getting sessioninformation with ID " + artifact + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - List result; - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getAssertionWithArtifact"); - query.setParameter("artifact", artifact); - result = query.list(); - - //send transaction - session.getTransaction().commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No sessioninformation found with this ID"); - } - - return (AssertionStore) result.get(0); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java deleted file mode 100644 index 9dee39fe8..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ /dev/null @@ -1,1130 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -import java.util.ArrayList; -import java.util.Date; -import java.util.List; - -import org.apache.commons.lang.SerializationUtils; -import org.apache.commons.lang.StringEscapeUtils; -import org.hibernate.HibernateException; -import org.hibernate.Query; -import org.hibernate.Session; -import org.hibernate.Transaction; - -import com.fasterxml.jackson.core.JsonProcessingException; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.JsonMapper; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.EncryptedData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class AuthenticationSessionStoreage { - - //private static HashMap sessionStore = new HashMap(); - - private static JsonMapper mapper = new JsonMapper(); - - public static boolean isAuthenticated(String moaSessionID) { - - AuthenticatedSessionStore session; - - try { - session = searchInDatabase(moaSessionID, true); - return session.isAuthenticated(); - - } catch (MOADatabaseException e) { - return false; - } - } - - public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { - String id = Random.nextRandom(); - try { - AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); - dbsession.setSessionid(id); - dbsession.setAuthenticated(false); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - Date now = new Date(); - dbsession.setCreated(now); - dbsession.setUpdated(now); - - dbsession.setPendingRequestID(target.getRequestID()); - - //set additional session informations - AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); - sessionExt.setUniqueSessionId(target.getSessionIdentifier()); - dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - - AuthenticationSession session = new AuthenticationSession(id, now); - encryptSession(session, dbsession); - - //store AssertionStore element to Database - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.info("Create MOASession with sessionID: " + id); - - return session; - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be created."); - throw new MOADatabaseException(e); - - } catch (JsonProcessingException e) { - Logger.warn("Extended session information can not be stored.", e); - throw new MOADatabaseException(e); - - } - - } - - public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { - - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); - return decryptSession(dbsession); - - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); - - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); - throw new MOADatabaseException("MOASession deserialization-exception"); - } - } - - public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); - - if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { - try { - return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), - AuthenticationSessionExtensions.class); - - } catch (Exception e) { - Logger.warn("Extended session information extraction FAILED!", e); - } - } - return null; - - } - - public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); - - dbsession.setAdditionalInformation( - mapper.serialize(sessionExtensions)); - - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); - - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - - } catch (JsonProcessingException e) { - Logger.warn("Extended session information can not be stored.", e); - throw new MOADatabaseException("Extended session information can not be stored.", e); - - } - - } - - public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { - storeSession(session, null); - } - - public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { - - try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); - - if (MiscUtil.isNotEmpty(pendingRequestID)) - dbsession.setPendingRequestID(pendingRequestID); - - encryptSession(session, dbsession); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setAuthenticated(session.isAuthenticated()); - dbsession.setUpdated(new Date()); - - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - } - } - - public static void destroySession(String moaSessionID) throws MOADatabaseException { - - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); - result = query.list(); - - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No session found with this sessionID"); - } - - AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); - tx.commit(); - cleanDelete(dbsession); - } - - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - - } - - } - - public static String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, AuthenticationException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); - - - - Logger.debug("Change SessionID from " + session.getSessionID() - + "to " + newSessionID); - - session.setSessionID(newSessionID); - encryptSession(session, dbsession); - - dbsession.setSessionid(newSessionID); - dbsession.setAuthenticated(session.isAuthenticated()); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setUpdated(new Date()); - - MOASessionDBUtils.saveOrUpdate(dbsession); - - Logger.trace("Change SessionID complete."); - - return newSessionID; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("TODO!", null); - } - - - - } - - public static String changeSessionID(AuthenticationSession session) - throws AuthenticationException, BuildException { - String id = Random.nextRandom(); - return changeSessionID(session, id); - - } - - public static void setAuthenticated(String moaSessionID, boolean value) { - - AuthenticatedSessionStore session; - - try { - session = searchInDatabase(moaSessionID, true); - session.setAuthenticated(value); - MOASessionDBUtils.saveOrUpdate(session); - - - } catch (MOADatabaseException e) { - Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); - } - } - - public static String getMOASessionSSOID(String SSOSessionID) { - MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setParameter("sessionid", SSOSessionID); - result = query.list(); - - //send transaction - tx.commit(); - - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return null; - - } else { - return result.get(0).getSessionid(); - - } - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static boolean isSSOSession(String sessionID) throws MOADatabaseException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); - return dbsession.isSSOSession(); - - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); - } - } - - public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) { - MiscUtil.assertNotNull(SSOId, "SSOSessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setParameter("sessionid", SSOId); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return null; - - } else { - return result.get(0); - } - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static void addSSOInformation(String moaSessionID, String SSOSessionID, - SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { - - AuthenticatedSessionStore dbsession; - Transaction tx = null; - - try { - - Session session = MOASessionDBUtils.getCurrentSession(); - List result; - - Logger.trace("Add SSO information to session " + moaSessionID); - - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); - result = query.list(); - - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - tx.rollback(); - throw new MOADatabaseException("No session found with this sessionID"); - } - - dbsession = (AuthenticatedSessionStore) result.get(0); - - OASessionStore activeOA = null; - //check if OA already has an active OA session - if (dbsession.getActiveOAsessions() != null) { - for (OASessionStore el : dbsession.getActiveOAsessions()) { - if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) - activeOA = el; - } - } - - if (activeOA == null) - activeOA = new OASessionStore(); - - //set active OA applications - activeOA.setOaurlprefix(protocolRequest.getOAURL()); - activeOA.setMoasession(dbsession); - activeOA.setCreated(new Date()); - - //set additional information for SLO - if (SLOInfo != null) { - activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); - activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); - activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); - activeOA.setProtocolType(SLOInfo.getProtocolType()); - activeOA.setAttributeQueryUsed(false); - activeOA.setAuthURL(protocolRequest.getAuthURL()); - - - } - - List activeOAs = dbsession.getActiveOAsessions(); - activeOAs.add(activeOA); - dbsession.setActiveOAsessions(activeOAs); - - - //Store used SSOId - if (dbsession.getSSOsessionid() != null) { - OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); - oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); - oldSSOId.setMoasession(dbsession); - - List oldSSOIds = dbsession.getOldssosessionids(); - oldSSOIds.add(oldSSOId); - } - - dbsession.setSSOSession(true); - dbsession.setSSOsessionid(SSOSessionID); - dbsession.setAuthenticated(false); - dbsession.setPendingRequestID("empty"); - - //Store MOASession - session.saveOrUpdate(dbsession); - - //send transaction - tx.commit(); - - if (SLOInfo != null) - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() - + " and AssertionID: " + SLOInfo.getSessionIndex()); - else - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); - - } - - } catch (MOADatabaseException e) { - throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); - - } catch(HibernateException e) { - Logger.warn("Error during database saveOrUpdate. Rollback.", e); - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); - } - } - - public static List getAllActiveOAFromMOASession(AuthenticationSession moaSession) { - MiscUtil.assertNotNull(moaSession, "MOASession"); - Session session = null; - - try { - List oas = new ArrayList(); - - AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); - oas.addAll(dbsession.getActiveOAsessions()); - - session = MOASessionDBUtils.getCurrentSession(); - session.getTransaction().commit(); - - return oas; - - } catch (MOADatabaseException e) { - Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - - } catch (Exception e) { - if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { - session.getTransaction().rollback(); - throw e; - - } - - } - - return null; - } - - public static List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { - MiscUtil.assertNotNull(moaSession, "MOASession"); - Session session = null; - try { - List idps = new ArrayList(); - AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); - idps.addAll(dbsession.getInderfederation()); - - session = MOASessionDBUtils.getCurrentSession(); - session.getTransaction().commit(); - - return idps; - - } catch (MOADatabaseException e) { - Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - - } catch (Exception e) { - if (session != null && session.getTransaction() != null - && !session.getTransaction().wasCommitted()) { - session.getTransaction().rollback(); - throw e; - - } - - } - - return null; - } - - public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { - MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); - MiscUtil.assertNotNull(userNameID, "userNameID"); - Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " - + oaID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - Transaction tx = null; - - List result = null;; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); - query.setParameter("oaID", oaID); - query.setParameter("nameID", userNameID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No unique entry found."); - return null; - - } - - return decryptSession(result.get(0)); - - } catch (BuildException e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); - return null; - - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - - } - - public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { - MiscUtil.assertNotNull(moaSession, "MOASession"); - MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); - MiscUtil.assertNotNull(protocolType, "usedProtocol"); - Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " - + oaID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); - query.setParameter("sessionID", moaSession.getSessionID()); - query.setParameter("oaID", oaID); - query.setParameter("protocol", protocolType); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } - - return result.get(0).getActiveOAsessions().get(0); - - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static String getPendingRequestID(String sessionID) { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); - return dbsession.getPendingRequestID(); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession with ID " + sessionID + " not found"); - return ""; - } - } - - public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { - Transaction tx = null; - try { - MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); - Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setParameter("sessionid", pedingRequestID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return null; - } - - return decryptSession(result.get(0)); - - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); - - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - - return null; - - } - } - - public static boolean deleteSessionWithPendingRequestID(String id) { - MiscUtil.assertNotNull(id, "PendingRequestID"); - Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setParameter("sessionid", id); - result = query.list(); - - //send transaction - tx.commit(); - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return false; - - } else { - cleanDelete(result.get(0)); - return true; - } - } - - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static AuthenticationSession getSessionWithUserNameID(String nameID) { - - Transaction tx = null; - try { - MiscUtil.assertNotNull(nameID, "nameID"); - Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); - query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } - - return decryptSession(result.get(0)); - - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - return null; - } - - } - - public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { - MiscUtil.assertNotNull(sessionID, "MOASession"); - Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); - query.setParameter("sessionID", sessionID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } - - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { - MiscUtil.assertNotNull(sessionID, "MOASession"); - MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); - Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); - query.setParameter("sessionID", sessionID); - query.setParameter("idpID", idpID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } - - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { - AuthenticatedSessionStore dbsession = null; - - //search for active SSO session - if (MiscUtil.isNotEmpty(ssoID)) { - String moaSession = getMOASessionSSOID(ssoID); - if (MiscUtil.isNotEmpty(moaSession)) { - try { - dbsession = searchInDatabase(moaSession, true); - - }catch (MOADatabaseException e) { - - } - } - } - - String id = null; - Date now = new Date(); - //create new MOASession if any exists - AuthenticationSession session = null; - if (dbsession == null) { - id = Random.nextRandom(); - dbsession = new AuthenticatedSessionStore(); - dbsession.setSessionid(id); - dbsession.setCreated(now); - dbsession.setPendingRequestID(req.getRequestID()); - session = new AuthenticationSession(id, now); - - } else { - id = dbsession.getSessionid(); - session = decryptSession(dbsession); - - } - - dbsession.setInterfederatedSSOSession(true); - dbsession.setAuthenticated(isAuthenticated); - dbsession.setUpdated(now); - session.setAuthenticated(true); - session.setAuthenticatedUsed(false); - encryptSession(session, dbsession); - - //add interfederation information - List idpList = dbsession.getInderfederation(); - InterfederationSessionStore idp = null; - if (idpList == null) { - idpList = new ArrayList(); - dbsession.setInderfederation(idpList); - - } else { - for (InterfederationSessionStore el : idpList) { - //resue old entry if interfederation IDP is reused for authentication - if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID())) - idp = el; - - } - } - - //create new interfederation IDP entry - if (idp == null) { - idp = new InterfederationSessionStore(); - idp.setCreated(now); - idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); - idp.setAuthURL(req.getAuthURL()); - - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance(). - getOnlineApplicationParameter(idp.getIdpurlprefix()); - idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed()); - - } catch (ConfigurationException e) { - Logger.warn("MOASession could not be created."); - throw new MOADatabaseException(e); - - } - idp.setMoasession(dbsession); - idpList.add(idp); - - } - AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse()); - idp.setSessionIndex(extract.getSessionIndex()); - idp.setUserNameID(extract.getNameID()); - idp.setAttributesRequested(false); - idp.setQAALevel(extract.getQAALevel()); - - //store AssertionStore element to Database - try { - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.debug("MOASession with sessionID=" + id + " is stored in Database"); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be created."); - throw new MOADatabaseException(e); - } - - return id; - } - - public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) { - MiscUtil.assertNotNull(moaSession, "MOASession"); - Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); - query.setParameter("sessionID", moaSession.getSessionID()); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } - - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - /** - * @param entityID - * @param requestID - */ - public static boolean removeInterfederetedSession(String entityID, - String pedingRequestID) { - - try { - Logger.debug("Remove interfederated IDP from local SSO session ..."); - - MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); - Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setParameter("sessionid", pedingRequestID); - result = query.list(); - - //send transaction - session.getTransaction().commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return false; - } - - AuthenticatedSessionStore authsession = result.get(0); - - List idpSessions = authsession.getInderfederation(); - if (idpSessions != null) { - for (InterfederationSessionStore idp : idpSessions) { - if (idp.getIdpurlprefix().equals(entityID)) - idpSessions.remove(idp); - - } - } - - MOASessionDBUtils.saveOrUpdate(authsession); - return true; - - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); - return false; - } - } - - public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { - Date expioredatecreate = new Date(now - authDataTimeOutCreated); - Date expioredateupdate = new Date(now - authDataTimeOutUpdated); - - List results; - Session session = MOASessionDBUtils.getCurrentSession(); - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); - query.setTimestamp("timeoutcreate", expioredatecreate); - query.setTimestamp("timeoutupdate", expioredateupdate); - results = query.list(); - tx.commit(); - - if (results.size() != 0) { - for(AuthenticatedSessionStore result : results) { - try { - cleanDelete(result); - Logger.info("Authenticated session with sessionID=" + result.getSessionid() - + " after session timeout."); - - } catch (HibernateException e){ - Logger.warn("Authenticated session with sessionID=" + result.getSessionid() - + " not removed after timeout! (Error during Database communication)", e); - } - } - } - } - - } catch (Exception e) { - if (tx != null && !tx.wasCommitted()) - tx.rollback(); - throw e; - } - } - - private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException { - byte[] serialized = SerializationUtils.serialize(session); - - EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); - } - - private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException { - EncryptedData encdata = new EncryptedData(dbsession.getSession(), - dbsession.getIv()); - byte[] decrypted = SessionEncrytionUtil.getInstance().decrypt(encdata); - - return (AuthenticationSession) SerializationUtils.deserialize(decrypted); - - } - - private static void cleanDelete(AuthenticatedSessionStore result) { - - try { - AuthenticationSession session = getSession(result.getSessionid()); - if (session.getProcessInstanceId() != null) { - ProcessInstanceStoreDAOImpl.getInstance().remove(session.getProcessInstanceId()); - } - - } catch (MOADatabaseException e) { - Logger.warn("Removing process associated with moa session " + result.getSessionid() + " FAILED.", e); - } - - try { - result.setSession("blank".getBytes()); - MOASessionDBUtils.saveOrUpdate(result); - - } catch (MOADatabaseException e) { - Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); - - } finally { - if (!MOASessionDBUtils.delete(result)) - Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)"); - } - } - - @SuppressWarnings("rawtypes") - private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException { - MiscUtil.assertNotNull(sessionID, "moasessionID"); - Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", sessionID); - result = query.list(); - - //send transaction - if (commit) - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No session found with this sessionID"); - } - - return (AuthenticatedSessionStore) result.get(0); - } catch (Exception e) { - if (tx != null && !tx.wasCommitted() && commit) - tx.rollback(); - throw e; - } - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java new file mode 100644 index 000000000..743caec55 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -0,0 +1,1049 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.storage; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.apache.commons.lang.StringEscapeUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; +import org.hibernate.Transaction; +import org.springframework.stereotype.Service; + +import com.fasterxml.jackson.core.JsonProcessingException; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.JsonMapper; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Service("AuthenticationSessionStoreage") +public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{ + + private static JsonMapper mapper = new JsonMapper(); + + @Override + public boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID, true); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + @Override + public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { + String id = Random.nextRandom(); + try { + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); + + dbsession.setPendingRequestID(target.getRequestID()); + + //set additional session informations + AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); + sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier()); + dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); + + AuthenticationSession session = new AuthenticationSession(id, now); + encryptSession(session, dbsession); + + //store AssertionStore element to Database + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.info("Create MOASession with sessionID: " + id); + + return session; + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException(e); + + } + + } + + @Override + public AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + if (MiscUtil.isEmpty(sessionID)) + return null; + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + return decryptSession(dbsession); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + return null; + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + @Override + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { + try { + return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), + AuthenticationSessionExtensions.class); + + } catch (Exception e) { + Logger.warn("Extended session information extraction FAILED!", e); + } + } + return null; + + } + + @Override + public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + dbsession.setAdditionalInformation( + mapper.serialize(sessionExtensions)); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); + + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException("Extended session information can not be stored.", e); + + } + + } + + @Override + public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); + + encryptSession(session, dbsession); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + @Override + public void destroySession(String moaSessionID) throws MOADatabaseException { + + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setParameter("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + tx.commit(); + cleanDelete(dbsession); + } + + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + + } + + } + + @Override + public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException { + + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); + + Logger.debug("Change SessionID from " + session.getSessionID() + + "to " + newSessionID); + + session.setSessionID(newSessionID); + encryptSession(session, dbsession); + + dbsession.setSessionid(newSessionID); + dbsession.setAuthenticated(session.isAuthenticated()); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + + Logger.trace("Change SessionID complete."); + + return newSessionID; + + } + + @Override + public String changeSessionID(AuthenticationSession session) + throws BuildException, MOADatabaseException { + String id = Random.nextRandom(); + return changeSessionID(session, id); + + } + + @Override + public void setAuthenticated(String moaSessionID, boolean isAuthenticated) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID, true); + session.setAuthenticated(isAuthenticated); + MOASessionDBUtils.saveOrUpdate(session); + + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + @Override + public String getMOASessionSSOID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + tx.commit(); + + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + @Override + public boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + } + + @Override + public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) { + + //TODO: is this method really needed?? + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOId); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0); + } + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + @Override + public void addSSOInformation(String moaSessionID, String SSOSessionID, + SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { + + AuthenticatedSessionStore dbsession; + Transaction tx = null; + + try { + + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + Logger.trace("Add SSO information to session " + moaSessionID); + + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setParameter("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + tx.rollback(); + throw new MOADatabaseException("No session found with this sessionID"); + } + + dbsession = (AuthenticatedSessionStore) result.get(0); + + OASessionStore activeOA = null; + //check if OA already has an active OA session + if (dbsession.getActiveOAsessions() != null) { + for (OASessionStore el : dbsession.getActiveOAsessions()) { + if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) + activeOA = el; + } + } + + if (activeOA == null) + activeOA = new OASessionStore(); + + //set active OA applications + activeOA.setOaurlprefix(protocolRequest.getOAURL()); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + //set additional information for SLO + if (SLOInfo != null) { + activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); + activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); + activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); + activeOA.setProtocolType(SLOInfo.getProtocolType()); + activeOA.setAttributeQueryUsed(false); + activeOA.setAuthURL(protocolRequest.getAuthURL()); + + + } + + List activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } + + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); + dbsession.setPendingRequestID("empty"); + + //Store MOASession + session.saveOrUpdate(dbsession); + + //send transaction + tx.commit(); + + if (SLOInfo != null) + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() + + " and AssertionID: " + SLOInfo.getSessionIndex()); + else + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); + + } + + } catch (MOADatabaseException e) { + throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); + } + } + + @Override + public List getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + Session session = null; + + try { + List oas = new ArrayList(); + + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + oas.addAll(dbsession.getActiveOAsessions()); + + session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return oas; + + } catch (MOADatabaseException e) { + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); + + } catch (Exception e) { + if (session != null && session.getTransaction() != null + && !session.getTransaction().wasCommitted()) { + session.getTransaction().rollback(); + throw e; + + } + + } + + return null; + } + + @Override + public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + Session session = null; + try { + List idps = new ArrayList(); + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + idps.addAll(dbsession.getInderfederation()); + + session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return idps; + + } catch (MOADatabaseException e) { + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); + + } catch (Exception e) { + if (session != null && session.getTransaction() != null + && !session.getTransaction().wasCommitted()) { + session.getTransaction().rollback(); + throw e; + + } + + } + + return null; + } + + @Override + public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(userNameID, "userNameID"); + Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + + oaID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + Transaction tx = null; + + List result = null;; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); + query.setParameter("oaID", oaID); + query.setParameter("nameID", userNameID); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No unique entry found."); + return null; + + } + + return decryptSession(result.get(0)); + + } catch (BuildException e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); + return null; + + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + + } + + @Override + public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(protocolType, "usedProtocol"); + Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + + oaID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); + query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("oaID", oaID); + query.setParameter("protocol", protocolType); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getActiveOAsessions().get(0); + + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + @Override + public AuthenticationSession getSessionWithUserNameID(String nameID) { + + Transaction tx = null; + try { + MiscUtil.assertNotNull(nameID, "nameID"); + Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); + query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return decryptSession(result.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + return null; + } + + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); + query.setParameter("sessionID", sessionID); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); + Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); + query.setParameter("sessionID", sessionID); + query.setParameter("idpID", idpID); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { + AuthenticatedSessionStore dbsession = null; + + //search for active SSO session + if (MiscUtil.isNotEmpty(ssoID)) { + String moaSession = getMOASessionSSOID(ssoID); + if (MiscUtil.isNotEmpty(moaSession)) { + try { + dbsession = searchInDatabase(moaSession, true); + + }catch (MOADatabaseException e) { + + } + } + } + + String id = null; + Date now = new Date(); + //create new MOASession if any exists + AuthenticationSession session = null; + if (dbsession == null) { + id = Random.nextRandom(); + dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setCreated(now); + dbsession.setPendingRequestID(req.getRequestID()); + session = new AuthenticationSession(id, now); + + } else { + id = dbsession.getSessionid(); + session = decryptSession(dbsession); + + } + + dbsession.setInterfederatedSSOSession(true); + dbsession.setAuthenticated(isAuthenticated); + dbsession.setUpdated(now); + session.setAuthenticated(true); + encryptSession(session, dbsession); + + //add interfederation information + List idpList = dbsession.getInderfederation(); + + MOAResponse interfederationResp = req.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class); + String interFedEntityID = interfederationResp.getEntityID(); + + InterfederationSessionStore idp = null; + if (idpList == null) { + idpList = new ArrayList(); + dbsession.setInderfederation(idpList); + + } else { + for (InterfederationSessionStore el : idpList) { + //resue old entry if interfederation IDP is reused for authentication + if (el.getIdpurlprefix().equals(interFedEntityID)) + idp = el; + + } + } + + //create new interfederation IDP entry + if (idp == null) { + idp = new InterfederationSessionStore(); + idp.setCreated(now); + idp.setIdpurlprefix(interFedEntityID); + idp.setAuthURL(req.getAuthURL()); + + try { + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance(). + getOnlineApplicationParameter(idp.getIdpurlprefix()); + idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed()); + + } catch (ConfigurationException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + + } + idp.setMoasession(dbsession); + idpList.add(idp); + + } + AssertionAttributeExtractor extract = new AssertionAttributeExtractor(interfederationResp.getResponse()); + idp.setSessionIndex(extract.getSessionIndex()); + idp.setUserNameID(extract.getNameID()); + idp.setAttributesRequested(false); + idp.setQAALevel(extract.getQAALevel()); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return id; + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + @Override + public boolean removeInterfederetedSession(String entityID, + String pedingRequestID) { + + try { + Logger.debug("Remove interfederated IDP from local SSO session ..."); + + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); + Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + //TODO: !!!!!!!!!!! PendingRequestID does not work + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", pedingRequestID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + } + + AuthenticatedSessionStore authsession = result.get(0); + + List idpSessions = authsession.getInderfederation(); + if (idpSessions != null) { + for (InterfederationSessionStore idp : idpSessions) { + if (idp.getIdpurlprefix().equals(entityID)) + idpSessions.remove(idp); + + } + } + + MOASessionDBUtils.saveOrUpdate(authsession); + return true; + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); + return false; + } + } + + @Override + public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated); + Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated); + + List results; + Session session = MOASessionDBUtils.getCurrentSession(); + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); + results = query.list(); + tx.commit(); + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + cleanDelete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + } + } + } + + } catch (Exception e) { + if (tx != null && !tx.wasCommitted()) + tx.rollback(); + throw e; + } + } + + private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException { + byte[] serialized = SerializationUtils.serialize(session); + + EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(serialized); + dbsession.setSession(encdata.getEncData()); + dbsession.setIv(encdata.getIv()); + } + + private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException { + EncryptedData encdata = new EncryptedData(dbsession.getSession(), + dbsession.getIv()); + byte[] decrypted = SessionEncrytionUtil.getInstance().decrypt(encdata); + + return (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + } + + private static void cleanDelete(AuthenticatedSessionStore result) { + + try { + result.setSession("blank".getBytes()); + MOASessionDBUtils.saveOrUpdate(result); + + } catch (MOADatabaseException e) { + Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(result)) + Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)"); + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setParameter("sessionid", sessionID); + result = query.list(); + + //send transaction + if (commit) + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + + } + + return (AuthenticatedSessionStore) result.get(0); + + } catch (Exception e) { + if (tx != null && !tx.wasCommitted() && commit) + tx.rollback(); + throw e; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java deleted file mode 100644 index 4cddd141b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java +++ /dev/null @@ -1,175 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -import java.util.Date; -import java.util.List; - -import org.apache.commons.lang.SerializationUtils; -import org.hibernate.HibernateException; -import org.hibernate.Query; -import org.hibernate.Session; - -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class DBExceptionStoreImpl implements IExceptionStore { - - private static DBExceptionStoreImpl store; - - public static DBExceptionStoreImpl getStore() { - if(store == null) { - store = new DBExceptionStoreImpl(); - } - return store; - } - - public String storeException(Throwable e) { - String id = Random.nextRandom(); - - Logger.debug("Store Exception with ID " + id); - - ExceptionStore dbexception = new ExceptionStore(); - dbexception.setExid(id); - - byte[] data = SerializationUtils.serialize(e); - dbexception.setException(data); - - dbexception.setTimestamp(new Date()); - - try { - MOASessionDBUtils.saveOrUpdate(dbexception); - - } catch (MOADatabaseException e1) { - Logger.warn("Exception can not be stored in Database.", e); - return null; - } - - return id; - } - - public Throwable fetchException(String id) { - - try { - Logger.debug("Fetch Exception with ID " + id); - - ExceptionStore ex = searchInDatabase(id); - - Object data = SerializationUtils.deserialize(ex.getException()); - if (data instanceof Throwable) - return (Throwable) data; - - else { - Logger.warn("Exeption is not of classtype Throwable"); - return null; - } - - - } catch (MOADatabaseException e) { - Logger.info("No Exception found with ID=" + id); - return null; - - } catch (Exception e) { - Logger.warn("Exception can not deserialized from Database.",e); - return null; - } - - } - - public void removeException(String id) { - try { - ExceptionStore ex = searchInDatabase(id); - MOASessionDBUtils.delete(ex); - - Logger.debug("Delete Execption with ID " + id); - - } catch (MOADatabaseException e) { - Logger.info("No Exception found with ID=" + id); - } - - - } - - public void clean(long now, long exceptionTimeOut) { - Date expioredate = new Date(now - exceptionTimeOut); - - List results; - Session session = MOASessionDBUtils.getCurrentSession(); - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getExceptionWithTimeOut"); - query.setTimestamp("timeout", expioredate); - results = query.list(); - session.getTransaction().commit(); - - if (results.size() != 0) { - for(ExceptionStore result : results) { - try { - MOASessionDBUtils.delete(result); - Logger.info("Remove Exception with ID=" + result.getExid() - + " after timeout."); - - } catch (HibernateException e){ - Logger.warn("Exception with ID=" + result.getExid() - + " not removed after timeout! (Error during Database communication)", e); - } - - } - } - } - } - - @SuppressWarnings("rawtypes") - private ExceptionStore searchInDatabase(String id) throws MOADatabaseException { - MiscUtil.assertNotNull(id, "exceptionID"); - Logger.trace("Getting Exception with ID " + id + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); - List result; - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getExceptionWithID"); - query.setParameter("id", id); - result = query.list(); - - //send transaction - session.getTransaction().commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No Exception found with ID " + id); - } - - return (ExceptionStore) result.get(0); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java new file mode 100644 index 000000000..f33a7549c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -0,0 +1,215 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.storage; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +@Service("TransactionStorage") +public class DBTransactionStorage implements ITransactionStorage { + + public boolean containsKey(String key) { + try { + searchInDatabase(key); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String key, Object value) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(key); + element.setType(value.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) value); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(element); + Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database"); + } catch (MOADatabaseException e) { + Logger.warn("Sessioninformation could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public T get(String key, + final Class clazz) throws MOADatabaseException { + + try { + return get(key, clazz, -1); + + } catch (AuthenticationException e) { + //this execption only occurs if an additional timeOut is used + Logger.error("This exeption should not occur!!!!", e); + return null; + + } + } + + public T get(String key, final Class clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException { + + AssertionStore element = searchInDatabase(key); + + if (dataTimeOut > -1) { + //check timeout + long now = new Date().getTime(); + + if (now - element.getDatatime().getTime() > dataTimeOut) { + Logger.info("Transaction-Data with key: " + key + " is out of time."); + throw new AuthenticationException("1207", new Object[] { key }); + + } + } + + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + @SuppressWarnings("unchecked") + T test = (T) Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key); + throw new MOADatabaseException("Sessioninformation Cast-Exception"); + + } + } + + public void clean(Date now, long dataTimeOut) { + Date expioredate = new Date(now.getTime() - dataTimeOut); + + List results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + cleanDelete(result); + Logger.info("Remove stored information with ID: " + result.getArtifact() + + " after timeout."); + + } catch (HibernateException e){ + Logger.warn("Sessioninformation with ID=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + } + + public void remove(String key) { + + try { + AssertionStore element = searchInDatabase(key); + cleanDelete(element); + Logger.info("Remove stored information with ID: " + key); + + + } catch (MOADatabaseException e) { + Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Sessioninformation not removed! (Error during Database communication)", e); + } + } + + private void cleanDelete(AssertionStore element) { + try { + element.setAssertion("blank".getBytes()); + MOASessionDBUtils.saveOrUpdate(element); + + } catch (MOADatabaseException e) { + Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(element)) + Logger.error("ShortTime session with artifact=" + element.getArtifact() + + " not removed! (Error during Database communication)"); + + } + + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting sessioninformation with ID " + artifact + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setParameter("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No sessioninformation found with this ID"); + } + + return (AssertionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java deleted file mode 100644 index ce974c531..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java +++ /dev/null @@ -1,58 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.util.Random; - -public class ExceptionStoreImpl implements IExceptionStore { - - // Just a quick implementation - private static IExceptionStore store; - - public static IExceptionStore getStore() { - if(store == null) { - store = new ExceptionStoreImpl(); - } - return store; - } - - private Map exceptionStore = new HashMap(); - - public String storeException(Throwable e) { - String id = Random.nextRandom(); - exceptionStore.put(id, e); - return id; - } - - public Throwable fetchException(String id) { - return exceptionStore.get(id); - } - - public void removeException(String id) { - exceptionStore.remove(id); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java new file mode 100644 index 000000000..e89713b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -0,0 +1,281 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.storage; + +import java.util.Date; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; + +/** + * @author tlenz + * + */ +public interface IAuthenticationSessionStoreage { + + /** + * Check if the stored MOASession is already authenticated + * + * @param moaSessionID MOASession identifier + * @return true if the MOASession is authenticated, otherwise false + */ + public boolean isAuthenticated(String moaSessionID); + + /** + * Create a new MOASession + * + * @param target Pending Request which is associated with this MOASession + * @return MOASession object + * @throws MOADatabaseException MOASession storage operation FAILED + * @throws BuildException MOASession encryption FAILED + */ + public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException; + + /** + * Get a MOASession with sessionID + * + * @param sessionID SessionID which corresponds to a MOASession + * @return MOASession, or null if no session exists with this ID + * @throws MOADatabaseException MOASession load operation FAILED + */ + public AuthenticationSession getSession(String sessionID) throws MOADatabaseException; + + /** + * Get the session-data extension-object for a MOASession + * + * @param sessionID SessionID which corresponds to a MOASession + * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null + * @throws MOADatabaseException MOASession load operation FAILED + */ + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException; + + /** + * Store a session-data extension-object to MOASession + * + * @param sessionID SessionID which corresponds to a MOASession + * @param sessionExtensions AuthenticationSessionExtensions object + * @throws MOADatabaseException MOASession storage operation FAILED + */ + public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; + + + /** + * Store a MOASession + * + * @param session MOASession which should be stored + * @throws MOADatabaseException MOASession storage operation FAILED + * @throws BuildException MOASession encryption FAILED + */ + public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException; + + /** + * Delete a MOASession + * + * @param moaSessionID SessionID which corresponds to a MOASession + * @throws MOADatabaseException MOASession delete operation FAILED + */ + public void destroySession(String moaSessionID) throws MOADatabaseException; + + + /** + * Change the sessionID of a MOASession + * + * @param session MOASession for which the sessionID should be changed + * @param newSessionID new MOASessionID which should be used + * @return new MOASessionID + * @throws MOADatabaseException MOASession storage operation FAILED + * @throws BuildException MOASession encryption/decryption FAILED + */ + public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException; + + /** + * Change the sessionID of a MOASession + * + * @param session MOASession for which the sessionID should be changed + * @return new MOASessionID + * @throws MOADatabaseException MOASession storage operation FAILED + * @throws BuildException MOASession encryption/decryption FAILED + */ + public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException; + + /** + * Set the isAuthenticated flag to MOASession + * + * @param moaSessionID SessionID which corresponds to a MOASession + * @param isAuthenticated Is authenticated flag (true/false) + */ + public void setAuthenticated(String moaSessionID, boolean isAuthenticated); + + /** + * Find the MOASessionId of an active Single Sign-On session + * + * @param SSOSessionID Single Sign-On sessionID + * @return MOASessionID of the associated MOASession + */ + public String getMOASessionSSOID(String SSOSessionID); + + /** + * Check if a MOASession is an active Single Sign-On session + * + * @param sessionID SessionID which corresponds to a MOASession + * @return true, if the MOASession is a SSO session, otherwise false + * @throws MOADatabaseException MOASession load operation FAILED + */ + public boolean isSSOSession(String sessionID) throws MOADatabaseException; + + + /** + * @param SSOId + * @return + */ + public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId); + + /** + * Add Single Sign-On processing information to a MOASession. + * This processing information is required to execute a Single Log-Out process + * + * @param moaSessionID SessionID which corresponds to a MOASession + * @param SSOSessionID Single Sign-On sessionID + * @param SLOInfo Data object with Single LogOut information + * @param protocolRequest Protocol-request object of the authentication request + * @throws AuthenticationException Single Sign-On information store operation FAILED + */ + public void addSSOInformation(String moaSessionID, String SSOSessionID, + SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException; + + + /** + * Get all Single Sign-On authenticated Service-Provider of a MOASession + * + * @param moaSession MOASession data object + * @return List of Service-Provider information + */ + public List getAllActiveOAFromMOASession(AuthenticationSession moaSession); + + + /** + * Get all active interfederation connections for a MOASession + * + * @param moaSession MOASession data object + * @return List of Interfederation-IDP information + */ + public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession); + + /** + * Search a MOASession by using already transfered authentication information + * + * @param oaID Service-Provider identifier, which has received the authentication information + * @param userNameID UserId (bPK), which was send to this Service-Provider + * @return MOASession, or null if no corresponding MOASession is found + */ + public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); + + /** + * Search a active Single Sign-On session for a specific Service-Provider + * + * @param moaSession MOASession data object + * @param oaID Service-Provider identifier, which has received the authentication information + * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider + * @return Internal Single Sign-On information for this Service-Provider + */ + public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType); + + + /** + * Search a active MOASession with a userID + * + * @param nameID UserID (bPK) + * @return MOASession, or null if no corresponding MOASession is found + */ + public AuthenticationSession getSessionWithUserNameID(String nameID); + + /** + * Search an active federation IDP which could be used for federated Single Sign-On + * + * @param sessionID SessionID which corresponds to a MOASession + * @return Information of the federated IDP, or null if no active federated IDP is found + */ + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID); + + /** + * Get information to an active federated IDP of MOASession + * + * @param sessionID SessionID which corresponds to a MOASession + * @param idpID Unique identifier of the federated IDP + * @return Information of the federated IDP, or null if no active federated IDP is found + */ + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID); + + + /** + * Create a MOASession from interfederation information + * + * @param req Pending request + * @param isAuthenticated true if the session should be marked as authenticated, otherwise false + * @param ssoID Single Sign-On session identifer + * @return MOASessionID of new created MOASession + * @throws MOADatabaseException + * @throws AssertionAttributeExtractorExeption + * @throws BuildException + */ + @Deprecated + public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException; + + /** + * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery + * + * @param moaSession MOASession data object + * @return Information of the federated IDP, or null if no active federated IDP is found + */ + public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession); + + /** + * Remove an active federation IDP from MOASession + * + * @param entityID Unique identifier of the federated IDP + * @param pedingRequestID + * @return true if the federated IDP could be remove, otherwise false + */ + @Deprecated + public boolean removeInterfederetedSession(String entityID, String pedingRequestID); + + /** + * Clean all MOASessions which has a timeOut + * + * @param now Current Time + * @param authDataTimeOutCreated timeOut after MOASession is created [ms] + * @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms] + */ + public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated); +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java deleted file mode 100644 index 4c76a49a4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java +++ /dev/null @@ -1,29 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -public interface IExceptionStore { - public String storeException(Throwable e); - public Throwable fetchException(String id); - public void removeException(String id); -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java new file mode 100644 index 000000000..d05689e68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -0,0 +1,90 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.storage; + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; + +/** + * @author tlenz + * + */ +public interface ITransactionStorage { + + /** + * Check if transaction storage contains a data object with a specific key + * + * @param key Key, which identifies a data object + * @return true if key is found, otherwise false + */ + public boolean containsKey(String key); + + /** + * Store a data object with a key to transaction storage + * + * @param key Id which identifiers the data object + * @param value Data object which should be stored + * @throws MOADatabaseException In case of store operation failed + */ + public void put(String key, Object value) throws MOADatabaseException; + + /** + * Get a data object from transaction storage + * + * @param key Id which identifiers the data object + * @param clazz The class type which is stored with this key + * @return The transaction-data object from type class + * @throws MOADatabaseException In case of load operation failed + */ + public T get(String key, final Class clazz) throws MOADatabaseException; + + /** + * Get a data object from transaction storage + * + * @param key Id which identifiers the data object + * @param clazz The class type which is stored with this key + * @param Data-object timeout in [ms] + * @return The transaction-data object from type class + * @throws MOADatabaseException In case of load operation failed + * @throws AuthenticationException In case of data-object timeout occurs + */ + public T get(String key, final Class clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException; + + /** + * Remove a data object from transaction storage + * + * @param key Id which identifiers the data object + */ + public void remove(String key); + + /** + * Clean-up the transaction storage + * + * @param now Current time + * @param dataTimeOut Data-object timeout in [ms] + */ + public void clean(Date now, long dataTimeOut); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 2aceb833c..d2499af9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -172,5 +172,14 @@ public class HTTPUtils { return authURL; } + + public static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } } diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule new file mode 100644 index 000000000..7e2315fd7 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -0,0 +1,2 @@ +# The default moaid process +at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml new file mode 100644 index 000000000..b61ee5f2d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml new file mode 100644 index 000000000..05ceb65f4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml deleted file mode 100644 index 5855fc766..000000000 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index cabf1557e..8329db941 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -52,7 +52,8 @@ init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar init.02=Fehler beim Starten des Service MOA-ID-Auth init.04=Fehler beim Datenbankzugriff mit der SessionID {0} - + +internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde. config.00=MOA ID Konfiguration erfolgreich geladen: {0} config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index abd5d15f3..a8583d945 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -32,6 +32,8 @@ init.00=9199 init.01=9199 init.02=9199 init.04=9101 + +internal.00=9199 config.00=9199 config.01=9199 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index a28fe6a7b..6726aacb5 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -63,6 +63,7 @@ public class MOAIDConstants { public static final List ALLOWED_STORKATTRIBUTEPROVIDERS; public static final List JDBC_DRIVER_NEEDS_WORKAROUND; + public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier"; static { Hashtable tmp = new Hashtable(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 11917d0c3..065f3866b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,10 +1,6 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -22,6 +18,8 @@ import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; import org.apache.xpath.XPathAPI; import org.opensaml.xml.util.Base64; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -29,7 +27,6 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -63,6 +60,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -76,6 +74,9 @@ import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import iaik.asn1.ObjectID; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -85,24 +86,11 @@ import at.gv.egovernment.moa.util.StringUtils; * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ */ +@Service("CitizenCardAuthenticationServer") public class AuthenticationServer extends BaseAuthenticationServer { - /** - * single instance - */ - private static AuthenticationServer instance; - - /** - * Returns the single instance of AuthenticationServer. - * - * @return the single instance of AuthenticationServer - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - + @Autowired private MOAReversionLogger revisionsLogger; + /** * Constructor for AuthenticationServer. */ @@ -139,13 +127,14 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param templateMandteURL URL providing an HTML template for the HTML form generated * (for signing in mandates mode) * @param req determines the protocol used + * @param pendingReq * @param sourceID * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (session == null) { @@ -154,7 +143,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //load OnlineApplication configuration OAAuthParameter oaParam = - AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); @@ -172,7 +161,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { String infoboxReadRequest = ""; - String domainIdentifier = AuthConfigurationProviderFactory.getInstance().getSSOTagetIdentifier().trim(); + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { //do not use SSO if no Target is set Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); @@ -209,34 +198,17 @@ public class AuthenticationServer extends BaseAuthenticationServer { String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); //removed in MOAID 2.0 String pushInfobox = ""; - // VerifyInfoboxParameters verifyInfoboxParameters = oaParam - // .getVerifyInfoboxParameters(); - // if (verifyInfoboxParameters != null) { - // pushInfobox = verifyInfoboxParameters.getPushInfobox(); - // session.setPushInfobox(pushInfobox); - // } - - //build CertInfo request - //removed in MOA-ID 2.0 - // String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - // .build(); - // String certInfoDataURL = new DataURLBuilder() - // .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - // session.getSessionID()); - //get Applet Parameters String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - //TODO: cleanup before MOA-ID 2.1 release try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, null, @@ -333,7 +305,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the @@ -349,7 +321,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; @@ -406,7 +378,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, @@ -441,7 +413,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); try { @@ -480,7 +452,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException, + IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { // // check for intermediate processing of the infoboxes @@ -488,9 +460,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProviderFactory.getInstance(); + authConf = authConfig; if (oaParam == null) - oaParam = AuthConfigurationProviderFactory.getInstance() + oaParam = authConfig .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -529,7 +501,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, @@ -546,9 +518,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProviderFactory.getInstance(); + authConf = authConfig; if (oaParam == null) - oaParam = AuthConfigurationProviderFactory.getInstance() + oaParam = authConfig .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -634,15 +606,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { * including the <ReadInfoboxResponse> * @throws BKUException */ - public X509Certificate getCertificate(IRequest pendingReq, String sessionID, + public X509Certificate getCertificate(IRequest pendingReq, Map readInfoboxResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters .get(PARAM_XMLRESPONSE); @@ -655,7 +623,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -673,7 +641,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam, IRequest pendingReq) throws BuildException { + IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -1121,7 +1089,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the @@ -1163,10 +1131,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { //set QAA Level four in case of card authentifcation session.setQAALevel(PVPConstants.STORK_QAA_1_4); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); - MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() + revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..18bf5a1ba --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class CitizenCardAuthenticationSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource citizenCardAuthConfig = new ClassPathResource("/moaid_citizencard_auth.beans.xml", MOAIDAuthSpringResourceProvider.class); + + return new Resource[] {citizenCardAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID-CitizenCardAuthentication SpringResourceProvider"; + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 760d28d5b..79f407ca3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -175,7 +175,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List extendedSAMLAttributes, AuthenticationSession session, - OAAuthParameter oaParam) + IOAAuthParameters oaParam2) throws BuildException { @@ -193,7 +193,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //adding type of wbPK domain identifier ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = - new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); @@ -255,7 +255,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } //adding friendly name of OA - String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java deleted file mode 100644 index 5c1b12e0d..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.builder; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.logging.Logger; - -public class StartAuthenticationBuilder { - - private static StartAuthenticationBuilder instance = null; - - public static StartAuthenticationBuilder getInstance() { - if (instance == null) { - instance = new StartAuthenticationBuilder(); - } - return instance; - } - - - /** - * Depending on the selected citizen's country ({@code moasession.ccc}): - *

    - *
  • Either creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card - * environment for reading the subject's IdentityLink
    • - *
- * - * @return The IdentityLinkForm. - */ - public String build(AuthenticationSession moasession, HttpServletRequest req, - HttpServletResponse resp) throws WrongParametersException, MOAIDException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); - - return getIdentityLinkForm; - } -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java new file mode 100644 index 000000000..29118ac17 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.auth.modules.internal; + + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * Module descriptor + */ +public class AuthModuleImpl implements AuthModule { + + @Override + public int getPriority() { + return 0; + } + + @Override + public String selectProcess(ExecutionContext context) { + //select process if BKU is selected and it is no STORK authentication + + boolean performBKUSelection = false; + Object performBKUSelectionObj = context.get("performBKUSelection"); + if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) + performBKUSelection = (boolean) performBKUSelectionObj; + + if (StringUtils.isBlank((String) context.get("ccc")) && + StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && + !performBKUSelection) + return "DefaultAuthentication"; + + else + return null; + + } + + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java deleted file mode 100644 index cac7359c7..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java +++ /dev/null @@ -1,36 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.internal; - -import org.apache.commons.lang3.StringUtils; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * Module descriptor - */ -public class DefaultAuthModuleImpl implements AuthModule { - - @Override - public int getPriority() { - return 0; - } - - @Override - public String selectProcess(ExecutionContext context) { - //select process if BKU is selected and it is no STORK authentication - if (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU))) - return "DefaultAuthentication"; - - else - return null; - - } - - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml" }; - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 7e1bf1fc7..6ff0177ac 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE; import java.io.IOException; @@ -9,22 +10,24 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.BooleanUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.

@@ -46,44 +49,69 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("CertificateReadRequestTask") public class CertificateReadRequestTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate" - Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - - setNoCachingHeaders(resp); + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + try { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12"); + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); } - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - boolean useMandate = session.getUseMandate(); + + boolean useMandate = moasession.getUseMandate(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); throw new AuthenticationException("auth.13", null); } - - // change MOASessionID - AuthenticationSessionStoreage.changeSessionID(session); // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the VerifyCertificateSerlvet) - String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE, - session.getSessionID()); + String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, + pendingReq.getRequestID()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 307074ee2..ef17700d3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -1,33 +1,28 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; - import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; /** @@ -62,46 +57,60 @@ import at.gv.egovernment.moa.util.StringUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("CreateIdentityLinkFormTask") public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws TaskExecutionException { - - String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID))); - AuthenticationSession moasession = null; + throws TaskExecutionException { try { - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + } + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; try { - moasession = AuthenticationSessionStoreage.getSession(moasessionid); - - AuthenticationSessionStoreage.changeSessionID(moasession); - executionContext.remove(PARAM_SESSIONID); + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); } catch (Throwable e) { Logger.info("No HTTP Session found!"); throw new MOAIDException("auth.18", new Object[] {}); } + + + + + + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); - StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); - String getIdentityLinkForm = startauth.build(moasession, req, resp); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { @@ -109,7 +118,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); out.flush(); - Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class); + Logger.debug("Finished GET " + CreateIdentityLinkFormTask.class); } } catch (WrongParametersException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index b729f26e1..5c88afc56 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -13,12 +15,15 @@ import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; @@ -33,14 +38,12 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** @@ -68,16 +71,17 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("GetForeignIDTask") public class GetForeignIDTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { Logger.debug("POST GetForeignIDServlet"); - setNoCachingHeaders(resp); - Map parameters; try { @@ -88,30 +92,53 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); - String pendingRequestID = null; - String redirectURL = null; - AuthenticationSession session = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } + String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); } - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - // change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + Logger.debug(xmlCreateXMLSignatureResponse); CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) @@ -119,7 +146,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { try { String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); - session.setAuthBlock(serializedAssertion); + moasession.setAuthBlock(serializedAssertion); } catch (TransformerException e) { throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); @@ -132,13 +159,14 @@ public class GetForeignIDTask extends AbstractAuthServletTask { Element signature = csresp.getDsigSignature(); try { - session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + } catch (CertificateException e) { Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); throw new MOAIDException("auth.14", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); // make SZR request to the identity link @@ -152,30 +180,24 @@ public class GetForeignIDTask extends AbstractAuthServletTask { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( response.getIdentityLink())); IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); + moasession.setIdentityLink(identitylink); // set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - AuthenticationServer.getInstance().getForeignAuthenticationData(session); - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + authServer.getForeignAuthenticationData(moasession); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("Session store error", null); } - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); + } } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index d85681b40..938b4ce77 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.pki.PKIException; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.security.GeneralSecurityException; import java.util.List; @@ -12,34 +12,31 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.pki.PKIException; /** * Retrieves a mandate from the online mandate issuing service.

@@ -64,45 +61,64 @@ import at.gv.egovernment.moa.util.DOMUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("GetMISSessionIDTask") public class GetMISSessionIDTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { Logger.debug("POST GetMISSessionIDServlet"); - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - AuthenticationSession session = null; - String pendingRequestID = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", - PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } - String misSessionID = session.getMISSessionID(); + String misSessionID = moasession.getMISSessionID(); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - ConnectionParameter connectionParameters = authConf + ConnectionParameter connectionParameters = authConfig .getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - AuthConfigurationProviderFactory.getInstance(), + authConfig, connectionParameters); List list = MISSimpleClient.sendGetMandatesRequest( @@ -113,7 +129,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); @@ -136,25 +152,17 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { null, null).getDocumentElement(); // extract RepresentationType - AuthenticationServer.getInstance().verifyMandate(session, mandate); + authServer.verifyMandate(moasession, mandate); - session.setMISMandate(mandate); + moasession.setMISMandate(mandate); //log mandate specific set of events - MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + revisionsLogger.logMandateEventSet(pendingReq, mandate); + + //Stor MOAsession + authenticatedSessionStorage.storeSession(moasession); - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); - } catch (MOAIDException ex) { throw new TaskExecutionException(ex.getMessage(), ex); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 1dd4780f7..86d8de047 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -27,8 +27,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -37,12 +38,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -51,6 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("InitializeBKUAuthenticationTask") public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -62,19 +61,22 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); - String pendingRequestID = (String) executionContext.get("pendingRequestID"); - - //load pending request - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); } - + //load MOASession object - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); + AuthenticationSession moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + if (moasession == null) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -83,8 +85,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { if (isLegacyRequest) { //parse request parameter into MOASession - Logger.info("Start Authentication Module: " + moasession.getModul() - + " Action: " + moasession.getAction()); + Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + + " Action: " + pendingReq.requestedAction()); StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq); @@ -92,12 +94,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE); String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); - - //remove MOASessionID from executionContext because it is not needed any more - - - if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use."); + + if (MiscUtil.isEmpty(bkuid)) { + Logger.warn("BKU-type is empty. Maybe an old BKU-selection template is in use."); throw new MOAIDException("auth.23", new Object[] {}); } @@ -108,21 +107,21 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && - pendingReq.requestedModule().equals("id_saml1")) - target = pendingReq.getTarget(); + if (MiscUtil.isNotEmpty(pendingReq.getGenericData("target", String.class)) && + pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) + target = pendingReq.getGenericData("target", String.class); else target = oaParam.getTarget(); String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid); + bkuURL = authConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -133,13 +132,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid); + templateURL = authConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -155,8 +154,6 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL, useMandate, ccc, - moasession.getModul(), - moasession.getAction(), request, pendingReq); } @@ -166,7 +163,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { // make sure moa session has been persisted before running the process try { - AuthenticationSessionStoreage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 49888c136..1c5f3c202 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -1,29 +1,29 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code CreateXMLSignatureRequest} for auth block signature.

@@ -45,47 +45,68 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("PrepareAuthBlockSignatureTask") public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - Logger.debug("Process IdentityLink"); - - setNoCachingHeaders(resp); + Logger.debug("Process CreateAuthBlock Task"); - String pendingRequestID = null; - try { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + } - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - // change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - String createXMLSignatureRequest = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq); + String createXMLSignatureRequest = authServer + .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq); - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); - CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, + CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 099bc085c..3d8b94239 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -23,17 +23,21 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.util.List; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -44,14 +48,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; @@ -63,6 +62,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -75,62 +75,66 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + request.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - //get Session from context - String moasessionid = (String) executionContext.get(PARAM_SESSIONID); - AuthenticationSession session = null; - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; try { - session = AuthenticationSessionStoreage.getSession(moasessionid); - AuthenticationSessionStoreage.changeSessionID(session); - + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); } catch (Throwable e) { Logger.info("No HTTP Session found!"); throw new MOAIDException("auth.18", new Object[] {}); - - } finally { - executionContext.remove(PARAM_SESSIONID); - } - - AuthConfiguration authConf= AuthConfigurationProviderFactory.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProviderFactory.getInstance(), connectionParameters); + ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); + Element elem = moasession.getIdentityLink().getSamlAssertion(); String s = DOMUtils.serializeNode(elem); //System.out.println("IDL: " + s); byte[] idl = s.getBytes("UTF-8"); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - - //change MOASessionID before MIS request - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - + String redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), + pendingReq.getAuthURL(), GET_MIS_SESSIONID, - newMOASessionID); + pendingReq.getRequestID()); - String oaURL = session.getOAURLRequested(); + String oaURL = pendingReq.getOAURL(); IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) { - oaParam = authConf.getOnlineApplicationParameter(oaURL); + oaParam = authConfig.getOnlineApplicationParameter(oaURL); Logger.info("No Service info in PendingRequest --> load service info from configuration"); } @@ -143,9 +147,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { } String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - byte[] cert = session.getEncodedSignerCertificate(); - byte[] authBlock = session.getAuthBlock().getBytes("UTF-8"); + String mandateReferenceValue = moasession.getMandateReferenceValue(); + byte[] cert = moasession.getEncodedSignerCertificate(); + byte[] authBlock = moasession.getAuthBlock().getBytes("UTF-8"); //TODO: check in case of SSO!!! String targetType = null; @@ -154,13 +158,13 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) targetType = id; else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier(); } else { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( @@ -181,17 +185,17 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { } String redirectMISGUI = misSessionID.getRedirectURL(); - session.setMISSessionID(misSessionID.getSessiondId()); + moasession.setMISSessionID(misSessionID.getSessiondId()); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); } catch (MOADatabaseException | BuildException e) { throw new MOAIDException("Session store error", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 35104bf3e..78be6c8c8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -1,50 +1,35 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.pki.PKIException; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.List; import java.util.Map; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Element; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).

@@ -79,62 +64,84 @@ import at.gv.egovernment.moa.util.DOMUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet Logger.debug("POST VerifyAuthenticationBlock"); - String pendingRequestID = null; - Map parameters; try { parameters = getParameters(req); - } catch (FileUploadException | IOException e) - { + } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); - } - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + } + + String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + String redirectURL = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse); + + authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); //store all changes in session DAO - AuthenticationSessionStoreage.storeSession(session); - - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); - + authenticatedSessionStorage.storeSession(moasession); + } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 2734d1027..5c9a069ee 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.x509.X509Certificate; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; import java.io.IOException; import java.util.Map; @@ -11,28 +11,28 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.

@@ -59,15 +59,18 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyCertificateTask") public class VerifyCertificateTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - Logger.debug("POST VerifyCertificateServlet"); + Logger.debug("Reveive VerifyCertificate Response"); Map parameters; try @@ -78,48 +81,73 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - AuthenticationSession session = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); - - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters); + X509Certificate cert = authServer.getCertificate(pendingReq, parameters); if (cert == null) { Logger.error("Certificate could not be read."); throw new AuthenticationException("auth.14", null); } - boolean useMandate = session.getUseMandate(); + boolean useMandate = moasession.getUseMandate(); if (useMandate) { // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq); + String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("session store error", null); } - // TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock" - CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); + CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); } else { @@ -133,24 +161,24 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); + String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( - session.getAuthURL(), + pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - session.getSessionID()); + pendingReq.getRequestID()); - try { - AuthenticationSessionStoreage.storeSession(session); + try { + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("session store error", null); } - // TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID" CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); Logger.debug("Send CreateXMLSignatureRequest to BKU"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 50ef11f27..2c23254e4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.io.IOException; import java.util.Map; @@ -9,23 +9,23 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the identity link.

@@ -51,17 +51,16 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyIdentityLinkTask") public class VerifyIdentityLinkTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - - Logger.debug("POST VerifyIdentityLink"); - - setNoCachingHeaders(resp); + Logger.debug("Receive VerifyIdentityLink Response"); Map parameters; @@ -74,20 +73,50 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null; - AuthenticationSessionStoreage.storeSession(session); + boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; + + authenticatedSessionStorage.storeSession(moasession); executionContext.put("identityLinkAvailable", identityLinkAvailable); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java new file mode 100644 index 000000000..139be49fe --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +/** + * @author tlenz + * + */ +@Controller +public class CitizenCardAuthProcessEngineSignalController extends AbstractProcessEngineSignalController { + + @RequestMapping(value = {"/GetMISSessionID", + "/GetForeignID", + "/VerifyAuthBlock", + "/VerifyCertificate", + "/VerifyIdentityLink" + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + +} +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 276d6a105..36bab9355 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -53,13 +53,13 @@ import java.io.IOException; import java.io.OutputStream; import java.net.URLEncoder; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; /** @@ -73,21 +73,21 @@ public class CitizenCardServletUtils extends ServletUtils{ * depending on the requests starting text. * * @param resp The httpServletResponse - * @param session The current AuthenticationSession + * @param pendingReq The current AuthenticationSession * @param createXMLSignatureRequestOrRedirect The request * @param servletGoal The servlet to which the redirect should happen * @param servletName The servlet name for debug purposes * @throws MOAIDException * @throws IOException */ - public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) + public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, IRequest pendingReq, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) throws MOAIDException, IOException { if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, session.getSessionID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -100,7 +100,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..2ca8587b6 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.CitizenCardAuthenticationSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule index 865096055..02b4e5d7c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -1,2 +1,2 @@ # The default moaid process -at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl +at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 6bbaf6ece..74792ed72 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -5,17 +5,17 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - - - - - - - - - - - + + + + + + + + + + + diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml new file mode 100644 index 000000000..dcea83b8a --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 88e26da76..fcde874b4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,6 +30,9 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -51,20 +54,23 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; +@Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); String code = Random.nextRandom(); @@ -87,7 +93,7 @@ class OAuth20AuthAction implements IAction { } // store data in oath session - AssertionStorage.getInstance().put(code, o); + transactionStorage.put(code, o); Logger.debug("Saved OAuth20SessionObject in session with id: " + code); @@ -113,8 +119,8 @@ class OAuth20AuthAction implements IAction { Logger.warn("An error occur during OpenID-Connect idToken generation.", e); //remove OAuthSessionObject if it already exists - if (AssertionStorage.getInstance().containsKey(code)) { - AssertionStorage.getInstance().remove(code); + if (transactionStorage.containsKey(code)) { + transactionStorage.remove(code); } if (e instanceof OAuth20Exception) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index e5d8db873..ecef9b0a3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseType import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; public class OAuth20AuthRequest extends OAuth20BaseRequest { @@ -55,6 +55,12 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { public OAuth20AuthRequest(HttpServletRequest req) throws ConfigurationException { super(req); + + //AuthnRequest needs authentication + this.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20AuthAction.class.getName()); } private static final long serialVersionUID = 1L; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 5fcac0b2f..5906964a4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -81,7 +81,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setTarget(oaParam.getTarget()); if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -120,7 +119,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; - public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception { + public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception { OAuth20BaseRequest res; try { if (action.equals(OAuth20Protocol.AUTH_ACTION)) { @@ -139,7 +138,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - res.setAction(action); res.setModule(OAuth20Protocol.NAME); res.populateParameters(request); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 70c29359e..52204d7f6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.io.IOException; import java.net.URLEncoder; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -9,12 +11,18 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.gson.JsonObject; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -23,11 +31,7 @@ import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import com.google.gson.JsonObject; - -import java.util.Arrays; - -public class OAuth20Protocol implements IModulInfo { +public class OAuth20Protocol extends AbstractProtocolModulController { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -60,16 +64,65 @@ public class OAuth20Protocol implements IModulInfo { return actions.get(action); } + //OpenID Connect auth request + @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + //PreProcess + IRequest pendingReq = preProcess(req, resp, AUTH_ACTION); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + + } + + //openID Connect tokken request + @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + //PreProcess + IRequest pendingReq = preProcess(req, resp, TOKEN_ACTION); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + + } + /* * (non-Javadoc) * @see * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.String) */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action, - String sessionId, String transactionId) throws MOAIDException { + public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId); + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); Logger.debug("Created: " + res); return res; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2238a25e1..bb0126a7b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,6 +26,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonObject; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -38,13 +43,15 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; - +@Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -53,13 +60,13 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); auth20SessionObject = - AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class); + transactionStorage.get(oAuthRequest.getCode(), OAuth20SessionObject.class); } catch (MOADatabaseException e) { throw new OAuth20UnauthorizedClientException(); @@ -97,7 +104,7 @@ class OAuth20TokenAction implements IAction { // destroy session for clean up Logger.debug("Going to destroy session: " + auth20SessionObject.getCode()); - AssertionStorage.getInstance().remove(auth20SessionObject.getCode()); + transactionStorage.remove(auth20SessionObject.getCode()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index abfe4ce15..9b0ee099e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -48,6 +48,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { public OAuth20TokenRequest(HttpServletRequest req) throws ConfigurationException { super(req); + + //AuthnRequest needs authentication + this.setNeedAuthentication(false); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20TokenAction.class.getName()); } private static final long serialVersionUID = 1L; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 7f3c353f1..b4c8c37d4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,6 +27,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -43,8 +46,11 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; import eu.eidas.auth.commons.IPersonalAttributeList; +@Service("SAML1_GetArtifactAction") public class GetArtifactAction implements IAction { + @Autowired private SAML1AuthenticationServer saml1server; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { @@ -69,15 +75,13 @@ public class GetArtifactAction implements IAction { try { OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - + // add other stork attributes to MOA assertion if available IPersonalAttributeList storkAttributes = authData.getGenericData( AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, IPersonalAttributeList.class); if(null != storkAttributes) { - List moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes); + List moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes); authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); Logger.info("MOA assertion assembled and SAML Artifact generated."); } @@ -88,7 +92,8 @@ public class GetArtifactAction implements IAction { String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) - url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, + URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -100,7 +105,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getTarget(), "UTF-8")); + URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 2b4aaf458..7e46e53fe 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -54,7 +54,6 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -134,11 +133,14 @@ public class GetAuthenticationDataService implements Constants { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + + //SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); try { - - samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); + + samlAssertion = "Find a solution to integrate Axis 1 into Spring"; + //samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); // success statusCode = "samlp:Success"; @@ -148,7 +150,8 @@ public class GetAuthenticationDataService implements Constants { catch (ClassCastException ex) { try { - Throwable error = saml1server.getErrorResponse(samlArtifact); + //Throwable error = saml1server.getErrorResponse(samlArtifact); + Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring"); statusCode = "samlp:Responder"; ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); @@ -171,12 +174,12 @@ public class GetAuthenticationDataService implements Constants { } - catch (AuthenticationException ex) { - //no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } +// catch (AuthenticationException ex) { +// //no authentication data for given SAML artifact +// statusCode = "samlp:Requester"; +// subStatusCode = "samlp:ResourceNotRecognized"; +// statusMessage = ex.toString(); +// } } } catch (Throwable t) { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 5312d779c..1d06bb48a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -35,6 +35,8 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.lang3.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; @@ -60,7 +62,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -77,19 +79,10 @@ import eu.eidas.auth.commons.IPersonalAttributeList; import eu.eidas.auth.commons.PersonalAttribute; //import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +@Service("SAML1AuthenticationServer") public class SAML1AuthenticationServer extends AuthenticationServer { - - private static SAML1AuthenticationServer instance; - - public static SAML1AuthenticationServer getInstace() { - if (instance == null) - instance = new SAML1AuthenticationServer(); - return instance; - } - - private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); - + @Autowired private ITransactionStorage authenticationDataStore; /** * time out in milliseconds used by {@link cleanup} for authentication data @@ -129,7 +122,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @param iPersonalAttributeList STORK attribute list * @return */ - public static List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { + public List addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { List moaExtendedSAMLAttributeList = new Vector(); if(null == iPersonalAttributeList) diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 6573270e4..417bf4dc9 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -22,18 +22,20 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.IOException; import java.util.Arrays; -import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; @@ -42,17 +44,23 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { +@Controller +public class SAML1Protocol extends AbstractProtocolModulController { + @Autowired private SAML1AuthenticationServer saml1AuthServer; + + public static final String REQ_DATA_SOURCEID = "sourceID"; + public static final String REQ_DATA_TARGET = "target"; + public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -72,24 +80,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { PVPConstants.EID_SOURCE_PIN_TYPE_NAME }); - private static HashMap actions = new HashMap(); - - static { - - actions.put(GETARTIFACT, new GetArtifactAction()); - - instance = new SAML1Protocol(); - } - - private static SAML1Protocol instance = null; - - public static SAML1Protocol getInstance() { - if (instance == null) { - instance = new SAML1Protocol(); - } - return instance; - } - public String getName() { return NAME; } @@ -98,16 +88,29 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { return PATH; } - public IRequest preProcess(HttpServletRequest request, - HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { - SAML1RequestImpl config = new SAML1RequestImpl(request); - + + @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) + public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); } + + SAML1RequestImpl pendingRequest = new SAML1RequestImpl(req); + pendingRequest.setModule(NAME); + + //preProcess SAML1 Request + preProcess(req, resp, pendingRequest); + + performAuthentication(req, resp, pendingRequest); + return; + + } + + + public void preProcess(HttpServletRequest request, + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { String oaURL = (String) request.getParameter(PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); @@ -135,7 +138,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - config.setOAURL(oaURL); + pendingRequest.setOAURL(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); @@ -157,19 +160,23 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); } - config.setOnlineApplicationConfiguration(oaParam); - config.setSourceID(sourceID); + pendingRequest.setOnlineApplicationConfiguration(oaParam); + pendingRequest.setSourceID(sourceID); - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); + revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) - config.setTarget(target); + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); else - config.setTarget(oaParam.getTarget()); - - - return config; + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); + + //AuthnRequest needs authentication + pendingRequest.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingRequest.setAction(AuthenticationAction.class.getName()); + } public boolean generateErrorMessage(Throwable e, @@ -181,9 +188,8 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { if (!oa.getSAML1Parameter().isProvideAllErrors()) return false; - else { - SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); - String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + else { + String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); @@ -199,15 +205,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { } } - public IAction getAction(String action) { - return actions.get(action); - } - - public IAction canHandleRequest(HttpServletRequest request, - HttpServletResponse response) { - return null; - } - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java index a7d7b9759..4e5bed97c 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -28,35 +28,38 @@ import java.util.Arrays; import java.util.List; import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.monitoring.TestManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@WebServlet(name = "MonitoringServlet", value = "/MonitoringServlet") -public class MonitoringServlet extends AuthServlet { +@Controller +public class MonitoringServlet { - private static final long serialVersionUID = 1L; private static final String REQUEST_ATTR_MODULE = "module"; + @Autowired private AuthConfiguration authConfig; + public MonitoringServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'."); } - protected void doGet(HttpServletRequest req, HttpServletResponse resp) + @RequestMapping(value = "/MonitoringServlet", method = RequestMethod.GET) + public void getStatusInformation(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - try { - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - - if (config.isMonitoringActive()) { + try { + if (authConfig.isMonitoringActive()) { Logger.debug("Monitoring Servlet received request"); TestManager tests = TestManager.getInstance(); @@ -71,7 +74,7 @@ public class MonitoringServlet extends AuthServlet { } else { resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess())); Logger.info("Monitoring Servlet finished without errors"); } @@ -84,7 +87,7 @@ public class MonitoringServlet extends AuthServlet { } else { resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess())); Logger.info("Monitoring Servlet finished without errors"); } -- cgit v1.2.3 From c9370266c7553db65e9d18f7fe2a0230ab94d912 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Feb 2016 11:02:55 +0100 Subject: refactor authentication process to use service-provider configuration from pending-request --- .../conf/moa-id/htmlTemplates/loginFormFull.html | 8 +- .../moa/id/auth/MOAIDAuthConstants.java | 6 + .../id/auth/builder/AuthenticationDataBuilder.java | 4 +- .../builder/CreateXMLSignatureRequestBuilder.java | 16 +- .../moa/id/auth/data/AuthenticationSession.java | 352 +-------------------- .../id/auth/modules/AbstractAuthServletTask.java | 51 +++ .../tasks/CreateInterfedeartionRequestTask.java | 3 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 5 +- .../tasks/GenerateBKUSelectionFrameTask.java | 2 +- .../StartAuthentificationParameterParser.java | 239 ++++++-------- .../id/auth/servlet/IDPSingleLogOutServlet.java | 4 +- .../moa/id/config/auth/IOAAuthParameters.java | 7 + .../moa/id/moduls/AuthenticationManager.java | 3 +- .../egovernment/moa/id/moduls/IRequestStorage.java | 3 +- .../egovernment/moa/id/moduls/RequestStorage.java | 14 +- .../id/protocols/pvp2x/AttributQueryAction.java | 2 +- .../id/protocols/pvp2x/PVPTargetConfiguration.java | 11 +- .../builder/assertion/PVP2AssertionBuilder.java | 27 +- .../pvp2x/requestHandler/AuthnRequestHandler.java | 2 +- .../moa/id/storage/DBTransactionStorage.java | 88 ++++-- .../moa/id/storage/ITransactionStorage.java | 15 +- .../auth/modules/internal/BKUSelection.process.xml | 6 +- .../main/resources/moaid.authentication.beans.xml | 3 + .../resources/templates/loginFormFull.html | 8 +- .../moa/id/auth/AuthenticationServer.java | 231 ++++---------- .../AuthenticationBlockAssertionBuilder.java | 47 +-- .../internal/tasks/CertificateReadRequestTask.java | 3 + .../internal/tasks/CreateIdentityLinkFormTask.java | 45 +-- .../modules/internal/tasks/GetForeignIDTask.java | 53 +--- .../internal/tasks/GetMISSessionIDTask.java | 58 +--- .../tasks/InitializeBKUAuthenticationTask.java | 30 +- .../tasks/PrepareAuthBlockSignatureTask.java | 59 +--- .../internal/tasks/PrepareGetMISMandateTask.java | 64 +--- .../tasks/VerifyAuthenticationBlockTask.java | 107 ++----- .../internal/tasks/VerifyCertificateTask.java | 79 +---- .../internal/tasks/VerifyIdentityLinkTask.java | 53 +--- .../CreateXMLSignatureResponseValidator.java | 35 +- .../attributes/OAuth20AttributeBuilder.java | 29 +- .../oauth20/attributes/OpenIdNonceAttribute.java | 5 +- .../oauth20/protocol/OAuth20AuthAction.java | 5 +- .../oauth20/protocol/OAuth20AuthRequest.java | 52 ++- .../oauth20/protocol/OAuth20Protocol.java | 15 +- .../moa/id/protocols/saml1/GetArtifactAction.java | 6 +- .../protocols/saml1/SAML1AuthenticationServer.java | 51 +-- .../moa/id/protocols/saml1/SAML1Protocol.java | 146 +++++---- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 32 +- 46 files changed, 667 insertions(+), 1417 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 2b0115d4a..af133525e 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -674,7 +674,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function bkuHandyClicked() { @@ -691,7 +691,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function storkClicked() { @@ -714,7 +714,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function generateIFrame(iFrameURL) { @@ -876,7 +876,7 @@ type="hidden" name="ccc" id="ccc"> + name="pendingid" value="#SESSIONID#"> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 082ebcdcd..d76021bbd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -177,4 +177,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID"; public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; + //General protocol-request data-store keys + public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; + public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName"; + public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 5bde82899..2f882f41e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -198,7 +198,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { IOAAuthParameters oaParam = null; if (reqAttributes == null) { //get OnlineApplication from MOA-ID-Auth configuration - oaParam = authConfig.getOnlineApplicationParameter(oaID); + oaParam = protocolRequest.getOnlineApplicationConfiguration(); //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway if (oaParam.isSTORKPVPGateway()) @@ -879,7 +879,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - authData.setIssuer(session.getAuthURL()); + authData.setIssuer(protocolRequest.getAuthURL()); //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index bbbfacbd1..e763c5355 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -50,9 +50,10 @@ import java.text.MessageFormat; import java.util.Calendar; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; @@ -156,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param session current session * @return String representation of <CreateXMLSignatureRequest> */ - public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) { + public String buildForeignID(String subject, IRequest pendingReq) { String request = ""; request += ""; @@ -165,7 +166,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += buildForeignIDTextToBeSigned(subject, oaParam, session); + request += buildForeignIDTextToBeSigned(subject,pendingReq); request += ""; request += ""; @@ -180,9 +181,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants { return request; } - public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) { - - String target = session.getTarget(); + public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) { + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + String target = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); Calendar cal = Calendar.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3849eb8a2..196415ddc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -75,53 +75,12 @@ public class AuthenticationSession implements Serializable { private String sessionID; private Date sessionCreated = null; - - /** - * "Geschäftsbereich" the online application belongs to; maybe null if the - * online application is a business application - */ - private String target; - /** - * Friendly name for the target, if target is configured via MOA-ID configuration - */ - private String targetFriendlyName; - - /** - * SourceID - */ - private String sourceID; - - /** - * public online application URL requested - */ - private String oaURLRequested; - /** - * public online application URL prefix - */ - private String oaPublicURLPrefix; - /** - * URL of MOA ID authentication component - */ - private String authURL; - /** - * HTML template URL - */ - private String templateURL; - + /** * URL of the BKU */ private String bkuURL; - /** - * Indicates whether the corresponding online application is a business service or not - */ - private boolean businessService; - - /** - * Indicates whether the corresponding online application is a stork service or not - */ - private boolean storkService; // Store Mandate /** @@ -131,11 +90,6 @@ public class AuthenticationSession implements Serializable { private boolean isOW = false; - /** - * STORK - */ - private String ccc; - /** * * Mandate element @@ -158,12 +112,6 @@ public class AuthenticationSession implements Serializable { */ private IdentityLink identityLink; - // /** - // * timestamp logging when identity link has been received - // */ - // private Date timestampIdentityLink; - - // store Authblock /** * authentication block to be signed by the user */ @@ -176,11 +124,9 @@ public class AuthenticationSession implements Serializable { */ private String issueInstant; - // Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - // private X509Certificate signerCertificate; private byte[] signerCertificate; /** @@ -200,26 +146,8 @@ public class AuthenticationSession implements Serializable { * the AUTHBlock. */ private List extendedSAMLAttributesAUTH; - -// /** -// * If infobox validators are needed after signing, they can be stored in this list. -// */ -// private List infoboxValidators; - - /** - * The register and number in the register parameter in case of a business service application. - */ - private String domainIdentifier; - - /** - * This string contains all identifiers of infoboxes, the online application is configured to - * accept. The infobox identifiers are comma separated. - */ - private String pushInfobox; - + private boolean authenticated; - - private boolean ssoRequested = false; private String QAALevel = null; @@ -228,15 +156,8 @@ public class AuthenticationSession implements Serializable { private boolean isForeigner; private Map genericSessionDataStorate = new HashedMap(); - - public boolean isAuthenticated() { - return authenticated; - } - - public void setAuthenticated(boolean authenticated) { - this.authenticated = authenticated; - } - + + /** * Constructor for AuthenticationSession. * @@ -249,6 +170,14 @@ public class AuthenticationSession implements Serializable { } + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + public X509Certificate getSignerCertificate() { try { return new X509Certificate(signerCertificate); @@ -310,24 +239,6 @@ public class AuthenticationSession implements Serializable { this.sessionID = sessionId; } - /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - /** * Returns the BKU URL. * @@ -336,54 +247,7 @@ public class AuthenticationSession implements Serializable { public String getBkuURL() { return bkuURL; } - - /** - * Returns the target. - * - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Returns the sourceID. - * - * @return String - */ - public String getSourceID() { - return sourceID; - } - - /** - * Returns the target friendly name. - * - * @return String - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the oaURLRequested. - * - * @param oaURLRequested - * The oaURLRequested to set - */ - public void setOAURLRequested(String oaURLRequested) { - this.oaURLRequested = oaURLRequested; - } - - /** - * Sets the oaPublicURLPrefix - * - * @param oaPublicURLPrefix - * The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String oaPublicURLPrefix) { - this.oaPublicURLPrefix = oaPublicURLPrefix; - } - + /** * Sets the bkuURL * @@ -393,63 +257,7 @@ public class AuthenticationSession implements Serializable { public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTarget(String target) { - if (target != null && target.startsWith(TARGET_PREFIX_)) { - // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove - // prefix - this.target = target.substring(TARGET_PREFIX_.length()); - Logger.debug("Target prefix stripped off; resulting target: " + this.target); - } else { - this.target = target; - } - } - - /** - * Sets the sourceID - * - * @param sourceID - * The sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - /** - * Returns the authURL. - * - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * - * @param authURL - * The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - + /** * Returns the authBlock. * @@ -469,61 +277,6 @@ public class AuthenticationSession implements Serializable { this.authBlock = authBlock; } - /** - * Returns the businessService. - * - * @return true if the corresponding online application is a business application, - * otherwise false - */ - public boolean getBusinessService() { - return businessService; - } - - /** - * Sets the businessService variable. - * - * @param businessService - * the value for setting the businessService variable. - */ - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - - /** - * Returns the storkService. - * - * @return true if the corresponding online application is a stork application, - * otherwise false - */ - public boolean getStorkService() { - return storkService; - } - - /** - * Sets the storkService variable. - * - * @param storkService - * the value for setting the storkService variable. - */ - public void setStorkService(boolean storkService) { - this.storkService = storkService; - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - /** - * @param string - * the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } /** * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. @@ -610,54 +363,6 @@ public class AuthenticationSession implements Serializable { public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } - - /** - * Returns domain identifier (the register and number in the register parameter). - * null in the case of not a business service. - * - * @return the domainIdentifier - */ - public String getDomainIdentifier() { - return domainIdentifier; - } - - /** - * Sets the register and number in the register parameter if the application is a business - * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be - * stripped off. - * - * @param domainIdentifier - * the domain identifier to set - */ - public void setDomainIdentifier(String domainIdentifier) { - if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); - } else { - this.domainIdentifier = domainIdentifier; - } - } - - /** - * Gets all identifiers of infoboxes, the online application is configured to accept. The - * infobox identifiers are comma separated. - * - * @return the string containing infobox identifiers - */ - public String getPushInfobox() { - if (pushInfobox == null) return ""; - return pushInfobox; - } - - /** - * @param pushInfobox - * the infobox identifiers to set (comma separated) - */ - public void setPushInfobox(String pushInfobox) { - this.pushInfobox = pushInfobox; - } /** * @@ -713,15 +418,7 @@ public class AuthenticationSession implements Serializable { public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } - - public String getCcc() { - return ccc; - } - - public void setCcc(String ccc) { - this.ccc = ccc; - } - + public boolean isForeigner() { return isForeigner; } @@ -745,24 +442,7 @@ public class AuthenticationSession implements Serializable { public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } - - /** - * @return the ssoRequested - */ - - // TODO: SSO only allowed without mandates, actually!!!!!! - public boolean isSsoRequested() { - return ssoRequested && !useMandate; - } - - /** - * @param ssoRequested - * the ssoRequested to set - */ - public void setSsoRequested(boolean ssoRequested) { - this.ssoRequested = ssoRequested; - } - + /** * @return the isOW */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index a73fd6858..66f91266f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -7,6 +7,7 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACH import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -29,19 +30,24 @@ import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.IRequestStorage; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; @@ -66,6 +72,51 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { protected static final String ERROR_CODE_PARAM = "errorid"; + protected IRequest pendingReq = null; + protected AuthenticationSession moasession = null; + + protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID), + req.getParameter(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } + protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index f1ab58ee0..053f5d7ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; @@ -103,7 +104,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { try { OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID); - OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); + IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index fe3e8680c..9db5baeab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -56,7 +56,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { throws TaskExecutionException { try { //load pending request - String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); + String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); @@ -86,7 +86,8 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { Enumeration reqParamNames = request.getParameterNames(); while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName)) + if (MiscUtil.isNotEmpty(paramName) && + !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) executionContext.put(paramName, request.getParameter(paramName)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 1bdc132d9..cb0b63276 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -80,7 +80,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { if (publicURLPreFix.endsWith("/")) publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), - pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID); + pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 8af8ed238..3699633bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -27,6 +27,8 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -34,8 +36,8 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -44,9 +46,12 @@ import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +@Service("StartAuthentificationParameterParser") public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ - public static void parse(AuthenticationSession moasession, + @Autowired AuthConfiguration authConfig; + + public void parse(AuthenticationSession moasession, String target, String oaURL, String bkuURL, @@ -57,30 +62,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ IRequest protocolReq) throws WrongParametersException, MOAIDException { String targetFriendlyName = null; - -// String sso = req.getParameter(PARAM_SSO); - + // escape parameter strings target = StringEscapeUtils.escapeHtml(target); - //oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); ccc = StringEscapeUtils.escapeHtml(ccc); - // sso = StringEscapeUtils.escapeHtml(sso); - - // check parameter - - //pvp2.x can use general identifier (equals oaURL in SAML1) -// if (!ParamValidatorUtils.isValidOA(oaURL)) -// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + //validate parameters if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); -// if (!ParamValidatorUtils.isValidUseMandate(sso)) -// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); + //check UseMandate flag String useMandateString = null; @@ -100,161 +95,98 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //load OnlineApplication configuration - OAAuthParameter oaParam; - if (moasession.getPublicOAURLPrefix() != null) { - Logger.debug("Loading OA parameters for PublicURLPrefix: " + moasession.getPublicOAURLPrefix()); - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter( - moasession.getPublicOAURLPrefix()); - - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { moasession.getPublicOAURLPrefix() }); - - } else { - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); - - if (oaParam == null) + IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration(); + if (oaParam == null) throw new AuthenticationException("auth.00", - new Object[] { oaURL }); + new Object[] { protocolReq.getOAURL() }); - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(targetConfig) - || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && - !StringUtils.isEmpty(target)) - ) { - //INFO: ONLY SAML1 legacy mode - // if SAML1 is used and target attribute is given in request - // use requested target - // check target parameter - if (!ParamValidatorUtils.isValidTarget(target)) { - Logger.error("Selected target is invalid. Using target: " + target); - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } - if (MiscUtil.isNotEmpty(targetConfig)) - targetFriendlyName = targetFriendlyNameConfig; + if (!oaParam.getBusinessService()) { + if (StringUtils.isEmpty(targetConfig) + || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && + !StringUtils.isEmpty(target)) + ) { + //INFO: ONLY SAML1 legacy mode + // if SAML1 is used and target attribute is given in request + // use requested target + // check target parameter + if (!ParamValidatorUtils.isValidTarget(target)) { + Logger.error("Selected target is invalid. Using target: " + target); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } + if (MiscUtil.isNotEmpty(targetConfig)) + targetFriendlyName = targetFriendlyNameConfig; + + else { + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + if (MiscUtil.isNotEmpty(sectorName)) + targetFriendlyName = sectorName; else { - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); - if (MiscUtil.isNotEmpty(sectorName)) - targetFriendlyName = sectorName; - - else { - //check target contains subSector - int delimiter = target.indexOf("-"); - if (delimiter > 0) { - targetFriendlyName = - TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter)); - - } - } - } - - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; + //check target contains subSector + int delimiter = target.indexOf("-"); + if (delimiter > 0) { + targetFriendlyName = + TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter)); + + } + } } - moasession.setTarget(target); - moasession.setTargetFriendlyName(targetFriendlyName); - + } else { - Logger.debug("Business: " + moasession.getBusinessService() + " stork: " + moasession.getStorkService()); - moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; } + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); -// //check useSSO flag -// String useSSOString = null; -// boolean useSSOBoolean = false; -// if ((sso != null) && (sso.compareTo("") != 0)) { -// useSSOString = sso; -// } else { -// useSSOString = "false"; -// } - // -// if (useSSOString.compareToIgnoreCase("true") == 0) -// useSSOBoolean = true; -// else -// useSSOBoolean = false; - - //moasession.setSsoRequested(useSSOBoolean); - moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! + protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, target); + protocolReq.setGenericDataToSession( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, targetFriendlyName); + Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + target); + + } else { + Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); - //Validate BKU URI - List allowedbkus = oaParam.getBKUURL(); - allowedbkus.addAll(AuthConfigurationProviderFactory.getInstance().getDefaultBKUURLs()); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - - moasession.setBkuURL(bkuURL); - - if ((!oaParam.getBusinessService())) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - - } else { - if (useMandateBoolean) { - Logger.error("Online-Mandate Mode for business application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for business application not supported."); + throw new AuthenticationException("auth.17", null); } - moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moasession.setBusinessService(oaParam.getBusinessService()); - - //moasession.setStorkService(oaParam.getStorkService()); - } - - //check OnlineApplicationURL - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); - moasession.setOAURLRequested(oaURL); - - //check AuthURL - String authURL = protocolReq.getAuthURL(); - if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed()) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - - //set Auth URL from configuration - moasession.setAuthURL(authURL); - - //check and set SourceID - if (oaParam.getSAML1Parameter() != null) { - String sourceID = oaParam.getSAML1Parameter().getSourceID(); - if (MiscUtil.isNotEmpty(sourceID)) - moasession.setSourceID(sourceID); } - + + //Validate BKU URI + List allowedbkus = oaParam.getBKUURL(); + allowedbkus.addAll(authConfig.getDefaultBKUURLs()); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + moasession.setBkuURL(bkuURL); + + //validate securityLayer-template if (MiscUtil.isEmpty(templateURL)) { List templateURLList = oaParam.getTemplateURL(); List defaulTemplateURLList = - AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(); + authConfig.getSLRequestTemplates(); if ( templateURLList != null && templateURLList.size() > 0 && MiscUtil.isNotEmpty(templateURLList.get(0)) ) { templateURL = FileUtils.makeAbsoluteURL( oaParam.getTemplateURL().get(0), - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")"); } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { templateURL = FileUtils.makeAbsoluteURL( defaulTemplateURLList.get(0), - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")"); } else { @@ -267,13 +199,22 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - moasession.setTemplateURL(templateURL); - - moasession.setCcc(ccc); - + protocolReq.setGenericDataToSession( + MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, + templateURL); + + + //validate SSO functionality + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) { + //do not use SSO if no Target is set + Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + protocolReq.setNeedSingleSignOnFunctionality(false); + + } } - public static void parse(ExecutionContext ec, HttpServletRequest req, + public void parse(ExecutionContext ec, HttpServletRequest req, AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { //get Parameters from request @@ -294,7 +235,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = request.getOAURL(); //only needed for SAML1 - String target = request.getGenericData("target", String.class); + String target = request.getGenericData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request); @@ -307,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ * parameter * @return true if the parameter is null or empty */ - private static boolean isEmpty(String param) { + private boolean isEmpty(String param) { return param == null || param.length() == 0; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 48292cee1..87d41dbf1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -110,10 +110,10 @@ public class IDPSingleLogOutServlet extends AbstractController { ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { - handleErrorNoRedirect(e, req, resp); + handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp); + handleErrorNoRedirect(e, req, resp, false); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 7f0a1c157..58034cc7b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -66,6 +66,11 @@ public interface IOAAuthParameters { public boolean getBusinessService(); + /** + * Get target of a public service-provider + * + * @return target identifier without prefix + */ public String getTarget(); public String getTargetFriendlyName(); @@ -77,6 +82,8 @@ public interface IOAAuthParameters { public boolean isRemovePBKFromAuthBlock(); /** + * Return the private-service domain-identifier with PreFix + * * @return the identityLinkDomainIdentifier */ public String getIdentityLinkDomainIdentifier(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index b6df5e5c6..4131e49fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -496,6 +496,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { AuthenticationSession moasession; try { moasession = authenticatedSessionStore.createSession(pendingReq); + pendingReq.setMOASessionIdentifier(moasession.getSessionID()); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); @@ -514,7 +515,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { boolean leagacyMode = (legacyallowed && legacyparamavail); executionContext.put("isLegacyRequest", leagacyMode); - executionContext.put("performBKUSelection", leagacyMode + executionContext.put("performBKUSelection", !leagacyMode && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); //add leagcy parameters to context diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java index 6f46edce3..d26af89a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.moduls; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; /** * @author tlenz @@ -36,6 +37,6 @@ public interface IRequestStorage { public void removePendingRequest(String requestID); - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException; + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 66ca42398..c49df43fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -44,14 +44,19 @@ public class RequestStorage implements IRequestStorage{ try { IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class); - + if (pendingRequest == null) { + Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); + return null; + + } + //set transactionID and sessionID to Logger TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); return pendingRequest; - } catch (MOADatabaseException e) { + } catch (MOADatabaseException | NullPointerException e) { Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); return null; @@ -106,16 +111,17 @@ public class RequestStorage implements IRequestStorage{ * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) */ @Override - public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException { + public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException { if (pendingRequest instanceof RequestImpl) { String newRequestID = Random.nextRandom(); + String oldRequestID = pendingRequest.getRequestID(); Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() + " to " + newRequestID); ((RequestImpl)pendingRequest).setRequestID(newRequestID); - storePendingRequest(pendingRequest); + transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest); return newRequestID; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index c9a34496a..36145375b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -107,7 +107,7 @@ public class AttributQueryAction implements IAction { List attrList = addDefaultAttributes(attrQuery, authData); //build PVP 2.1 assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex()); + Assertion assertion = PVP2AssertionBuilder.buildAssertion(req, attrQuery, attrList, authData, date, authData.getSessionIndex()); //build PVP 2.1 response Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 07367e1d0..181e89806 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -36,8 +36,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; @@ -98,9 +96,7 @@ public class PVPTargetConfiguration extends RequestImpl { for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) reqAttr.put(el, ""); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - + try { SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); if (spSSODescriptor.getAttributeConsumingServices() != null && spSSODescriptor.getAttributeConsumingServices().size() > 0) { @@ -136,15 +132,12 @@ public class PVPTargetConfiguration extends RequestImpl { reqAttr.put(attr.getName(), ""); } - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } catch (NoMetadataInformationException e) { Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); return null; - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 065118e2b..208cd67f2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -55,7 +55,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.w3c.dom.Element; - import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; @@ -64,21 +63,18 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; @@ -90,7 +86,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery, + public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery, List reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { @@ -136,12 +132,12 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = null; - return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date, + return buildGenericAssertion(pendingReq, attrQuery.getIssuer().getValue(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, new DateTime(authData.getSsoSessionValidTo().getTime())); } - public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest, + public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest, IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { @@ -153,9 +149,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter( - peerEntity.getEntityID()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (reqAuthnContext == null) { authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); @@ -416,12 +410,12 @@ public class PVP2AssertionBuilder implements PVPConstants { sloInformation.setNameIDFormat(subjectNameID.getFormat()); sloInformation.setSessionIndex(sessionIndex); - return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + return buildGenericAssertion(pendingReq, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); } /** * - * @param authURL IDP PublicURL PreFix + * @param pendingReq IDP PublicURL PreFix * @param entityID Service Provider EntityID * @param date * @param authnContextClassRef @@ -434,7 +428,7 @@ public class PVP2AssertionBuilder implements PVPConstants { * @throws ConfigurationException */ - private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date, + private static Assertion buildGenericAssertion(IRequest pendingReq, String entityID, DateTime date, AuthnContextClassRef authnContextClassRef, List attrList, NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, String sessionIndex, DateTime isValidTo) throws ConfigurationException { @@ -486,6 +480,7 @@ public class PVP2AssertionBuilder implements PVPConstants { Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + String authURL = pendingReq.getAuthURL(); if (authURL.endsWith("/")) authURL = authURL.substring(0, authURL.length()-1); issuer.setValue(authURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 974d90e11..4fbca5b13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -81,7 +81,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { SLOInformationImpl sloInformation = new SLOInformationImpl(); //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj, authnRequest, authData, peerEntity, date, consumerService, sloInformation); Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index f33a7549c..ff631a720 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -53,28 +53,38 @@ public class DBTransactionStorage implements ITransactionStorage { } - public void put(String key, Object value) throws MOADatabaseException { - //setup AssertionStore element - AssertionStore element = new AssertionStore(); - element.setArtifact(key); - element.setType(value.getClass().getName()); - element.setDatatime(new Date()); - - //serialize the Assertion for Database storage - byte[] data = SerializationUtils.serialize((Serializable) value); - element.setAssertion(data); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object) + */ + @Override + public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException { + //search if key already exists + AssertionStore element = searchInDatabase(oldKey); + if (element == null) { + Logger.info("No transaction-data with oldKey:" + oldKey + + " found. Process gets stopped."); + throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey + + " found. Process gets stopped."); + + } - //store AssertionStore element to Database - try { - MOASessionDBUtils.saveOrUpdate(element); - Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database"); - } catch (MOADatabaseException e) { - Logger.warn("Sessioninformation could not be stored."); - throw new MOADatabaseException(e); + put(element, newKey, value); + + } + + public void put(String key, Object value) throws MOADatabaseException { + //search if key already exists + AssertionStore element = searchInDatabase(key); + + //create a new entry if key does not exists already + if (element == null) { + element = new AssertionStore(); + } + put(element, key, value); } - + public T get(String key, final Class clazz) throws MOADatabaseException { @@ -93,6 +103,9 @@ public class DBTransactionStorage implements ITransactionStorage { AssertionStore element = searchInDatabase(key); + if (element == null) + return null; + if (dataTimeOut > -1) { //check timeout long now = new Date().getTime(); @@ -155,13 +168,18 @@ public class DBTransactionStorage implements ITransactionStorage { try { AssertionStore element = searchInDatabase(key); + if (element == null) { + Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key + + "not found)"); + return; + } + cleanDelete(element); - Logger.info("Remove stored information with ID: " + key); + Logger.debug("Remove stored information with ID: " + key); } catch (MOADatabaseException e) { - Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key - + "not found)"); + Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")"); } catch (HibernateException e) { Logger.warn("Sessioninformation not removed! (Error during Database communication)", e); @@ -206,10 +224,34 @@ public class DBTransactionStorage implements ITransactionStorage { //Assertion requires an unique artifact if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No sessioninformation found with this ID"); + Logger.debug("No transaction information with ID:" + artifact + " found."); + return null; + } return (AssertionStore) result.get(0); } + + private void put(AssertionStore element, String key, Object value) throws MOADatabaseException { + element.setArtifact(key); + element.setType(value.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) value); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(element); + Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Sessioninformation could not be stored."); + throw new MOADatabaseException(e); + + } + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java index d05689e68..48283d2b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -55,7 +55,7 @@ public interface ITransactionStorage { * * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key - * @return The transaction-data object from type class + * @return The transaction-data object from type class, or null * @throws MOADatabaseException In case of load operation failed */ public T get(String key, final Class clazz) throws MOADatabaseException; @@ -66,12 +66,23 @@ public interface ITransactionStorage { * @param key Id which identifiers the data object * @param clazz The class type which is stored with this key * @param Data-object timeout in [ms] - * @return The transaction-data object from type class + * @return The transaction-data object from type class, or null * @throws MOADatabaseException In case of load operation failed * @throws AuthenticationException In case of data-object timeout occurs */ public T get(String key, final Class clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException; + + /** + * Change the key of a data object and store it under the new key + * + * @param oldKey Old key of the data object + * @param newKey New key, which should be used to store the data object + * @param value Data object which should be stored + * @throws MOADatabaseException In case of store operation failed + */ + public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException; + /** * Remove a data object from transaction storage * diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml index b61ee5f2d..307ba836a 100644 --- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml @@ -5,9 +5,9 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - - - + + + diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index 05ceb65f4..82579977c 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -15,6 +15,9 @@ + + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 2b0115d4a..af133525e 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -674,7 +674,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function bkuHandyClicked() { @@ -691,7 +691,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function storkClicked() { @@ -714,7 +714,7 @@ /* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ iFrameURL += "&MODUL=" + "#MODUL#"; iFrameURL += "&ACTION=" + "#ACTION#"; - iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + iFrameURL += "&pendingid=" + "#SESSIONID#"; generateIFrame(iFrameURL); } function generateIFrame(iFrameURL) { @@ -876,7 +876,7 @@ type="hidden" name="ccc" id="ccc"> + name="pendingid" value="#SESSIONID#"> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 065f3866b..21e7f2027 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -59,9 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -90,6 +88,7 @@ import iaik.x509.X509ExtensionInitException; public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private AuthConfiguration authConfig; /** * Constructor for AuthenticationServer. @@ -142,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - OAAuthParameter oaParam = - authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); //load Template + String templateURL = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; - if (session.getTemplateURL() != null) { + if (MiscUtil.isNotEmpty(templateURL)) { try { - - template = new String(FileUtils.readURL(session.getTemplateURL())); + template = new String(FileUtils.readURL(templateURL)); + } catch (IOException ex) { throw new AuthenticationException("auth.03", new Object[]{ - session.getTemplateURL(), ex.toString()}, ex); + templateURL, ex.toString()}, ex); + } + + } else { + throw new AuthenticationException("auth.04", new Object[]{ + "SecurityLayerTemplate", "No template definde"}); + } String infoboxReadRequest = ""; - - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { - //do not use SSO if no Target is set - Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); - session.setSsoRequested(false); - - } - - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { Logger.info("SSO Login requested"); //load identityLink with SSO Target boolean isbuisness = false; - + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); if (domainIdentifier.startsWith(PREFIX_WPBK)) { - isbuisness = true; } else { @@ -196,9 +192,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } - + //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -263,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - // check if an identity link was found // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform // (SL1.2)) @@ -295,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IdentityLinkValidator.getInstance().validate(identityLink); // builds a for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() - .build(identityLink, authConf + .build(identityLink, authConfig .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call @@ -305,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + // validates the VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, - authConf.getIdentityLinkX509SubjectNames(), + authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); @@ -351,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public String verifyCertificate(AuthenticationSession session, + public void verifyCertificate(AuthenticationSession session, X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - // check if person is a Organwalter // if true - don't show bPK in AUTH Block try { @@ -375,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setOW(false); } - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam, pendingReq); - - return returnvalue; } /** @@ -398,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * layer implementation * * @param pendingReq + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -405,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public void verifyMandate(AuthenticationSession session, MISMandate mandate) + public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { @@ -413,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -442,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { /** * @param session - * @param authConf - * @param oaParam * @param pendingReq * @return * @throws ConfigurationException @@ -451,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ValidateException */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, AuthConfiguration authConf, - IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException, + AuthenticationSession session, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); // builds the - List transformsInfos = authConf.getTransformsInfos(); + List transformsInfos = authConfig.getTransformsInfos(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -483,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer { *

    *
  • Creates an CreateXMLSignatureRequest to be signed by the user
    • *
+ * @param pendingReq * * @param sessionID ID of associated authentication session data * @param cert The certificate from the user * @return String representation of the * <CreateXMLSignatureRequest> */ - public String createXMLSignatureRequestForeignID(AuthenticationSession session, + public String createXMLSignatureRequestForeignID(IRequest pendingReq, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (session == null) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, - cert); - } - - public String getCreateXMLSignatureRequestForeigID( - AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam, X509Certificate cert) - throws ConfigurationException { - - // // check for intermediate processing of the infoboxes - // if (session.isValidatorInputPending()) - // return "Redirect to Input Processor"; - - if (authConf == null) - authConf = authConfig; - if (oaParam == null) - oaParam = authConfig - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - Principal subject = cert.getSubjectDN(); String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .buildForeignID(subject.toString(), oaParam, session); + .buildForeignID(subject.toString(), pendingReq); return createXMLSignatureRequest; + } -// /** -// * Processes an <CreateXMLSignatureResponse> sent by the -// * security layer implementation.
-// *
    -// *
  • Validates given <CreateXMLSignatureResponse>
    • -// *
  • Parses response enclosed in -// * <CreateXMLSignatureResponse>
    • -// *
  • Verifies signature by calling the MOA SP component
    • -// *
  • Returns the signer certificate
    • -// *
-// * -// * @param sessionID ID of associated authentication session data -// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU -// * including the <CreateXMLSignatureResponse> -// * @throws BKUException -// */ -// public X509Certificate verifyXMLSignature(String sessionID, -// Map createXMLSignatureResponseParameters) -// throws AuthenticationException, BuildException, ParseException, -// ConfigurationException, ValidateException, ServiceException, BKUException { -// -// if (isEmpty(sessionID)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_SESSIONID}); -// -// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters -// .get(PARAM_XMLRESPONSE); -// -// if (isEmpty(xmlCreateXMLSignatureResponse)) -// throw new AuthenticationException("auth.10", new Object[]{ -// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE}); -// -// AuthConfiguration authConf = AuthConfigurationProviderFactory -// .getInstance(); -// -// // parses the -// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser( -// xmlCreateXMLSignatureResponse); -// CreateXMLSignatureResponse createXMLSignatureResponse = p -// .parseResponseDsig(); -// -// // builds a for a call of MOA-SP -// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() -// .buildDsig(createXMLSignatureResponse, authConf -// .getMoaSpAuthBlockTrustProfileID()); -// -// // invokes the call -// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() -// .verifyXMLSignature(domVerifyXMLSignatureRequest); -// -// // parses the -// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( -// domVerifyXMLSignatureResponse).parseData(); -// -// return verifyXMLSignatureResponse.getX509certificate(); -// -// } - /** * Processes an <CreateXMLSignatureResponse> sent by the * security layer implementation.
@@ -650,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer { String identificationValue = null; String identificationType = null; + //get processing data from pending-request + String authURL = pendingReq.getAuthURL(); + String requestedTarget = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + String targetFriendlyName = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); + + //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested - if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) { + if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) { identificationType = ""; identificationValue = ""; @@ -668,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { else identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); - } else { + } else { String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); + .getIdentificationValue(), requestedTarget); identificationValue = bpkBase64; - identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget; } @@ -682,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { } + //set AuthBlock generation time to session String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar .getInstance()); session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) @@ -696,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer { List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - if (session.isSsoRequested()) { + if (pendingReq.needSingleSignOnFunctionality()) { String oaURL = pendingReq.getAuthURL(); if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); return authBlock; - } else { - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + } else { + String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&"); String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, + .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, extendedSAMLAttributes, session, oaParam); @@ -1034,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); // parses CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser( xmlCreateXMLSignatureReadResponse).parseResponse(); @@ -1052,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); } // validates - if (session.isSsoRequested()) + if (pendingReq.needSingleSignOnFunctionality()) new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); + else new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a for a MOA-SPSS call - List vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + List vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -1089,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - OAAuthParameter oaParam = authConfig - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 79f407ca3..9ae1dc6a7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -52,7 +52,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -175,7 +174,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List extendedSAMLAttributes, AuthenticationSession session, - IOAAuthParameters oaParam2) + IOAAuthParameters oaParam) throws BuildException { @@ -193,7 +192,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //adding type of wbPK domain identifier ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = - new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); @@ -255,7 +254,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } //adding friendly name of OA - String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName(); + String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); @@ -264,15 +263,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, @@ -345,25 +338,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session) + AuthenticationSession session, + IOAAuthParameters oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; - - //BZ.., reading OA parameters - OAAuthParameter oaParam; - try { - oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } catch (ConfigurationException e) { - Logger.error("Error on building AUTH-Block: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); - } - //..BZ - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -419,14 +401,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //..BZ String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 6ff0177ac..a2dc54a37 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -122,6 +122,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(e.getMessage(), e); + } catch (MOADatabaseException e1) { + throw new TaskExecutionException(e1.getMessage(), e1); + } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index ef17700d3..370236bf4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -13,14 +13,10 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -66,42 +62,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { try { - - IRequest pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - - - - - + //execute default task initialization + defaultTaskInitialization(req, executionContext); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); @@ -122,8 +85,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { } } catch (WrongParametersException ex) { -// handleWrongParameters(ex, req, resp); throw new TaskExecutionException(ex.getMessage(), ex); + } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 5c88afc56..50b71a660 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; @@ -14,8 +13,6 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; @@ -23,8 +20,6 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -37,13 +32,11 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** @@ -93,54 +86,18 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - + //check if response exists String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + Logger.debug(xmlCreateXMLSignatureResponse); + //execute default task initialization + defaultTaskInitialization(req, executionContext); - Logger.debug(xmlCreateXMLSignatureResponse); - + CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) .parseResponseDsig(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 938b4ce77..8f7f5fd80 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.security.GeneralSecurityException; import java.util.List; @@ -11,8 +10,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; @@ -20,22 +17,17 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; import iaik.pki.PKIException; /** @@ -73,57 +65,22 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { Logger.debug("POST GetMISSessionIDServlet"); try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + //execute default task initialization + defaultTaskInitialization(req, executionContext); + //get MIS sessionID String misSessionID = moasession.getMISSessionID(); + //get mandates from MIS ConnectionParameter connectionParameters = authConfig .getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( authConfig, connectionParameters); - List list = MISSimpleClient.sendGetMandatesRequest( connectionParameters.getUrl(), misSessionID, sslFactory); + //check if mandates received if (list == null || list.size() == 0) { Logger.error("Keine Vollmacht gefunden."); throw new AuthenticationException("auth.15", null); @@ -136,8 +93,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); - // TODO[tlenz]: UTF-8 ? - String sMandate = new String(mandate.getMandate()); + String sMandate = new String(mandate.getMandate(), "UTF-8"); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); throw new AuthenticationException("auth.15", @@ -152,7 +108,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { null, null).getDocumentElement(); // extract RepresentationType - authServer.verifyMandate(moasession, mandate); + authServer.verifyMandate(pendingReq, moasession, mandate); moasession.setMISMandate(mandate); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 86d8de047..ba2c9d108 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -27,6 +27,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -52,6 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("InitializeBKUAuthenticationTask") public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { + @Autowired StartAuthentificationParameterParser authInitialisationParser; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -88,7 +91,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + " Action: " + pendingReq.requestedAction()); - StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq); + authInitialisationParser.parse(executionContext, request, moasession, pendingReq); } else { String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); @@ -104,7 +107,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); else { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), @@ -147,23 +150,24 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { useMandate = "false"; //parse all OA parameters i - StartAuthentificationParameterParser.parse(moasession, - target, - moasession.getOAURLRequested(), - bkuURL, - templateURL, - useMandate, - ccc, - request, - pendingReq); + authInitialisationParser.parse( moasession, + target, + pendingReq.getOAURL(), + bkuURL, + templateURL, + useMandate, + ccc, + request, + pendingReq); } } executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate()); - // make sure moa session has been persisted before running the process + // make sure MOASession and Pending-Request has been persisted before running the process try { - authenticatedSessionStorage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); + requestStoreage.storePendingRequest(pendingReq); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 1c5f3c202..bd8377373 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -1,29 +1,19 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code CreateXMLSignatureRequest} for auth block signature.

@@ -58,54 +48,17 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { Logger.debug("Process CreateAuthBlock Task"); try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + //initialize task + defaultTaskInitialization(req, executionContext); - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - - - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - + //build authBlock String createXMLSignatureRequest = authServer - .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq); + .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); + //store MOASession authenticatedSessionStorage.storeSession(moasession); + //write response CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 3d8b94239..6c0fe3774 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.util.List; @@ -31,13 +30,10 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -49,14 +45,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -75,46 +69,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - request.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } + //perform default task initialization + defaultTaskInitialization(request, executionContext); - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); @@ -131,14 +88,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { GET_MIS_SESSIONID, pendingReq.getRequestID()); - String oaURL = pendingReq.getOAURL(); IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - if (oaParam == null) { - oaParam = authConfig.getOnlineApplicationParameter(oaURL); - Logger.info("No Service info in PendingRequest --> load service info from configuration"); - - } - List profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -153,15 +103,12 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = null; - if(oaParam.getBusinessService()) { - String id = oaParam.getIdentityLinkDomainIdentifier(); - if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) - targetType = id; - else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier(); + if(oaParam.getBusinessService()){ + targetType = oaParam.getIdentityLinkDomainIdentifier(); } else { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), @@ -182,6 +129,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); + } String redirectMISGUI = misSessionID.getRedirectURL(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 78be6c8c8..e8f68c514 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; @@ -10,26 +9,19 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).

@@ -88,80 +80,39 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - String redirectURL = null; - try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - + try { + //check if authblock is received + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - - authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); - - //store all changes in session DAO - authenticatedSessionStorage.storeSession(moasession); - - } - - catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); - + //execute default task initialization + defaultTaskInitialization(req, executionContext); - - } catch (Exception e) { - Logger.error("AuthBlockValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); - - } - + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - finally { - - } - - + //verify authBlock + authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); + + //store all changes in session DAO + authenticatedSessionStorage.storeSession(moasession); + + } + + catch (MOAIDException ex) { + throw new TaskExecutionException(ex.getMessage(), ex); + + } catch (Exception e) { + Logger.error("AuthBlockValidation has an interal Error.", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + + finally { + + } + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 5c9a069ee..6c220fd79 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; import java.io.IOException; @@ -10,28 +9,22 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.lang.StringEscapeUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; -import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** @@ -83,62 +76,27 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + //execute default task initialization + defaultTaskInitialization(req, executionContext); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - + //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); if (cert == null) { Logger.error("Certificate could not be read."); throw new AuthenticationException("auth.14", null); } - - boolean useMandate = moasession.getUseMandate(); - - if (useMandate) { + + if (moasession.getUseMandate()) { - // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq); + // verify certificate for OrganWalter + authServer.verifyCertificate(moasession, cert, pendingReq); + + //create AuthBlock + String createXMLSignatureRequestOrRedirect = + authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); try { authenticatedSessionStorage.storeSession(moasession); @@ -149,8 +107,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); - } - else { + } else { String countrycode = CertificateUtils.getIssuerCountry(cert); if (countrycode != null) { @@ -164,21 +121,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); - String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert); + String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); + // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, pendingReq.getRequestID()); - - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } - + CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); Logger.debug("Send CreateXMLSignatureRequest to BKU"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 2c23254e4..267d5ea0b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -1,31 +1,23 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; - import java.io.IOException; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the identity link.

@@ -72,52 +64,19 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { } try { - - String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } - + //execute default task initialization + defaultTaskInitialization(req, executionContext); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - + + //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; + //store session authenticatedSessionStorage.storeSession(moasession); + //set 'identityLink exists' flag to context executionContext.put("identityLinkAvailable", identityLinkAvailable); } catch (ParseException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8a9c19c80..5e0a69fd4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,6 +56,7 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -66,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -132,10 +133,14 @@ public class CreateXMLSignatureResponseValidator { throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - - String gbTarget = session.getTarget(); - String oaURL = session.getPublicOAURLPrefix(); - boolean businessService = session.getBusinessService(); + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + String gbTarget = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + String targetFriendlyName = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); + String oaURL = oaParam.getPublicURLPrefix(); + boolean businessService = oaParam.getBusinessService(); IdentityLink identityLink = session.getIdentityLink(); @@ -227,8 +232,7 @@ public class CreateXMLSignatureResponseValidator { } } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - String targetFriendlyName = session.getTargetFriendlyName(); + foundGB = true; String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); if (StringUtils.isEmpty(sectorName)) { if (targetFriendlyName != null) @@ -293,23 +297,18 @@ public class CreateXMLSignatureResponseValidator { samlSpecialText = samlSpecialText.replaceAll("'", "'"); String text = ""; - try { - OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) { - Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); - text = oaparam.getAditionalAuthBlockText(); - } - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.info("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); } - - + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); if (!samlSpecialText.equals(specialText)) { - throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); } } else { throw new ValidateException("validator.35", null); + } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index bb180d8e9..1f9d9e3a0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -27,14 +27,12 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import com.google.gson.JsonObject; +import com.google.gson.JsonPrimitive; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.Pair; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; @@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -59,13 +59,12 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.oauth20.Pair; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; -import com.google.gson.JsonPrimitive; - public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { @@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List builders, final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData, + final IOAAuthParameters oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final OAAuthParameter oaParam, final IAuthData authData) { + final IOAAuthParameters oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index d2636c259..d08a3b4f0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -23,11 +23,10 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder { return g.buildStringAttribute(this.getName(), "", null); } - public ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + public ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, IAttributeGenerator g) throws AttributeException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index fcde874b4..17d0738e3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -36,8 +36,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -153,7 +152,7 @@ class OAuth20AuthAction implements IAction { private Pair buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); + IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index ecef9b0a3..416445fa6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -212,38 +212,30 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) reqAttr.put(el, ""); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) + reqAttr.put(el.getName(), ""); - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } + } else if (s.equalsIgnoreCase("eID")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID_gov")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("mandate")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("stork")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) + reqAttr.put(el.getName(), ""); + } - - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); - - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; } + + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 52204d7f6..22ceda4f1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.moduls.IAction; @@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); - Logger.debug("Created: " + res); - return res; + + try { + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); + Logger.debug("Created: " + res); + return res; + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessage(), null); + + } } /* diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index b4c8c37d4..61a73335c 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction { } try { - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); // add other stork attributes to MOA assertion if available IPersonalAttributeList storkAttributes = authData.getGenericData( diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 1d06bb48a..5eb39880e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer { samlArtifact, ex.toString() }); } Throwable error = null; - //synchronized (authenticationDataStore) { - try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); - authenticationDataStore.remove(samlArtifact); - - } catch (MOADatabaseException e) { + if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } - //} - return error; } @@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } - String authData = null; - //synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - - try { - authData = authenticationDataStore - .get(samlArtifact, String.class, authDataTimeOut); + String authData = null; + try { + authData = authenticationDataStore + .get(samlArtifact, String.class, authDataTimeOut); - } catch (MOADatabaseException e) { + if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); - } - //} + + } - authenticationDataStore.remove(samlArtifact); + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + authenticationDataStore.remove(samlArtifact); Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; @@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return samlArtifact; } - public String BuildSAMLArtifact(OAAuthParameter oaParam, + public String BuildSAMLArtifact(IOAAuthParameters oaParam, SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { @@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 417bf4dc9..3facdb50f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController { @Autowired private SAML1AuthenticationServer saml1AuthServer; - public static final String REQ_DATA_SOURCEID = "sourceID"; - public static final String REQ_DATA_TARGET = "target"; + public static final String REQ_DATA_SOURCEID = "saml1_sourceID"; + public static final String REQ_DATA_TARGET = "saml1_target"; public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController { public void preProcess(HttpServletRequest request, HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + try { + String oaURL = (String) request.getParameter(PARAM_OA); + //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String oaURL = (String) request.getParameter(PARAM_OA); - //oaURL = StringEscapeUtils.escapeHtml(oaURL); - - String target = (String) request.getParameter(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - - String sourceID = request.getParameter(PARAM_SOURCEID); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - - //the target parameter is used to define the OA in SAML1 standard - if (target != null && target.startsWith("http")) { - oaURL = target; - target = null; - } - - if (MiscUtil.isEmpty(oaURL)) { - Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); + String target = (String) request.getParameter(PARAM_TARGET); + target = StringEscapeUtils.escapeHtml(target); - } - - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); - - pendingRequest.setOAURL(oaURL); - - Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); - - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - - - //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); - - if (oaParam == null) - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + String sourceID = request.getParameter(PARAM_SOURCEID); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (MiscUtil.isEmpty(oaURL)) { + Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + pendingRequest.setOAURL(oaURL); + + Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); + + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + + SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); + if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { + Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); + throw new InvalidProtocolRequestException("auth.00", + new Object[] { null }); + } + pendingRequest.setOnlineApplicationConfiguration(oaParam); + + + //check and set SourceID + if (oaParam.getSAML1Parameter() != null && + MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) { + pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID()); - SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); - if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { - Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); - throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + } else + pendingRequest.setSourceID(sourceID); + + revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); + + if (MiscUtil.isNotEmpty(target)) + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + + else + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); + + //AuthnRequest needs authentication + pendingRequest.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingRequest.setAction(AuthenticationAction.class.getName()); + + } catch (WrongParametersException e) { + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters()); + + } catch (InvalidProtocolRequestException e) { + throw e; + } - pendingRequest.setOnlineApplicationConfiguration(oaParam); - pendingRequest.setSourceID(sourceID); - - revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); - - if (MiscUtil.isNotEmpty(target)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); - - else - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); - - //AuthnRequest needs authentication - pendingRequest.setNeedAuthentication(true); - - //set protocol action, which should be executed after authentication - pendingRequest.setAction(AuthenticationAction.class.getName()); } @@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (!oa.getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) return false; else { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 3da7cab80..5867bbac6 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl { List reqAttr = new ArrayList(); reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - try { - OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL()); - SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator()); + SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); + if (saml1 != null) { + if (saml1.isProvideAUTHBlock()) + reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - } catch (ConfigurationException e) { - Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); - return null; + if (saml1.isProvideCertificate()) + reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + + if (saml1.isProvideFullMandatorData()) + reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); } + + return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator()); } -- cgit v1.2.3 From 3cec20ee2161cb1a8c8c4516e47a8402d950957e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Feb 2016 12:22:57 +0100 Subject: fix problem with pending-requests and protocol specific error messages --- .../id/auth/modules/TaskExecutionException.java | 22 +- .../tasks/CreateInterfedeartionRequestTask.java | 2 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 13 +- .../internal/tasks/FinalizeAuthenticationTask.java | 23 +- .../tasks/GenerateBKUSelectionFrameTask.java | 7 +- .../tasks/RestartAuthProzessManagement.java | 7 +- .../moa/id/auth/servlet/AbstractController.java | 214 +++++++++------- .../AbstractProcessEngineSignalController.java | 2 + .../AbstractAuthProtocolModulController.java | 272 +++++++++++++++++++++ .../protocols/AbstractProtocolModulController.java | 269 -------------------- .../protocols/ProtocolFinalizationController.java | 2 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 4 +- .../spring/test/task/CreateSAML1AssertionTask.java | 2 +- .../spring/test/task/GetIdentityLinkTask.java | 2 +- .../spring/test/task/SignAuthBlockTask.java | 2 +- .../internal/tasks/CertificateReadRequestTask.java | 6 +- .../internal/tasks/CreateIdentityLinkFormTask.java | 6 +- .../modules/internal/tasks/GetForeignIDTask.java | 6 +- .../internal/tasks/GetMISSessionIDTask.java | 12 +- .../tasks/InitializeBKUAuthenticationTask.java | 4 +- .../tasks/PrepareAuthBlockSignatureTask.java | 4 +- .../internal/tasks/PrepareGetMISMandateTask.java | 2 +- .../tasks/VerifyAuthenticationBlockTask.java | 6 +- .../internal/tasks/VerifyCertificateTask.java | 6 +- .../internal/tasks/VerifyIdentityLinkTask.java | 8 +- .../eidas/tasks/CreateIdentityLinkTask.java | 9 +- .../eidas/tasks/GenerateAuthnRequestTask.java | 14 +- .../eidas/tasks/ReceiveAuthnResponseTask.java | 14 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 12 +- .../oauth20/protocol/OAuth20Protocol.java | 4 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 4 +- 31 files changed, 498 insertions(+), 462 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java index 3e9f4cf14..932019d2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java @@ -22,7 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.ProcessExecutionException; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -32,14 +34,18 @@ public class TaskExecutionException extends ProcessExecutionException { private static final long serialVersionUID = 1L; Throwable originalException = null; + String pendingRequestID = null; /** * @param message * @param cause */ - public TaskExecutionException(String message, Throwable cause) { + public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) { super(message, cause); - originalException = cause; + this.originalException = cause; + + if (MiscUtil.isNotEmpty(pendingReq.getRequestID())) + this.pendingRequestID = pendingReq.getRequestID(); } @@ -50,7 +56,19 @@ public class TaskExecutionException extends ProcessExecutionException { */ public Throwable getOriginalException() { return originalException; + } + + /** + * Get the pending-request ID of that request, which was processed when the exception occurs + * + * @return the pendingRequestID + */ + public String getPendingRequestID() { + return pendingRequestID; + } + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index 053f5d7ff..d0c12a6f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -93,7 +93,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); - throw new TaskExecutionException("Interfederation not possible", new MOAIDException("No inderfederation-IDP EntityID found.", null)); + throw new TaskExecutionException(pendingReq, "Interfederation not possible", new MOAIDException("No inderfederation-IDP EntityID found.", null)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 9db5baeab..3b18959a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -31,12 +31,10 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -58,7 +56,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { //load pending request String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); - IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); + pendingReq = requestStoreage.getPendingRequest(pendingReqID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); @@ -70,12 +68,11 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - AuthenticationSession moaSession = null; String moaSessionID = pendingReq.getMOASessionIdentifier(); try { - moaSession = authenticatedSessionStorage.getSession(moaSessionID); + moasession = authenticatedSessionStorage.getSession(moaSessionID); - if (moaSession == null) { + if (moasession == null) { Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { moaSessionID}); @@ -108,11 +105,11 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.warn("EvaluateBKUSelectionTask has an internal error", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index ed309d85a..4fd43b6ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -29,15 +29,13 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -57,7 +55,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - IRequest pendingReq = requestStoreage.getPendingRequest( + pendingReq = requestStoreage.getPendingRequest( (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); if (pendingReq == null) { @@ -67,16 +65,15 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { } //get Session from context - String moasessionid = pendingReq.getMOASessionIdentifier(); - AuthenticationSession session = null; + String moasessionid = pendingReq.getMOASessionIdentifier(); if (MiscUtil.isEmpty(moasessionid)) { Logger.warn("MOASessionID is empty."); throw new MOAIDException("auth.18", new Object[] {}); } try { - session = authenticatedSessionStorage.getSession(moasessionid); - if (session == null) { + moasession = authenticatedSessionStorage.getSession(moasessionid); + if (moasession == null) { Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { moasessionid }); @@ -98,8 +95,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { //set MOASession to authenticated and store MOASession - session.setAuthenticated(true); - String newMOASessionID = authenticatedSessionStorage.changeSessionID(session); + moasession.setAuthenticated(true); + String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); //set pendingRequest to authenticated and set new MOASessionID ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); @@ -109,7 +106,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), - AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); + AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); response.setContentType("text/html"); response.setStatus(302); @@ -117,11 +114,11 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { Logger.debug("REDIRECT TO: " + redirectURL); } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.warn("FinalizeAuthenticationTask has an internal error", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index cb0b63276..47b68bc51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +54,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - IRequest pendingReq = requestStoreage.getPendingRequest( + pendingReq = requestStoreage.getPendingRequest( (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); if (pendingReq == null) { @@ -89,11 +88,11 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.warn("FinalizeAuthenticationTask has an internal error", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index d8b558846..d7859dd8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -57,8 +57,9 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { + IRequest pendingReq = null; try { - IRequest pendingReq = requestStoreage.getPendingRequest( + pendingReq = requestStoreage.getPendingRequest( (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); if (pendingReq == null) { @@ -110,11 +111,11 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { } catch (MOAIDException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.warn("RestartAuthProzessManagement has an internal error", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 887692477..acff2e40e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -52,7 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; @@ -78,35 +78,65 @@ public abstract class AbstractController extends MOAIDAuthConstants { @Autowired protected ITransactionStorage transactionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; - - protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { - Throwable loggedException = extractOriginalExceptionFromProcessException(exceptionThrown); + @ExceptionHandler({MOAIDException.class}) + public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { + Logger.error(e.getMessage() , e); + internalMOAIDExceptionHandler(req, resp, e, true); - if (!(loggedException instanceof MOAIDException)) { - Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + } - } else { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { - Logger.error(loggedException.getMessage(), loggedException); + @ExceptionHandler({Exception.class}) + public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + + "(Errorcode=9199" + +" | Description="+ exception.getMessage() + ")"); + return; + + } - } else { - Logger.error(loggedException.getMessage()); + @ExceptionHandler({IOException.class}) + public void IOExceptionHandler(HttpServletResponse resp, IOException exception) { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + return; + + } - } - } + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { - //store error into transaction store - try { - String key = Random.nextRandom(); - transactionStorage.put(key, loggedException); + Throwable loggedException = null; + Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); + + //extract pendingRequestID and originalException if it was a TaskExecutionException + if (extractedException instanceof TaskExecutionException) { + //set original exception + loggedException = ((TaskExecutionException) extractedException).getOriginalException(); - if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) { + //set pending-request ID if it is set + String reqID = ((TaskExecutionException) extractedException).getPendingRequestID(); + if (MiscUtil.isNotEmpty(reqID)) + pendingRequestID = reqID; + + } else + loggedException = exceptionThrown; + + try { + //switch to protocol-finalize method to generate a protocol-specific error message + if (MiscUtil.isNotEmpty(pendingRequestID)) { + + //put exception into transaction store for redirect + String key = Random.nextRandom(); + transactionStorage.put(key, loggedException); + + //build up redirect URL String redirectURL = null; - redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/"+AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + redirectURL += "/"+AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + "?" + ERROR_CODE_PARAM + "=" + key + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; @@ -119,7 +149,8 @@ public abstract class AbstractController extends MOAIDAuthConstants { return; } else { - //Exception can not be stored in database + //write exception into browser window, because protocol-specific error message + // is not possible without pendingRequest handleErrorNoRedirect(loggedException, req, resp, true); } @@ -132,8 +163,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { } - - + /** * Handles all exceptions with no pending request. * Therefore, the error is written to the users browser @@ -151,71 +181,36 @@ public abstract class AbstractController extends MOAIDAuthConstants { statisticLogger.logErrorOperation(throwable); //write errror to console - Logger.error(throwable.getMessage(), throwable); + logExceptionToTechnicalLog(throwable); //return error to Web browser if (throwable instanceof MOAIDException || throwable instanceof ProcessExecutionException) - MOAIDExceptionHandler(req, resp, (Exception)throwable); + internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false); else GenericExceptionHandler(resp, (Exception)throwable); } - @ExceptionHandler({MOAIDException.class}) - public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { - if (e instanceof ProtocolNotActiveException) { - resp.getWriter().write(e.getMessage()); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); - - } else if (e instanceof AuthnRequestValidatorException) { - AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; - //log Error Message - statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); - - //write error message - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof InvalidProtocolRequestException) { - //send error response - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof ConfigurationException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, (MOAIDException) e); - - } else if (e instanceof MOAIDException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, e); - - } else if (e instanceof ProcessExecutionException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, e); - - } - - } + /** + * Write a Exception to the MOA-ID-Auth internal technical log + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(Throwable loggedException) { + if (!(loggedException instanceof MOAIDException)) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); - @ExceptionHandler({Exception.class}) - public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { - Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + - "(Errorcode=9199" - +" | Description="+ exception.getMessage() + ")"); - return; - - } + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.error(loggedException.getMessage(), loggedException); - @ExceptionHandler({IOException.class}) - public void IOExceptionHandler(HttpServletResponse resp, IOException exception) { - Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - - } + } else { + Logger.error(loggedException.getMessage()); + } + } + } + private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException { ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); String code = utils.mapInternalErrorToExternalError( @@ -295,21 +290,68 @@ public abstract class AbstractController extends MOAIDAuthConstants { return errors.toString(); } - + + /** + * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace. + * + * @param exception + * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException + */ private Throwable extractOriginalExceptionFromProcessException(Throwable exception) { - Throwable returnexception = exception; + Throwable exholder = exception; + TaskExecutionException taskExc = null; - while(returnexception != null - && returnexception instanceof ProcessExecutionException) { - ProcessExecutionException procExc = (ProcessExecutionException) returnexception; + while(exholder != null + && exholder instanceof ProcessExecutionException) { + ProcessExecutionException procExc = (ProcessExecutionException) exholder; if (procExc.getCause() != null && procExc.getCause() instanceof TaskExecutionException) { - TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); - returnexception = taskExc.getOriginalException(); + taskExc = (TaskExecutionException) procExc.getCause(); + exholder = taskExc.getOriginalException(); } } - return returnexception; + if (taskExc == null) + return exholder; + + else + return taskExc; + } + + private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { + if (e instanceof ProtocolNotActiveException) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + + } else if (e instanceof AuthnRequestValidatorException) { + AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; + //log Error Message + if (writeExceptionToStatisicLog) + statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); + + //write error message + writeBadRequestErrorResponse(req, resp, (MOAIDException) e); + + } else if (e instanceof InvalidProtocolRequestException) { + //send error response + writeBadRequestErrorResponse(req, resp, (MOAIDException) e); + + } else if (e instanceof ConfigurationException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, (MOAIDException) e); + + } else if (e instanceof MOAIDException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, e); + + } else if (e instanceof ProcessExecutionException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, e); + + } + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 375afca4d..2abe1582d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -52,6 +52,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // wake up next task processEngine.signal(pendingReq.getProcessInstanceId()); + //TODO: + } catch (Exception ex) { handleError(null, ex, req, resp, pendingRequestID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java new file mode 100644 index 000000000..5341951d2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -0,0 +1,272 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +public abstract class AbstractAuthProtocolModulController extends AbstractController implements IModulInfo { + + public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol"; + + @Autowired protected ApplicationContext applicationContext; + @Autowired private SSOManager ssomanager; + @Autowired protected AuthenticationManager authmanager; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + + /** + * Initialize an authentication process for this protocol request + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws IOException + */ + protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, + RequestImpl pendingReq) throws IOException { + try { + if (pendingReq.isNeedAuthentication()) { + //request needs authentication --> start authentication process ... + + //load Parameters from OnlineApplicationConfiguration + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + } + + + AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); + if (moaSession != null) { + //authenticated MOASession already exists --> protocol-specific postProcessing can start directly + finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + + } + + } else { + executeProtocolSpecificAction(req, resp, pendingReq, null); + + } + + } catch (Exception e) { + buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + + } + } + + /** + * Finalize the requested protocol operation + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param moaSession MOASession object, which is used to generate the protocol specific authentication information + * @throws Exception + */ + protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq, AuthenticationSession moaSession) throws Exception { + + String newSSOSessionId = null; + + //if Single Sign-On functionality is enabled for this request + if (pendingReq.needSingleSignOnFunctionality()) { + + //Store SSO information into database + newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), + pendingReq.getOAURL()); + + //set SSO cookie to response + if (MiscUtil.isNotEmpty(newSSOSessionId)) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + + } + + } + + //build authenticationdata from session information and OA configuration + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession); + + //execute the protocol-specific action + SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); + + //check if SSO + boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId); + + //Store OA specific SSO session information if an SSO cookie is set + if (isSSOCookieSetted) { + try { + authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + } + + } else { + //remove MOASession from database + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + } + + //Advanced statistic logging + statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted); + + } + + /** + * Executes the requested protocol action + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @param authData Service-provider specific authentication data + * + * @return Return Single LogOut information or null if protocol supports no SSO + * + * @throws Exception + */ + private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq, IAuthData authData) throws Exception { + try { + // request needs no authentication --> start request processing + Class clazz = Class.forName(pendingReq.requestedAction()); + if (clazz == null || + !clazz.isInstance(IAction.class)) { + Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + + } + + IAction protocolAction = (IAction) applicationContext.getBean(clazz); + return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); + + } catch (ClassNotFoundException e) { + Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + } + + } + + protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp, IRequest protocolRequest) throws IOException { + try { + + Class clazz = Class.forName(protocolRequest.requestedModule()); + if (clazz == null || + !clazz.isInstance(IModulInfo.class)) { + Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + + } + + IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + + if (handlingModule.generateErrorMessage( + throwable, req, resp, protocolRequest)) { + + //log Error to technical log + logExceptionToTechnicalLog(throwable); + + //log Error Message + statisticLogger.logErrorOperation(throwable, protocolRequest); + + //remove MOASession + AuthenticationSession moaSession = authenticatedSessionStorage.getSession( + protocolRequest.getMOASessionIdentifier()); + if (moaSession != null) + authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); + + return; + + } else { + handleErrorNoRedirect(throwable, req, resp, true); + + } + + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable, req, resp, true); + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName() + */ + @Override + public abstract String getName(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath() + */ + @Override + public abstract String getPath(); + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) + */ + @Override + public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java deleted file mode 100644 index de64ec98e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; - -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ - -public abstract class AbstractProtocolModulController extends AbstractController implements IModulInfo { - - public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol"; - - @Autowired protected ApplicationContext applicationContext; - @Autowired private SSOManager ssomanager; - @Autowired protected AuthenticationManager authmanager; - @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; - @Autowired private AuthenticationDataBuilder authDataBuilder; - - /** - * Initialize an authentication process for this protocol request - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @throws IOException - */ - protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, - RequestImpl pendingReq) throws IOException { - try { - if (pendingReq.isNeedAuthentication()) { - //request needs authentication --> start authentication process ... - - //load Parameters from OnlineApplicationConfiguration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); - } - - - AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); - if (moaSession != null) { - //authenticated MOASession already exists --> protocol-specific postProcessing can start directly - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); - - } - - } else { - executeProtocolSpecificAction(req, resp, pendingReq, null); - - } - - } catch (Exception e) { - buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - - } - } - - /** - * Finalize the requested protocol operation - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession object, which is used to generate the protocol specific authentication information - * @throws Exception - */ - protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, AuthenticationSession moaSession) throws Exception { - - String newSSOSessionId = null; - - //if Single Sign-On functionality is enabled for this request - if (pendingReq.needSingleSignOnFunctionality()) { - - //Store SSO information into database - newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), - pendingReq.getOAURL()); - - //set SSO cookie to response - if (MiscUtil.isNotEmpty(newSSOSessionId)) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - - } - - } - - //build authenticationdata from session information and OA configuration - IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession); - - //execute the protocol-specific action - SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); - - //check if SSO - boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId); - - //Store OA specific SSO session information if an SSO cookie is set - if (isSSOCookieSetted) { - try { - authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), - newSSOSessionId, sloInformation, pendingReq); - - } catch (AuthenticationException e) { - Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } - - } else { - //remove MOASession from database - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } - - //Advanced statistic logging - statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted); - - } - - /** - * Executes the requested protocol action - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param authData Service-provider specific authentication data - * - * @return Return Single LogOut information or null if protocol supports no SSO - * - * @throws Exception - */ - private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest pendingReq, IAuthData authData) throws Exception { - try { - // request needs no authentication --> start request processing - Class clazz = Class.forName(pendingReq.requestedAction()); - if (clazz == null || - !clazz.isInstance(IAction.class)) { - Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - - } - - IAction protocolAction = (IAction) applicationContext.getBean(clazz); - return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); - - } catch (ClassNotFoundException e) { - Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - } - - } - - protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, - HttpServletResponse resp, IRequest protocolRequest) throws IOException { - try { - - Class clazz = Class.forName(protocolRequest.requestedModule()); - if (clazz == null || - !clazz.isInstance(IModulInfo.class)) { - Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - - } - - IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); - - if (handlingModule.generateErrorMessage( - throwable, req, resp, protocolRequest)) { - - //log Error Message - statisticLogger.logErrorOperation(throwable, protocolRequest); - - //remove MOASession - AuthenticationSession moaSession = authenticatedSessionStorage.getSession( - protocolRequest.getMOASessionIdentifier()); - if (moaSession != null) - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - return; - - } else { - handleErrorNoRedirect(throwable, req, resp, true); - - } - - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(throwable, req, resp, true); - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName() - */ - @Override - public abstract String getName(); - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath() - */ - @Override - public abstract String getPath(); - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending); - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 107212c38..8c3f2c946 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger; * */ @Controller -public class ProtocolFinalizationController extends AbstractProtocolModulController { +public class ProtocolFinalizationController extends AbstractAuthProtocolModulController { @RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET}) public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index fc4928366..6fb03a37d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -66,7 +66,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; @@ -97,7 +97,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class PVP2XProtocol extends AbstractProtocolModulController { +public class PVP2XProtocol extends AbstractAuthProtocolModulController { public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java index 7490391f2..efec14f6b 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java @@ -53,7 +53,7 @@ public class CreateSAML1AssertionTask implements Task { executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8"))); } catch (IOException e) { - throw new TaskExecutionException("", e); + throw new TaskExecutionException(null, "", e); } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java index 90bd0a32f..30499d009 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java @@ -49,7 +49,7 @@ public class GetIdentityLinkTask implements Task { executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8"))); } catch (IOException e) { - throw new TaskExecutionException("", e); + throw new TaskExecutionException(null, "", e); } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java index 6d481dc01..feba11a64 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java @@ -51,7 +51,7 @@ public class SignAuthBlockTask implements Task { try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) { executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8"))); } catch (IOException e) { - throw new TaskExecutionException("", e); + throw new TaskExecutionException(null, "", e); } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index a2dc54a37..d6a4295a4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -117,13 +117,13 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (IOException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (MOADatabaseException e1) { - throw new TaskExecutionException(e1.getMessage(), e1); + throw new TaskExecutionException(pendingReq, e1.getMessage(), e1); } finally { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 370236bf4..cfa226654 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -85,17 +85,17 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { } } catch (WrongParametersException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (MOAIDException ex) { Logger.info("GetIdentityLink request generation FAILED. Reason:" + ex.getMessage()); - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("CreateIdentityLinkFormTask has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 50b71a660..2f90d134f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -82,7 +82,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); + throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } try { @@ -158,11 +158,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("GetForeignIDServlet has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 8f7f5fd80..68a7a9e66 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -120,23 +120,23 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (GeneralSecurityException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (PKIException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (SAXException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (ParserConfigurationException e) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.error("MISMandateValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } finally { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index ba2c9d108..705f4f200 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -178,11 +178,11 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } catch (MOADatabaseException | MOAIDException e) { Logger.info("Initialize BKUAuthentication FAILED. Reason:" + e.getMessage()); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { Logger.warn("InitializeBKUAuthentication has an internal error", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index bd8377373..b80abd72f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -64,11 +64,11 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { "VerifyIdentityLink"); } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("IdentityLinkValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } finally { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 6c0fe3774..c422bc83f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -151,7 +151,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { Logger.debug("REDIRECT TO: " + redirectMISGUI); } catch (Exception e ) { - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index e8f68c514..7716cd43a 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -74,7 +74,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); + throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } @@ -100,11 +100,11 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("AuthBlockValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 6c220fd79..41726c1f4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -72,7 +72,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); + throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } try { @@ -136,11 +136,11 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("CertificateValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 267d5ea0b..054439ff7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -60,7 +60,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { parameters = getParameters(req); } catch (Exception e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); + throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } try { @@ -80,14 +80,14 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { executionContext.put("identityLinkAvailable", identityLinkAvailable); } catch (ParseException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (MOAIDException ex) { - throw new TaskExecutionException(ex.getMessage(), ex); + throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); } catch (Exception e) { Logger.error("IdentityLinkValidation has an interal Error.", e); - throw new TaskExecutionException(e.getMessage(), e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 22dcf0bf3..ed2de77ad 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -42,7 +42,6 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeExce import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; @@ -87,7 +85,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + pendingReq = requestStoreage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); @@ -99,7 +97,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - AuthenticationSession moasession = null;; try { moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); @@ -201,10 +198,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { authenticatedSessionStorage.storeSession(moasession); } catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) { - throw new TaskExecutionException("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); } catch (eIDASAttributeException e) { - throw new TaskExecutionException("Minimum required eIDAS attributeset not found.", e); + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 5af6a294b..2f7e4eb28 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -41,7 +41,6 @@ import org.apache.velocity.app.VelocityEngine; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -95,7 +93,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + pendingReq = requestStoreage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); @@ -107,7 +105,6 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - AuthenticationSession moasession = null;; try { moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); @@ -227,14 +224,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e){ Logger.error("eIDAS AuthnRequest generation FAILED.", e); - throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", new EIDASEngineException("Could not generate token for Saml Request", e)); - } catch (EIDASEngineException | MOAIDException e) { - throw new TaskExecutionException("eIDAS AuthnRequest generation FAILED.", e); + } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); - } - + } } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index c8575c2da..5a7e77bc7 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -10,7 +10,6 @@ import org.apache.commons.lang3.ObjectUtils; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -20,9 +19,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineExcepti import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,7 +45,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + pendingReq = requestStoreage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); @@ -60,7 +57,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - AuthenticationSession moasession = null;; try { moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); @@ -110,7 +106,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //update MOA-Session data with received information Logger.debug("Store eIDAS response information into MOA-session."); moasession.setQAALevel(samlResp.getAssuranceLevel()); - moasession.setCcc(samlResp.getCountry()); moasession.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, @@ -119,20 +114,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { moasession.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); - - //set general information to MOA-Session - moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/"); //store MOA-session to database authenticatedSessionStorage.storeSession(moasession); }catch (EIDASSAMLEngineException e) { Logger.error("eIDAS AuthnRequest generation FAILED.", e); - throw new TaskExecutionException("eIDAS Response processing FAILED.", + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("Could not validate eIDAS response", e)); } catch (EIDASEngineException | MOAIDException | MOADatabaseException e) { - throw new TaskExecutionException("eIDAS Response processing FAILED.", e); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 5c2ed4148..cf3960815 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.io.IOException; -import java.util.HashMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,22 +31,15 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; -import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.MetadataAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EIDASAuthnRequest; @@ -59,7 +51,7 @@ import eu.eidas.auth.engine.EIDASSAMLEngine; * * @author tlenz */ -public class EIDASProtocol extends AbstractProtocolModulController { +public class EIDASProtocol extends AbstractAuthProtocolModulController { public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 22ceda4f1..20fe71518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -23,7 +23,7 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -public class OAuth20Protocol extends AbstractProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 3facdb50f..eeddb92e1 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -54,7 +54,7 @@ import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @Controller -public class SAML1Protocol extends AbstractProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController { @Autowired private SAML1AuthenticationServer saml1AuthServer; -- cgit v1.2.3 From f38bf93a9636f43246b7021c0ac48591b7afaf57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Feb 2016 14:53:39 +0100 Subject: fix process transaction problem --- .../internal/tasks/CertificateReadRequestTask.java | 51 ++-------------------- 1 file changed, 3 insertions(+), 48 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index d6a4295a4..c0b5eaa01 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE; import java.io.IOException; @@ -8,26 +7,20 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.

@@ -58,49 +51,11 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); try { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - req.getParameter(PARAM_TARGET_PENDINGREQUESTID), - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } - - IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - AuthenticationSession moasession = null;; - try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + //execute default task initialization + defaultTaskInitialization(req, executionContext); boolean useMandate = moasession.getUseMandate(); - boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); - + boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); throw new AuthenticationException("auth.13", null); -- cgit v1.2.3 From 9bafb2671b297d39574c346c896347f197282081 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 18 Feb 2016 19:21:10 +0100 Subject: remove AXIS1 implemented WebService for SAML1 --> now a simple Spring controller is used as WebService endpoint --- id/server/auth/pom.xml | 21 +- .../src/main/webapp/WEB-INF/server-config.wsdd | 29 -- id/server/auth/src/main/webapp/WEB-INF/web.xml | 4 +- .../WebFrontEndSecurityInterceptor.java | 11 +- .../moa/id/auth/builder/SAMLResponseBuilder.java | 3 +- .../saml1/GetAuthenticationDataService.java | 386 ++++++++++----- .../SAML1AssertionResponseBuildException.java | 86 ++++ .../src/main/resources/plain_info.vm | 14 + .../src/main/resources/soap_error.vm | 4 + .../src/main/resources/soap_success.vm | 4 + .../src/main/resources/wsdl/MOA-ID-1.x.vm | 40 ++ .../src/main/resources/wsdl/MOA-SPSS-1.2.vm | 528 +++++++++++++++++++++ 12 files changed, 957 insertions(+), 173 deletions(-) delete mode 100644 id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm create mode 100644 id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index c50d4ce47..b9c55148c 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -91,15 +91,6 @@ - - axis - axis - - - org.tuckey - urlrewritefilter - 4.0.4 - MOA.spss.server moa-spss-lib @@ -108,14 +99,14 @@ iaik_pki_module iaik - - axis-wsdl4j - axis - commons-logging commons-logging + + axis-wsdl4j + axis + @@ -130,6 +121,10 @@ ch.qos.logback logback-classic + + axis + axis + diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd deleted file mode 100644 index 121ec3cf9..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - urn:oasis:names:tc:SAML:1.0:protocol - - - /resources/wsdl/MOA-ID-1.x.wsdl - - - - - - - - - - - - - - diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 4b129f374..92dcf1266 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -112,7 +112,7 @@ /idpSingleLogout --> - + should be the SAML1 Request element + Element saml1Req; + if (saml1ReqList.item(0).getFirstChild() instanceof Element) + saml1Req = (Element) saml1ReqList.item(0).getFirstChild(); + else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } + throw new SAXException("First child of 'soap-env:Body' element has a wrong type."); - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = request.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - - - //SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - - try { + } - samlAssertion = "Find a solution to integrate Axis 1 into Spring"; - //samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); - - // success - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - - catch (ClassCastException ex) { + //validate the SAML1 request element, which we selected above + DOMUtils.validateElement(saml1Req, ALL_SCHEMA_LOCATIONS, null); + + //parse inforamtion from SAML1 request + try { + NodeList samlArtifactList = XPathUtils.selectNodeList(saml1Req, "samlp:AssertionArtifact"); + if (samlArtifactList.getLength() == 0) { + // no SAML artifact given in request + statusCode = "samlp:Requester"; + statusMessageCode = "1202"; + + } else if (samlArtifactList.getLength() > 1) { + // too many SAML artifacts given in request + statusCode = "samlp:Requester"; + subStatusCode = "samlp:TooManyResponses"; + statusMessageCode = "1203"; + + } else { + Element samlArtifactElem = (Element)samlArtifactList.item(0); + requestID = saml1Req.getAttribute("RequestID"); + String samlArtifact = DOMUtils.getText(samlArtifactElem); + + try { + samlAssertion = saml1AuthServer.getSaml1AuthenticationData(samlArtifact); + + // success + statusCode = "samlp:Success"; + statusMessageCode = "1200"; - try { - //Throwable error = saml1server.getErrorResponse(samlArtifact); - Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring"); - statusCode = "samlp:Responder"; + } catch (ClassCastException ex) { + try { + Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - if (error instanceof MOAIDException) { - statusMessageCode = ((MOAIDException)error).getMessageId(); - statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); - - } else { - statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - } - subStatusCode = errorUtils.getResponseErrorCode(error); - - } catch (Exception e) { - //no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - + } + subStatusCode = errorUtils.getResponseErrorCode(error); + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); } -// catch (AuthenticationException ex) { -// //no authentication data for given SAML artifact -// statusCode = "samlp:Requester"; -// subStatusCode = "samlp:ResourceNotRecognized"; -// statusMessage = ex.toString(); -// } + } catch (AuthenticationException ex) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); } } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } + + + } catch (Throwable t) { + // invalid request format + statusCode = "samlp:Requester"; + statusMessageCode = "1204"; + + } + + String responseID = Random.nextRandom(); + String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); + + try { + if (statusMessage == null) + statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); + responses = new SAMLResponseBuilder().build( + responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); + return responses; + + } catch (Throwable e) { + throw new SAML1AssertionResponseBuildException(responseID, issueInstant, + requestID, "1299", e.getMessage(), e); + + } } + + + private void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, String templateURL) throws IOException { + InputStream is = null; + try { + is = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(templateURL); + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + BufferedReader reader = new BufferedReader(new InputStreamReader(is )); + StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader); + httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } catch (Exception e) { + Logger.error("SAML1 GetAuthenticationData has an error:", e); + throw new IOException(e); + + } finally { + if (is != null) + is.close(); + + } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()); - - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - + } } + diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java new file mode 100644 index 000000000..0c06a94df --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AssertionResponseBuildException.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.saml1; + +/** + * @author tlenz + * + */ +public class SAML1AssertionResponseBuildException extends Exception { + + private static final long serialVersionUID = -394698807368683821L; + + private String responseID; + private String issueInstant; + private String requestID; + private String errorCode; + + /** + * @param responseID + * @param issueInstant + * @param requestID + * @param string + * @param message + */ + public SAML1AssertionResponseBuildException(String responseID, String issueInstant, String requestID, String errorCode, + String errorMsg, Throwable throwable) { + super(errorMsg, throwable); + + this.requestID = requestID; + this.issueInstant = issueInstant; + this.responseID = responseID; + this.errorCode = errorCode; + } + + /** + * @return the responseID + */ + public String getResponseID() { + return responseID; + } + + /** + * @return the issueInstant + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * @return the requestID + */ + public String getRequestID() { + return requestID; + } + + /** + * @return the errorCode + */ + public String getErrorCode() { + return errorCode; + } + + + + +} diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm new file mode 100644 index 000000000..dfc11820f --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/plain_info.vm @@ -0,0 +1,14 @@ + + + + + +

GetAuthenticationData

+

Hi there, this is an Web service!

+#if($error) + Your request has an error: $error +#else + Perhaps there will be a form for invoking the service here... +#end + + diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm new file mode 100644 index 000000000..65945e2de --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_error.vm @@ -0,0 +1,4 @@ + + + $errorMsg + \ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm new file mode 100644 index 000000000..7dad2c259 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/soap_success.vm @@ -0,0 +1,4 @@ + + + $assertion + \ No newline at end of file diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm new file mode 100644 index 000000000..74be59723 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-ID-1.x.vm @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm new file mode 100644 index 000000000..4c86626a0 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/main/resources/wsdl/MOA-SPSS-1.2.vm @@ -0,0 +1,528 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch + wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des + Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit + der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine + Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung + erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and RetrievalMethod is + supported; QualifiedCertificate is included as + X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu + überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element + erscheinen. Die Reihenfolge der einzelnen ReferenceInfo + Elemente entspricht jener der dsig:Reference Elemente in der + XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von + vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is + supported; QualifiedCertificate is included as X509Data/any; + PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER + Transformationskette inklusive ggf. sinnvoller Supplements oder + Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert + ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von + der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur + hat zumindest einem dieser Transformationswege zu entsprechen. Die + Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters + (explizit oder als Hashwert) kann unterlassen werden, wenn die + Applikation von der Unveränderlichkeit des Inhalts der in + "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen + kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + + Alle impliziten Transformationsparameter, die + zum Durchlaufen der oben angeführten Transformationskette bekannt + sein müssen, müssen hier angeführt werden. Das Attribut "URI" + bezeichnet den Transformationsparameter in exakt jener Weise, wie + er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 7cc2776bfc79dd6e83f2b3c9b642b560a6b1ec94 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Feb 2016 12:08:52 +0100 Subject: optimize authentication process in respect to session-transaction and transaction-store read/write operations --- .../id/auth/modules/AbstractAuthServletTask.java | 58 ++++++++++--------- .../tasks/CreateInterfedeartionRequestTask.java | 4 -- .../internal/tasks/EvaluateBKUSelectionTask.java | 65 ++++------------------ .../internal/tasks/FinalizeAuthenticationTask.java | 47 ++-------------- .../tasks/GenerateBKUSelectionFrameTask.java | 12 +--- .../tasks/RestartAuthProzessManagement.java | 16 +----- .../StartAuthentificationParameterParser.java | 1 + .../AbstractProcessEngineSignalController.java | 7 ++- .../moa/id/moduls/AuthenticationManager.java | 6 +- .../egovernment/moa/id/process/ProcessEngine.java | 13 +++-- .../moa/id/process/ProcessEngineImpl.java | 52 +++++++++++++---- .../at/gv/egovernment/moa/id/process/api/Task.java | 7 ++- .../moa/id/process/springweb/MoaIdTask.java | 29 +++++++++- .../tasks/InitializeBKUAuthenticationTask.java | 19 +------ 14 files changed, 140 insertions(+), 196 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 559d4fd4f..8c7583855 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -1,7 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -19,13 +17,10 @@ import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; -import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.ObjectUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -56,31 +51,40 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { protected IRequest pendingReq = null; protected AuthenticationSession moasession = null; - protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { - String pendingRequestID = StringEscapeUtils.escapeHtml( - ObjectUtils.defaultIfNull( - (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID), - req.getParameter(PARAM_TARGET_PENDINGREQUESTID))); + public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException; + + + protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { + //set pending-request object + this.pendingReq = pendingReq; - if (MiscUtil.isEmpty(pendingRequestID)) { - Logger.info("No PendingRequestID received"); - throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); - } + //execute task specific action + execute(executionContext, request, response); - pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + //return pending-request object + return this.pendingReq; + } - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - + + /** + * Default initialization loads the MOASession object from database + * + * @param req + * @param executionContext + * @throws MOAIDException + * @throws MOADatabaseException + */ + protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { + String moasessionid = pendingReq.getMOASessionIdentifier(); + if (MiscUtil.isEmpty(moasessionid)) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - + try { - moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + moasession = authenticatedSessionStorage.getSession(moasessionid); if (moasession == null) { Logger.warn("MOASessionID is empty."); @@ -88,8 +92,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { } } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { moasessionid }); } catch (Throwable e) { Logger.info("No HTTP Session found!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index d0c12a6f3..951a04cf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -55,7 +55,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -85,9 +84,6 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { boolean requiredLocalAuthentication = true; - IRequest pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - String idpEntityID = (String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 3b18959a5..2f6137244 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -31,10 +31,8 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,60 +51,19 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - //load pending request - String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); - pendingReq = requestStoreage.getPendingRequest(pendingReqID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - String moaSessionID = pendingReq.getMOASessionIdentifier(); - try { - moasession = authenticatedSessionStorage.getSession(moaSessionID); - - if (moasession == null) { - Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { - moaSessionID}); - - } - - // set parameter execution context - Enumeration reqParamNames = request.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && - !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) - executionContext.put(paramName, request.getParameter(paramName)); - - } - - Logger.info("BKU is selected finished -> Start BKU communication ..."); - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { - moaSessionID}); + // set parameter execution context + Enumeration reqParamNames = request.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && + !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); } - - - - - } catch (MOAIDException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - + + Logger.info("BKU is selected finished -> Start BKU selection evaluation ..."); + } catch (Exception e) { Logger.warn("EvaluateBKUSelectionTask has an internal error", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index d1d2cdca8..816c05eab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -31,11 +31,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -53,44 +51,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //get Session from context - String moasessionid = pendingReq.getMOASessionIdentifier(); - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - try { - moasession = authenticatedSessionStorage.getSession(moasessionid); - if (moasession == null) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } - - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - - } finally { - executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - - } - + defaultTaskInitialization(request, executionContext); + //set MOASession to authenticated and store MOASession moasession.setAuthenticated(true); String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); @@ -110,8 +72,11 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { Logger.warn("FinalizeAuthenticationTask has an internal error", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); + } finally { + executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); + } - + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 47b68bc51..6ff730898 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -53,16 +52,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - + try { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index d7859dd8b..920b0e2b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -30,12 +30,10 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; @@ -57,17 +55,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - IRequest pendingReq = null; - try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - + try { //create a new execution context and copy all elements to new context ExecutionContext newec = new ExecutionContextImpl(); Set entries = executionContext.keySet(); @@ -107,7 +95,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { Logger.info("BKU is selected -> Start BKU communication ..."); // start process - processEngine.start(processInstanceId); + processEngine.start(pendingReq); } catch (MOAIDException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 3699633bd..b7e95785b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -199,6 +199,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + protocolReq.setGenericDataToSession( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, templateURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 2abe1582d..8b96b884e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -40,6 +40,9 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } + //change pending-request ID + requestStorage.changePendingRequestID(pendingReq); + //add transactionID and unique sessionID to Logger TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); @@ -50,9 +53,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } // wake up next task - processEngine.signal(pendingReq.getProcessInstanceId()); - - //TODO: + processEngine.signal(pendingReq); } catch (Exception ex) { handleError(null, ex, req, resp, pendingRequestID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7863c684e..f77042bc5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -34,6 +34,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.velocity.VelocityContext; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; @@ -364,7 +365,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { String paramName = reqParamNames.nextElement(); if (MiscUtil.isNotEmpty(paramName) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)) - executionContext.put(paramName, httpReq.getParameter(paramName)); + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName))); } } @@ -415,7 +417,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { requestStoreage.storePendingRequest(pendingReq); // start process - processEngine.start(processInstanceId); + processEngine.start(pendingReq); } catch (ProcessExecutionException e) { Throwable cause = e.getCause(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java index 26301d664..b68f170c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.process; import java.io.InputStream; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.model.ProcessDefinition; @@ -86,24 +87,24 @@ public interface ProcessEngine { ProcessInstance getProcessInstance(String processInstanceId); /** - * Starts the process using the given {@code processInstanceId}. + * Starts the process using the given {@code pendingReq}. * - * @param processInstanceId - * The process instance id. + * @param pendingReq + * The protocol request for which a process should be started. * @throws ProcessExecutionException * Thrown in case of error. */ - void start(String processInstanceId) throws ProcessExecutionException; + void start(IRequest pendingReq) throws ProcessExecutionException; /** * Resumes process execution after an asynchronous task has been executed. * - * @param processInstanceId + * @param pendingReq * The process instance id. * @throws ProcessExecutionException * Thrown in case of error. */ - void signal(String processInstanceId) throws ProcessExecutionException; + void signal(IRequest pendingReq) throws ProcessExecutionException; } \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index 6da695d75..437eee63c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -15,7 +15,9 @@ import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator; @@ -116,10 +118,16 @@ public class ProcessEngineImpl implements ProcessEngine { } @Override - public void start(String processInstanceId) throws ProcessExecutionException { - + public void start(IRequest pendingReq) throws ProcessExecutionException { try { - ProcessInstance pi = loadProcessInstance(processInstanceId); + if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) { + log.error("Pending-request with id:" + pendingReq.getRequestID() + + " includes NO 'ProcessInstanceId'"); + throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() + + " includes NO 'ProcessInstanceId'"); + } + + ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); MDC.put(MDC_CTX_PI_NAME, pi.getId()); @@ -129,9 +137,12 @@ public class ProcessEngineImpl implements ProcessEngine { log.info("Starting process instance '{}'.", pi.getId()); // execute process pi.setState(ProcessInstanceState.STARTED); - execute(pi); + execute(pi, pendingReq); - saveOrUpdateProcessInstance(pi); + //store ProcessInstance if it is not already ended + if (!ProcessInstanceState.ENDED.equals(pi.getState())) + saveOrUpdateProcessInstance(pi); + } catch (MOADatabaseException e) { throw new ProcessExecutionException("Unable to load/save process instance.", e); @@ -141,10 +152,17 @@ public class ProcessEngineImpl implements ProcessEngine { } @Override - public void signal(String processInstanceId) throws ProcessExecutionException { + public void signal(IRequest pendingReq) throws ProcessExecutionException { try { - ProcessInstance pi = loadProcessInstance(processInstanceId); + if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) { + log.error("Pending-request with id:" + pendingReq.getRequestID() + + " includes NO 'ProcessInstanceId'"); + throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() + + " includes NO 'ProcessInstanceId'"); + } + + ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); MDC.put(MDC_CTX_PI_NAME, pi.getId()); @@ -154,9 +172,16 @@ public class ProcessEngineImpl implements ProcessEngine { log.info("Waking up process instance '{}'.", pi.getId()); pi.setState(ProcessInstanceState.STARTED); - execute(pi); - saveOrUpdateProcessInstance(pi); + //put pending-request ID on execution-context because it could be changed + pi.getExecutionContext().put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + + execute(pi, pendingReq); + + //store ProcessInstance if it is not already ended + if (!ProcessInstanceState.ENDED.equals(pi.getState())) + saveOrUpdateProcessInstance(pi); + } catch (MOADatabaseException e) { throw new ProcessExecutionException("Unable to load/save process instance.", e); @@ -204,9 +229,10 @@ public class ProcessEngineImpl implements ProcessEngine { /** * Starts/executes a given process instance. * @param pi The process instance. + * @param pendingReq * @throws ProcessExecutionException Thrown in case of error. */ - private void execute(final ProcessInstance pi) throws ProcessExecutionException { + private void execute(final ProcessInstance pi, IRequest pendingReq) throws ProcessExecutionException { if (ProcessInstanceState.ENDED.equals(pi.getState())) { throw new ProcessExecutionException("Process for instance '" + pi.getId() + "' has already been ended."); } @@ -227,7 +253,7 @@ public class ProcessEngineImpl implements ProcessEngine { try { log.info("Executing task implementation for task '{}'.", ti.getId()); log.debug("Execution context before task execution: {}", pi.getExecutionContext().keySet()); - task.execute(pi.getExecutionContext()); + pendingReq = task.execute(pendingReq, pi.getExecutionContext()); log.info("Returned from execution of task '{}'.", ti.getId()); log.debug("Execution context after task execution: {}", pi.getExecutionContext().keySet()); } catch (Throwable t) { @@ -245,8 +271,10 @@ public class ProcessEngineImpl implements ProcessEngine { try { piStoreDao.remove(pi.getId()); + } catch (MOADatabaseException e) { throw new ProcessExecutionException("Unable to remove process instance.", e); + } pi.setState(ProcessInstanceState.ENDED); log.debug("Final process context: {}", pi.getExecutionContext().keySet()); @@ -284,7 +312,7 @@ public class ProcessEngineImpl implements ProcessEngine { // continue execution in case of StartEvent or Task if (processNode instanceof StartEvent || processNode instanceof TaskInfo) { - execute(pi); + execute(pi, pendingReq); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java index 343b8fe0c..88048d23e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.process.api; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.moduls.IRequest; /** @@ -13,11 +14,13 @@ public interface Task { /** * Executes this task. - * + * @param pendingReq + * Provides the current processed protocol request * @param executionContext * Provides execution related information. + * @return The pending-request object, because Process-management works recursive * @throws Exception An exception upon task execution. */ - void execute(ExecutionContext executionContext) throws TaskExecutionException; + IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java index fb75fc8d7..b60434b2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java @@ -9,6 +9,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.filter.RequestContextFilter; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; @@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.process.api.Task; * * * @author tknall + * @author tlenz * */ public abstract class MoaIdTask implements Task { @@ -55,8 +57,31 @@ public abstract class MoaIdTask implements Task { public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException; + /** + * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} + * and the {@link IRequest} {@code pendingReq }as well as the + * respective {@link HttpServletRequest} and {@link HttpServletResponse}. + * + * This method sets the pending-request object of the task implementation and starts the + * {@code execute} method of the task + * + * @param pendingReq The pending-request object (never {@code null}). + * @param executionContext The execution context (never {@code null}). + * @param request The HttpServletRequest (never {@code null}). + * @param response The HttpServletResponse (never {@code null}). + * @return The pending-request object, because Process-management works recursive + * + * @throws IllegalStateException + * Thrown in case the task is being run within the required environment. Refer to javadoc for + * further information. + * @throws Exception + * Thrown in case of error executing the task. + */ + protected abstract IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException; + @Override - public void execute(ExecutionContext executionContext) throws TaskExecutionException { + public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException { RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes(); if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) { HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest(); @@ -65,7 +90,7 @@ public abstract class MoaIdTask implements Task { throw new IllegalStateException( "Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml."); } - execute(executionContext, request, response); + return internalExecute(pendingReq, executionContext, request, response); } else { throw new IllegalStateException("Task needs to be executed within a Spring web environment."); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 705f4f200..d26f882ed 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -32,7 +32,6 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -40,7 +39,6 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -64,22 +62,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - IRequest pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //load MOASession object - AuthenticationSession moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - if (moasession == null) { - Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - - } + defaultTaskInitialization(request, executionContext); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); -- cgit v1.2.3 From ca8b83874c03a8719a56816408c8df44d49640f1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 22 Feb 2016 11:32:11 +0100 Subject: change Spring types --- .../moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java | 4 ++-- .../id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java | 2 ++ .../id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java | 4 ++-- .../id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java | 4 ++-- .../modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java | 3 +++ .../id/auth/modules/internal/tasks/RestartAuthProzessManagement.java | 4 ++-- .../id/auth/modules/internal/tasks/CertificateReadRequestTask.java | 4 ++-- .../id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java | 4 ++-- .../moa/id/auth/modules/internal/tasks/GetForeignIDTask.java | 4 ++-- .../moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java | 4 ++-- .../auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java | 4 ++-- .../id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java | 4 ++-- .../moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java | 4 ++-- .../id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java | 4 ++-- .../moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java | 4 ++-- .../moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java | 4 ++-- .../moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java | 4 ++-- .../moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java | 4 ++-- .../moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java | 4 ++-- 19 files changed, 39 insertions(+), 34 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 2f6137244..ed88c2aff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@Service("EvaluateBKUSelectionTask") +@Component("EvaluateBKUSelectionTask") public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 8dcb63550..d52b76ebd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -46,6 +47,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Component("EvaluateSSOConsentsTaskImpl") public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { private static final String PARAM_SSO_CONSENTS = "value"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 816c05eab..c8e379bc1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -39,7 +39,7 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ -@Service("FinalizeAuthenticationTask") +@Component("FinalizeAuthenticationTask") public class FinalizeAuthenticationTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 6ff730898..2cf2bfd9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -27,7 +27,7 @@ import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; @@ -43,7 +43,7 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ -@Service("GenerateBKUSelectionFrameTask") +@Component("GenerateBKUSelectionFrameTask") public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index f9f121520..47afe5795 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -27,6 +27,8 @@ import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Component; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -41,6 +43,7 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ +@Component("GenerateSSOConsentEvaluatorFrameTask") public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index 920b0e2b4..e0403f242 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -44,7 +44,7 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ -@Service("RestartAuthProzessManagement") +@Component("RestartAuthProzessManagement") public class RestartAuthProzessManagement extends AbstractAuthServletTask { @Autowired ProcessEngine processEngine; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index c0b5eaa01..e3afc713b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -8,7 +8,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; @@ -42,7 +42,7 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("CertificateReadRequestTask") +@Component("CertificateReadRequestTask") public class CertificateReadRequestTask extends AbstractAuthServletTask { @Override diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index cfa226654..cbaaa5ec7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -8,7 +8,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; @@ -53,7 +53,7 @@ import at.gv.egovernment.moa.util.StringUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("CreateIdentityLinkFormTask") +@Component("CreateIdentityLinkFormTask") public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 2f90d134f..204e39b8c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -15,7 +15,7 @@ import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -64,7 +64,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("GetForeignIDTask") +@Component("GetForeignIDTask") public class GetForeignIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 68a7a9e66..0a1e3c8f5 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -12,7 +12,7 @@ import javax.xml.parsers.ParserConfigurationException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -53,7 +53,7 @@ import iaik.pki.PKIException; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("GetMISSessionIDTask") +@Component("GetMISSessionIDTask") public class GetMISSessionIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index d26f882ed..44b1fe2da 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -48,7 +48,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ -@Service("InitializeBKUAuthenticationTask") +@Component("InitializeBKUAuthenticationTask") public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { @Autowired StartAuthentificationParameterParser authInitialisationParser; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index b80abd72f..b9a8fecf6 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -5,7 +5,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -35,7 +35,7 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("PrepareAuthBlockSignatureTask") +@Component("PrepareAuthBlockSignatureTask") public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index c422bc83f..f976c0b49 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -30,7 +30,7 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -56,7 +56,7 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author tlenz * */ -@Service("PrepareGetMISMandateTask") +@Component("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 7716cd43a..b52778577 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -56,7 +56,7 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("VerifyAuthenticationBlockTask") +@Component("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 41726c1f4..464c1f3a1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -52,7 +52,7 @@ import iaik.x509.X509Certificate; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("VerifyCertificateTask") +@Component("VerifyCertificateTask") public class VerifyCertificateTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 054439ff7..23e92c0c0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -8,7 +8,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -43,7 +43,7 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ -@Service("VerifyIdentityLinkTask") +@Component("VerifyIdentityLinkTask") public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 052d18b0f..515ce2913 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.xml.sax.SAXException; @@ -57,7 +57,7 @@ import eu.eidas.auth.commons.IPersonalAttributeList; * @author tlenz * */ -@Service("CreateIdentityLinkTask") +@Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 6053c8aa2..2156720e8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -34,7 +34,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -65,7 +65,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * @author tlenz * */ -@Service("GenerateAuthnRequestTask") +@Component("GenerateAuthnRequestTask") public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 19666326a..dea9e675e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -22,7 +22,7 @@ import eu.eidas.auth.commons.EIDASUtil; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.engine.exceptions.EIDASSAMLEngineException; -@Service("ReceiveAuthnResponseTask") +@Component("ReceiveAuthnResponseTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override -- cgit v1.2.3 From b1235f66ee1e890f9868724f9faedd222541178b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 22 Feb 2016 11:34:32 +0100 Subject: refactor PVP implementation to share code with PVP Service-Provider moduls --- id/server/auth/pom.xml | 5 + .../id/auth/builder/AuthenticationDataBuilder.java | 6 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 10 +- .../moa/id/data/ISLOInformationContainer.java | 67 +++ .../moa/id/data/SLOInformationContainer.java | 160 ++--- .../moa/id/moduls/AuthenticationManager.java | 31 +- .../gv/egovernment/moa/id/moduls/ModulStorage.java | 94 --- .../gv/egovernment/moa/id/moduls/ModulUtils.java | 46 -- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 6 +- .../gv/egovernment/moa/id/moduls/ServletInfo.java | 53 -- .../gv/egovernment/moa/id/moduls/ServletType.java | 27 - .../moa/id/protocols/pvp2x/MetadataAction.java | 526 +++++++---------- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 90 +-- .../id/protocols/pvp2x/PVPTargetConfiguration.java | 21 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 29 +- .../id/protocols/pvp2x/binding/PostBinding.java | 11 +- .../protocols/pvp2x/binding/RedirectBinding.java | 9 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 7 +- .../pvp2x/builder/AbstractPVPMetadataBuilder.java | 649 +++++++++++++++++++++ .../pvp2x/builder/AttributQueryBuilder.java | 15 +- .../pvp2x/builder/SingleLogOutBuilder.java | 125 +++- .../protocols/pvp2x/config/PVPConfiguration.java | 49 +- .../pvp2x/signer/AbstractCredentialProvider.java | 186 ++++++ .../protocols/pvp2x/signer/CredentialProvider.java | 198 ------- .../pvp2x/signer/IDPCredentialProvider.java | 150 +++++ .../pvp2x/verification/EntityVerifier.java | 29 +- .../pvp2x/verification/SAMLVerificationEngine.java | 237 ++++---- .../main/resources/moaid.authentication.beans.xml | 24 +- .../moa/id/module/test/TestRequestImpl.java | 235 ++++++++ .../resources/moaid_citizencard_auth.beans.xml | 30 +- .../moa/id/protocols/eidas/EIDASData.java | 17 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 6 +- .../src/main/resources/moaid_eidas_auth.beans.xml | 9 +- .../oauth20/protocol/OAuth20AuthRequest.java | 13 +- .../oauth20/protocol/OAuth20BaseRequest.java | 31 +- .../oauth20/protocol/OAuth20Protocol.java | 49 +- .../oauth20/protocol/OAuth20TokenRequest.java | 11 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 3 +- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 24 +- 39 files changed, 2033 insertions(+), 1255 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index b9c55148c..f7b2731fe 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -162,6 +162,11 @@ moa-id-modul-citizencard_authentication + + MOA.id.server.modules + moa-id-modules-federated_authentication + + iaik.prod diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 2f882f41e..1207439dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected AuthConfiguration authConfig; + @Autowired private AttributQueryBuilder attributQueryBuilder; public IAuthData buildAuthenticationData(IRequest protocolRequest, AuthenticationSession session, List reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -306,7 +307,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //build attributQuery request AttributeQuery query = - AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); + attributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); //build SOAP request List xmlObjects = MOASAMLSOAPClient.send(endpoint, query); @@ -325,7 +326,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { SAMLVerificationEngine engine = new SAMLVerificationEngine(); engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - SAMLVerificationEngine.validateAssertion(intfResp, false); + //TODO: find better solution + //SAMLVerificationEngine.validateAssertion(intfResp, false); } catch (Exception e) { Logger.warn("PVP 2.1 assertion validation FAILED.", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 84a2b69af..307b668b7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -65,6 +66,7 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; @Autowired AuthenticationManager authManager; @Autowired IAuthenticationSessionStoreage authenicationStorage; + @Autowired SingleLogOutBuilder sloBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) @@ -151,16 +153,16 @@ public class IDPSingleLogOutServlet extends AbstractController { if (MiscUtil.isNotEmpty(restartProcess)) { Logger.info("Restart Single LogOut process after timeout ... "); try { - SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); + ISLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer.hasFrontChannelOA()) sloContainer.putFailedOA("differntent OAs"); String redirectURL = null; if (sloContainer.getSloRequest() != null) { //send SLO response to SLO request issuer - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = SingleLogOutBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState()); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState()); } else { //print SLO information directly diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java new file mode 100644 index 000000000..18ffc5c6d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Iterator; +import java.util.List; +import java.util.Set; +import java.util.Map.Entry; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; + +/** + * @author tlenz + * + */ +public interface ISLOInformationContainer { + + boolean hasFrontChannelOA(); + + Set> getFrontChannelOASessionDescriptions(); + + void removeFrontChannelOA(String oaID); + + Iterator getNextBackChannelOA(); + + SLOInformationImpl getBackChannelOASessionDescripten(String oaID); + + void removeBackChannelOA(String oaID); + + /** + * @return the sloRequest + */ + PVPTargetConfiguration getSloRequest(); + + /** + * @param sloRequest the sloRequest to set + */ + void setSloRequest(PVPTargetConfiguration sloRequest); + + /** + * @return the sloFailedOAs + */ + List getSloFailedOAs(); + + void putFailedOA(String oaID); + +} \ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java index a4bba8b19..ba7f33821 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -24,30 +24,20 @@ package at.gv.egovernment.moa.id.data; import java.io.Serializable; import java.util.ArrayList; -import java.util.Collection; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map.Entry; import java.util.Set; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.metadata.SingleLogoutService; - -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; /** * @author tlenz * */ -public class SLOInformationContainer implements Serializable { - +public class SLOInformationContainer implements Serializable, ISLOInformationContainer { + private static final long serialVersionUID = 7148730740582881862L; private PVPTargetConfiguration sloRequest = null; @@ -55,137 +45,111 @@ public class SLOInformationContainer implements Serializable { private LinkedHashMap activeBackChannelOAs = null; private List sloFailedOAs = null; - - public void parseActiveOAs(List dbOAs, String removeOAID) { - if (activeBackChannelOAs == null) - activeBackChannelOAs = new LinkedHashMap(); - if (activeFrontChannalOAs == null) - activeFrontChannalOAs = new LinkedHashMap(); - if (dbOAs != null) { - for (OASessionStore oa : dbOAs) { - if (!oa.getOaurlprefix().equals(removeOAID)) { - - //Actually only PVP 2.1 support Single LogOut - if (PVP2XProtocol.PATH.equals(oa.getProtocolType())) { - SingleLogoutService sloDesc; - try { - sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix()); - - if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) - activeBackChannelOAs.put(oa.getOaurlprefix(), - new SLOInformationImpl( - oa.getAuthURL(), - oa.getAssertionSessionID(), - oa.getUserNameID(), - oa.getUserNameIDFormat(), - oa.getProtocolType(), - sloDesc)); - - else - activeFrontChannalOAs.put(oa.getOaurlprefix(), - new SLOInformationImpl( - oa.getAuthURL(), - oa.getAssertionSessionID(), - oa.getUserNameID(), - oa.getUserNameIDFormat(), - oa.getProtocolType(), - sloDesc)); - - } catch (NOSLOServiceDescriptorException e) { - putFailedOA(oa.getOaurlprefix()); - - } - - } else - putFailedOA(oa.getOaurlprefix()); - } - } - } + /** + * @return the activeFrontChannalOAs + */ + public LinkedHashMap getActiveFrontChannalOAs() { + return activeFrontChannalOAs; } /** - * @param dbIDPs - * @param value + * @param activeFrontChannalOAs the activeFrontChannalOAs to set */ - public void parseActiveIDPs(List dbIDPs, - String removeIDP) { - if (activeBackChannelOAs == null) - activeBackChannelOAs = new LinkedHashMap(); - if (activeFrontChannalOAs == null) - activeFrontChannalOAs = new LinkedHashMap(); - - if (dbIDPs != null) { - for (InterfederationSessionStore el : dbIDPs) { - if (!el.getIdpurlprefix().equals(removeIDP)) { - - SingleLogoutService sloDesc; - try { - sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(el.getIdpurlprefix()); - - activeFrontChannalOAs.put(el.getIdpurlprefix(), - new SLOInformationImpl( - el.getAuthURL(), - el.getSessionIndex(), - el.getUserNameID(), - NameID.TRANSIENT, - PVP2XProtocol.PATH, - sloDesc)); - - } catch (NOSLOServiceDescriptorException e) { - putFailedOA(el.getIdpurlprefix()); - - } - } - } - } + public void setActiveFrontChannalOAs(LinkedHashMap activeFrontChannalOAs) { + this.activeFrontChannalOAs = activeFrontChannalOAs; } - + + /** + * @return the activeBackChannelOAs + */ + public LinkedHashMap getActiveBackChannelOAs() { + return activeBackChannelOAs; + } + + /** + * @param activeBackChannelOAs the activeBackChannelOAs to set + */ + public void setActiveBackChannelOAs(LinkedHashMap activeBackChannelOAs) { + this.activeBackChannelOAs = activeBackChannelOAs; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#hasFrontChannelOA() + */ + @Override public boolean hasFrontChannelOA() { return !activeFrontChannalOAs.isEmpty(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions() + */ + @Override public Set> getFrontChannelOASessionDescriptions() { return activeFrontChannalOAs.entrySet(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#removeFrontChannelOA(java.lang.String) + */ + @Override public void removeFrontChannelOA(String oaID) { activeFrontChannalOAs.remove(oaID); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getNextBackChannelOA() + */ + @Override public Iterator getNextBackChannelOA() { return activeBackChannelOAs.keySet().iterator(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String) + */ + @Override public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) { return activeBackChannelOAs.get(oaID); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#removeBackChannelOA(java.lang.String) + */ + @Override public void removeBackChannelOA(String oaID) { activeBackChannelOAs.remove(oaID); } - /** - * @return the sloRequest + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest() */ + @Override public PVPTargetConfiguration getSloRequest() { return sloRequest; } - /** - * @param sloRequest the sloRequest to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration) */ + @Override public void setSloRequest(PVPTargetConfiguration sloRequest) { this.sloRequest = sloRequest; } - /** - * @return the sloFailedOAs + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloFailedOAs() */ + @Override public List getSloFailedOAs() { return sloFailedOAs; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#putFailedOA(java.lang.String) + */ + @Override public void putFailedOA(String oaID) { if (sloFailedOAs == null) sloFailedOAs = new ArrayList(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index f77042bc5..39106dc3b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -98,10 +98,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; @Autowired private MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; - - public AuthenticationManager() { - - } + @Autowired private SingleLogOutBuilder sloBuilder; public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { @@ -452,9 +449,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { List dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); List dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); SLOInformationContainer sloContainer = new SLOInformationContainer(); - sloContainer.setSloRequest(pvpReq); - sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer); - sloContainer.parseActiveOAs(dbOAs, pvpSLOIssuer); + sloContainer.setSloRequest(pvpReq); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); + sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); //terminate MOASession try { @@ -471,7 +468,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { Iterator nextOAInterator = sloContainer.getNextBackChannelOA(); while (nextOAInterator.hasNext()) { SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); - LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr); try { List soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); @@ -494,7 +491,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp); + sloBuilder.checkStatusCode(sloContainer, sloResp); } catch (SOAPException e) { Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() @@ -517,9 +514,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { Collection> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); List sloReqList = new ArrayList(); for (Entry el : sloDescr) { - LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(el.getValue()); + LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue()); try { - sloReqList.add(SingleLogOutBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), + sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), sloReq, httpReq, httpResp, relayState)); } catch (Exception e) { @@ -549,9 +546,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } else { if (pvpReq != null) { //send SLO response to SLO request issuer - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); } else { //print SLO information directly @@ -572,9 +569,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } catch (MOADatabaseException e) { Logger.error("MOA AssertionDatabase ERROR", e); if (pvpReq != null) { - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); }else { //print SLO information directly diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java deleted file mode 100644 index e65d77326..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java +++ /dev/null @@ -1,94 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.ServiceLoader; - -import at.gv.egovernment.moa.logging.Logger; - -public class ModulStorage { - -// private static final String[] modulClasses = new String[]{ -//// "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol", -// "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol", -// "at.gv.egovernment.moa.id.protocols.stork2.STORKProtocol", -// "at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol" -// }; - - private static ServiceLoader protocolModuleLoader = - ServiceLoader.load(IModulInfo.class); - private static List registeredModules = new ArrayList(); - - - public static List getAllModules() { - return registeredModules; - } - - public static IModulInfo getModuleByPath(String modname) { - Iterator it = registeredModules.iterator(); - while (it.hasNext()) { - IModulInfo info = it.next(); - if (info.getPath().equals(modname)) { - return info; - } - } - return null; - } - - static { - Logger.info("Loading protocol modules:"); - if (protocolModuleLoader != null ) { - Iterator moduleLoaderInterator = protocolModuleLoader.iterator(); - while (moduleLoaderInterator.hasNext()) { - try { - IModulInfo modul = moduleLoaderInterator.next(); - Logger.info("Loading Modul Information: " + modul.getName()); - registeredModules.add(modul); - - } catch(Throwable e) { - Logger.error("Check configuration! " + "Some protocol modul" + - " is not a valid IModulInfo", e); - } - } - } - -// for(int i = 0; i < modulClasses.length; i++) { -// String modulClassName = modulClasses[i]; -// try { -// @SuppressWarnings("unchecked") -// Class moduleClass = (Class)Class.forName(modulClassName); -// IModulInfo module = moduleClass.newInstance(); -// Logger.info("Loading Modul Information: " + module.getName()); -// registeredModules.add(module); -// } catch(Throwable e) { -// Logger.error("Check configuration! " + modulClassName + -// " is not a valid IModulInfo", e); -// } -// } - Logger.info("Loading modules done"); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java deleted file mode 100644 index 13768a343..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ /dev/null @@ -1,46 +0,0 @@ -///******************************************************************************* -// * Copyright 2014 Federal Chancellery Austria -// * MOA-ID has been developed in a cooperation between BRZ, the Federal -// * Chancellery Austria - ICT staff unit, and Graz University of Technology. -// * -// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by -// * the European Commission - subsequent versions of the EUPL (the "Licence"); -// * You may not use this work except in compliance with the Licence. -// * You may obtain a copy of the Licence at: -// * http://www.osor.eu/eupl/ -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the Licence is distributed on an "AS IS" basis, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the Licence for the specific language governing permissions and -// * limitations under the Licence. -// * -// * This product combines work with different licenses. See the "NOTICE" text -// * file for details on the various modules and licenses. -// * The "NOTICE" text file is part of the distribution. Any derivative works -// * that you distribute must include a readable copy of the "NOTICE" text file. -// *******************************************************************************/ -//package at.gv.egovernment.moa.id.moduls; -// -//import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; -// -// -//public class ModulUtils { -// -// public static final String UNAUTHDISPATCHER = "dispatcher"; -// public static final String AUTHDISPATCHER = "dispatcher"; -// -// public static String buildUnauthURL(String modul, String action, String pendingRequestID) { -// return UNAUTHDISPATCHER + "?" + -// DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + -// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + -// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; -// } -// -// public static String buildAuthURL(String modul, String action, String pendingRequestID) { -// return AUTHDISPATCHER + -// "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + -// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + -// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; -// } -//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index bba9f66ae..a1a814e95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -32,6 +32,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; @@ -40,6 +41,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -78,11 +80,13 @@ public abstract class RequestImpl implements IRequest, Serializable{ private Map genericDataStorage = new HashMap(); + @Autowired protected AttributQueryBuilder attributQueryBuilder; + /** * @throws ConfigurationException * */ - public RequestImpl(HttpServletRequest req) throws ConfigurationException { + public final void initialize(HttpServletRequest req) throws ConfigurationException { //set requestID requestID = Random.nextRandom(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java deleted file mode 100644 index 807f789ce..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java +++ /dev/null @@ -1,53 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import javax.servlet.http.HttpServlet; - - -public class ServletInfo { - Class servletClass; - String servletTarget; - ServletType type; - - public ServletInfo(Class servletClass, - String servletTarget, ServletType type) { - super(); - this.servletClass = servletClass; - this.servletTarget = servletTarget; - this.type = type; - } - - public HttpServlet getServletInstance() - throws InstantiationException, IllegalAccessException { - return servletClass.newInstance(); - } - - public String getTarget() { - return servletTarget; - } - - public ServletType getType() { - return type; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java deleted file mode 100644 index c8fbfb558..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java +++ /dev/null @@ -1,27 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -public enum ServletType { - UNAUTH, AUTH, NONE -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 5c1c60dc8..d48603a7c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -22,49 +22,20 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.io.StringWriter; +import java.util.Arrays; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.joda.time.DateTime; -import org.opensaml.Configuration; -import org.opensaml.common.xml.SAMLConstants; + +import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor; -import org.opensaml.saml2.metadata.LocalizedString; -import org.opensaml.saml2.metadata.NameIDFormat; -import org.opensaml.saml2.metadata.RoleDescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.ServiceName; -import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.xml.io.Marshaller; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; -import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.Signer; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import org.w3c.dom.Document; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; @@ -74,103 +45,28 @@ import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; @Service("pvpMetadataService") -public class MetadataAction implements IAction { +public class MetadataAction extends AbstractPVPMetadataBuilder implements IAction { private static final int VALIDUNTIL_IN_HOURS = 24; @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private IDPCredentialProvider credentialProvider; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { - revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); - EntitiesDescriptor idpEntitiesDescriptor = - SAML2Utils.createSAMLObject(EntitiesDescriptor.class); - - idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName()); - - idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); - - DateTime date = new DateTime(); - - idpEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); - - EntityDescriptor idpEntityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); - - //TODO: maybe change EntityID to Metadata URL - //idpEntityDescriptor - // .setEntityID(PVPConfiguration.getInstance().getIDPSSOMetadataService()); - - idpEntityDescriptor - .setEntityID(req.getAuthURLWithOutSlash()); - - idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); - - List persons = PVPConfiguration.getInstance() - .getIDPContacts(); - - idpEntityDescriptor.getContactPersons().addAll(persons); - - idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance() - .getIDPOrganisation()); - - X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); - //keyInfoFactory.setEmitPublicKeyValue(true); - keyInfoFactory.setEmitEntityIDAsKeyName(true); - keyInfoFactory.setEmitEntityCertificate(true); - - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential(); - Signature signature = CredentialProvider - .getIDPSignature(metadataSigningCredential); - - //set KeyInfo Element - SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null); - - idpEntitiesDescriptor.setSignature(signature); - - //set IDP metadata - idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(req, keyInfoGenerator)); - - //set SP metadata for interfederation - idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(req, keyInfoGenerator)); - - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory - .newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(idpEntitiesDescriptor); - out.marshall(idpEntitiesDescriptor, document); - - Signer.signObject(signature); - - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - String metadataXML = sw.toString(); + //build metadata + String metadataXML = buildPVPMetadata(req.getAuthURLWithOutSlash()); Logger.debug("METADATA: " + metadataXML); httpResp.setContentType("text/xml"); @@ -195,228 +91,232 @@ public class MetadataAction implements IAction { return (PVP2XProtocol.METADATA); } - private RoleDescriptor generateSPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return VALIDUNTIL_IN_HOURS; + } - Logger.debug("Set SP Metadata key information"); - - SPSSODescriptor spSSODescriptor = SAML2Utils - .createSAMLObject(SPSSODescriptor.class); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return true; + } - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(false); - - - //Set AuthRequest Signing certificate - X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential(); - - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - - //set AuthRequest encryption certificate - - X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); - - if (authEncCredential != null) { - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityID() + */ + @Override + public String getEntityIDPostfix() { + //TODO: maybe change EntityID to Metadata URL + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + try { + return PVPConfiguration.getInstance().getIDPIssuerName(); - } else { - Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + } catch (ConfigurationException e) { + Logger.error("Can not load Metadata entry: EntityID friendlyName.", e); + return null; } - - NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); - - spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); - - NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientnameIDFormat.setFormat(NameIDType.TRANSIENT); - - spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); - - NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - - //add assertion consumer services - AssertionConsumerService postassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSOPostService(req.getAuthURL())); - postassertionConsumerService.setIsDefault(true); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - AssertionConsumerService redirectassertionConsumerService = - SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService(req.getAuthURL())); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - - //add SLO descriptor -// SingleLogoutService postSLOService = -// SAML2Utils.createSAMLObject(SingleLogoutService.class); -// postSLOService.setLocation(PVPConfiguration -// .getInstance().getIDPSSOPostService()); -// postSLOService -// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); -// spSSODescriptor.getSingleLogoutServices().add(postSLOService); - - SingleLogoutService redirectSLOService = - SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(PVPConfiguration - .getInstance().getSPSSORedirectService(req.getAuthURL())); - redirectSLOService - .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); - - - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - AttributeConsumingService attributeService = - SAML2Utils.createSAMLObject(AttributeConsumingService.class); - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "de")); - attributeService.getNames().add(serviceName); - - return spSSODescriptor; } - - private IDPSSODescriptor generateIDPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { - - -// //set SignatureMethode -// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); -// -// //set DigestMethode -// List contentList = signature.getContentReferences(); -// for (ContentReference content : contentList) { -// -// if (content instanceof SAMLObjectContentReference) { -// -// SAMLObjectContentReference el = (SAMLObjectContentReference) content; -// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); -// -// } -// } - - -// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); -// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); -// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); -// signature.setKeyInfo(metadataKeyInfo ); - - - IDPSSODescriptor idpSSODescriptor = SAML2Utils - .createSAMLObject(IDPSSODescriptor.class); - idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - idpSSODescriptor.setWantAuthnRequestsSigned(true); - - if (PVPConfiguration.getInstance().getIDPSSOPostService(req.getAuthURL()) != null) { - //add SSO descriptor - SingleSignOnService postSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSOPostService(req.getAuthURL())); - postSingleSignOnService - .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add( - postSingleSignOnService); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return PVPConfiguration.getInstance().getIDPContacts(); - //add SLO descriptor -// SingleLogoutService postSLOService = -// SAML2Utils.createSAMLObject(SingleLogoutService.class); -// postSLOService.setLocation(PVPConfiguration -// .getInstance().getIDPSSOPostService()); -// postSLOService -// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); -// idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; } + + } - if (PVPConfiguration.getInstance().getIDPSSORedirectService(req.getAuthURL()) != null) { - //add SSO descriptor - SingleSignOnService redirectSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - redirectSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService(req.getAuthURL())); - redirectSingleSignOnService - .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add( - redirectSingleSignOnService); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return PVPConfiguration.getInstance().getIDPOrganisation(); + + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; - //add SLO descriptor - SingleLogoutService redirectSLOService = - SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService(req.getAuthURL())); - redirectSLOService - .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); } + } - /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { - ArtifactResolutionService artifactResolutionService = SAML2Utils - .createSAMLObject(ArtifactResolutionService.class); - - artifactResolutionService - .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - artifactResolutionService.setLocation(PVPConfiguration - .getInstance().getIDPResolveSOAPService()); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + } - artifactResolutionService.setIndex(0); - - idpSSODescriptor.getArtifactResolutionServices().add( - artifactResolutionService); - }*/ - - //set assertion signing key - Credential assertionSigingCredential = CredentialProvider - .getIDPAssertionSigningCredential(); - - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); - idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); - NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); - idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return PVPConfiguration.PVP2_IDP_POST; - NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return PVPConfiguration.PVP2_IDP_REDIRECT; - idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return PVPConfiguration.PVP2_IDP_POST; - NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return PVPConfiguration.PVP2_IDP_REDIRECT; - idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List getIDPPossibleAttributes() { + return PVPAttributeBuilder.buildSupportedEmptyAttributes(); - return idpSSODescriptor; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List getIDPPossibleNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT, + NameIDType.TRANSIENT, + NameIDType.UNSPECIFIED); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public List getSPRequiredAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List getSPAllowedNameITTypes() { + return null; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 6fb03a37d..88f0e3b74 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -22,13 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.io.IOException; import java.util.Arrays; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; import org.joda.time.DateTime; @@ -49,7 +47,6 @@ import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.security.SecurityPolicyException; -import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.stereotype.Controller; @@ -145,7 +142,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } //create pendingRequest object - PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); revisionsLogger.logEvent( @@ -155,7 +153,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class); - metadataAction.processRequest(new PVPTargetConfiguration(req), + metadataAction.processRequest(pendingReq, req, resp, null); } @@ -171,7 +169,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { try { //create pendingRequest object - PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -219,7 +218,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { try { //create pendingRequest object - PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); + PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -732,42 +732,42 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } - /** - * PreProcess AuthResponse and Assertion - * @param msg - */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) { - Logger.debug("Start PVP21 assertion processing... "); - Response samlResp = (Response) msg.getResponse(); - - try { - if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - - //validate PVP 2.1 assertion - SAMLVerificationEngine.validateAssertion(samlResp, true); - - msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); - return msg; - - } else { - Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() - + " from interfederated IDP."); - - } - - } catch (IOException e) { - Logger.warn("Interfederation response marshaling FAILED.", e); - - } catch (MarshallingException e) { - Logger.warn("Interfederation response marshaling FAILED.", e); - - } catch (TransformerException e) { - Logger.warn("Interfederation response marshaling FAILED.", e); - - } catch (AssertionValidationExeption e) { - //error is already logged, to nothing - } - - return null; - } +// /** +// * PreProcess AuthResponse and Assertion +// * @param msg +// */ +// private MOAResponse preProcessAuthResponse(MOAResponse msg) { +// Logger.debug("Start PVP21 assertion processing... "); +// Response samlResp = (Response) msg.getResponse(); +// +// try { +// if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +// +// //validate PVP 2.1 assertion +// SAMLVerificationEngine.validateAssertion(samlResp, true); +// +// msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); +// return msg; +// +// } else { +// Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() +// + " from interfederated IDP."); +// +// } +// +// } catch (IOException e) { +// Logger.warn("Interfederation response marshaling FAILED.", e); +// +// } catch (MarshallingException e) { +// Logger.warn("Interfederation response marshaling FAILED.", e); +// +// } catch (TransformerException e) { +// Logger.warn("Interfederation response marshaling FAILED.", e); +// +// } catch (AssertionValidationExeption e) { +// //error is already logged, to nothing +// } +// +// return null; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 181e89806..800728bbd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -26,35 +26,26 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.servlet.http.HttpServletRequest; - import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.impl.AuthnRequestImpl; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.logging.Logger; +@Component("PVPTargetConfiguration") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class PVPTargetConfiguration extends RequestImpl { - /** - * @param req - * @throws ConfigurationException - */ - public PVPTargetConfiguration(HttpServletRequest req) - throws ConfigurationException { - super(req); - - } - private static final long serialVersionUID = 4889919265919638188L; InboundMessage request; @@ -132,7 +123,7 @@ public class PVPTargetConfiguration extends RequestImpl { reqAttr.put(attr.getName(), ""); } - return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); + return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } catch (NoMetadataInformationException e) { Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 8928aaeca..5afa10a72 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -77,6 +78,8 @@ public class SingleLogOutAction implements IAction { @Autowired private AuthenticationManager authManager; @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; + @Autowired private SingleLogOutBuilder sloBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) @@ -107,11 +110,11 @@ public class SingleLogOutAction implements IAction { String ssoID = ssomanager.getSSOSessionID(httpReq); if (MiscUtil.isEmpty(ssoID)) { Logger.info("Can not find active Session. Single LogOut not possible!"); - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); + //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); return null; } else { @@ -121,11 +124,11 @@ public class SingleLogOutAction implements IAction { } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); - //LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); + //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); return null; } @@ -175,10 +178,10 @@ public class SingleLogOutAction implements IAction { Object data = SerializationUtils.deserialize(element.getAssertion()); if (data instanceof SLOInformationContainer) { - SLOInformationContainer sloContainer = (SLOInformationContainer) data; + ISLOInformationContainer sloContainer = (ISLOInformationContainer) data; //check status - SingleLogOutBuilder.checkStatusCode(sloContainer, logOutResp); + sloBuilder.checkStatusCode(sloContainer, logOutResp); if (sloContainer.hasFrontChannelOA()) { try { @@ -224,9 +227,9 @@ public class SingleLogOutAction implements IAction { String redirectURL = null; if (sloContainer.getSloRequest() != null) { //send SLO response to SLO request issuer - SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = SingleLogOutBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState()); + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState()); } else { //print SLO information directly diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 9e176f724..24bdf4c3c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -47,6 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -58,8 +59,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -69,13 +70,15 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPPostBindingCoder") public class PostBinding implements IDecoder, IEncoder { - + + @Autowired private IDPCredentialProvider credentialProvider; + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); //load default PVP security configurations @@ -113,7 +116,7 @@ public class PostBinding implements IDecoder, IEncoder { throws MessageEncodingException, SecurityException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); //load default PVP security configurations diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 08aa76e58..7167d8b7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -48,6 +48,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.x509.X509Credential; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -59,8 +60,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; @@ -69,12 +70,14 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPRedirectBindingCoder") public class RedirectBinding implements IDecoder, IEncoder { + @Autowired private IDPCredentialProvider credentialProvider; + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); //load default PVP security configurations @@ -107,7 +110,7 @@ public class RedirectBinding implements IDecoder, IEncoder { StatusResponseType response, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); //load default PVP security configurations diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index d42d91105..bd60b7a13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -45,6 +45,7 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; @@ -54,14 +55,16 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPSOAPBindingCoder") public class SoapBinding implements IDecoder, IEncoder { + @Autowired private IDPCredentialProvider credentialProvider; + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, SecurityException, PVP2Exception { @@ -142,7 +145,7 @@ public class SoapBinding implements IDecoder, IEncoder { StatusResponseType response, String targetLocation, String relayState) throws MessageEncodingException, SecurityException, PVP2Exception { try { - Credential credentials = CredentialProvider + Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); //load default PVP security configurations diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java new file mode 100644 index 000000000..23870806a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java @@ -0,0 +1,649 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.PrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +public abstract class AbstractPVPMetadataBuilder { + + X509KeyInfoGeneratorFactory keyInfoFactory = null; + + /** + * + */ + public AbstractPVPMetadataBuilder() { + keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityIDAsKeyName(true); + keyInfoFactory.setEmitEntityCertificate(true); + + } + + + /** + * Set metadata valid area + * + * @return valid until in hours [h] + */ + public abstract int getMetadataValidUntil(); + + /** + * Build a SAML2 Entities element as metadata root element + * + * @return true, if the metadata should start with entities element + */ + public abstract boolean buildEntitiesDescriptorAsRootElement(); + + /** + * + * + * @return true, if an IDP SSO-descriptor element should be generated + */ + public abstract boolean buildIDPSSODescriptor(); + + /** + * + * + * @return true, if an SP SSO-descriptor element should be generated + */ + public abstract boolean buildSPSSODescriptor(); + + /** + * Set the PVP entityID for this SAML2 metadata. + * The entityID must be a URL and is public-URL prefix of the server, as minimum. + * If this is null or a empty String, the EntityID is the public-url prefix + * + * @return PVP entityID postfix as String + */ + public abstract String getEntityIDPostfix(); + + /** + * Set a friendlyName for this PVP entity + * + * @return + */ + public abstract String getEntityFriendlyName(); + + /** + * Set the contact information for this metadata entity + * + * @return + */ + public abstract List getContactPersonInformation(); + + /** + * Set organisation information for this metadata entity + * + * @return + */ + public abstract Organization getOrgansiationInformation(); + + + /** + * Set the credential for metadata signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public abstract Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for request/response signing + * IDP metadata: this credential is used for SAML2 response signing + * SP metadata: this credential is used for SAML2 response signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public abstract Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for response encryption + * + * @return + * @throws CredentialsNotAvailableException + */ + public abstract Credential getEncryptionCredentials() throws CredentialsNotAvailableException; + + /** + * Set the IDP Post-Binding URL-postfix for WebSSO + * + * @return + */ + public abstract String getIDPWebSSOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL-postfix for WebSSO + * + * @return + */ + public abstract String getIDPWebSSORedirectBindingURL(); + + /** + * Set the IDP Post-Binding URL-postfix for Single LogOut + * + * @return + */ + public abstract String getIDPSLOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL-postfix for Single LogOut + * + * @return + */ + public abstract String getIDPSLORedirectBindingURL(); + + /** + * Set the SP Post-Binding URL-postfix for for the Assertion-Consumer Service + * + * @return + */ + public abstract String getSPAssertionConsumerServicePostBindingURL(); + + /** + * Set the SP Redirect-Binding URL-postfix for the Assertion-Consumer Service + * + * @return + */ + public abstract String getSPAssertionConsumerServiceRedirectBindingURL(); + + /** + * Set the SP Post-Binding URL-postfix for Single LogOut + * + * @return + */ + public abstract String getSPSLOPostBindingURL(); + + /** + * Set the SP Redirect-Binding URL-postfix for Single LogOut + * + * @return + */ + public abstract String getSPSLORedirectBindingURL(); + + /** + * Set the SP SOAP-Binding URL-postfix for Single LogOut + * + * @return + */ + public abstract String getSPSLOSOAPBindingURL(); + + + /** + * Set all SAML2 attributes which could be provided by this IDP + * + * @return + */ + public abstract List getIDPPossibleAttributes(); + + /** + * Set all nameID types which could be provided by this IDP + * + * @return a List of SAML2 nameID types + */ + public abstract List getIDPPossibleNameITTypes(); + + /** + * Set all SAML2 attributes which are required by the SP + * + * @return + */ + public abstract List getSPRequiredAttributes(); + + /** + * Set all nameID types which allowed from the SP + * + * @return a List of SAML2 nameID types + */ + public abstract List getSPAllowedNameITTypes(); + + /** + * + * Build PVP 2.1 conform SAML2 metadata + * + * @param instancePublicURLPrefix + * Public-URL prefix which should be used to generate URLs. + * The URL String must by without trailing / + * + * @return PVP metadata as XML String + * @throws SecurityException + * @throws ConfigurationException + * @throws CredentialsNotAvailableException + * @throws TransformerFactoryConfigurationError + * @throws MarshallingException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SignatureException + */ + public String buildPVPMetadata(String instancePublicURLPrefix) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException { + if (MiscUtil.isEmpty(instancePublicURLPrefix)) { + Logger.error("Metadata generation FAILED! --> PublicURL Prefix is null or empty"); + throw new NullPointerException("PublicURL Prefix is null or empty"); + + } + + //remove trailing slash + if (instancePublicURLPrefix.endsWith("/")) + instancePublicURLPrefix.substring(0, instancePublicURLPrefix.length()-1); + + DateTime date = new DateTime(); + EntityDescriptor entityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + //set entityID + if (MiscUtil.isNotEmpty(getEntityIDPostfix())) + entityDescriptor.setEntityID(instancePublicURLPrefix + getEntityIDPostfix()); + else + entityDescriptor.setEntityID(instancePublicURLPrefix); + + //set contact and organisation information + List contactPersons = getContactPersonInformation(); + if (contactPersons != null) + entityDescriptor.getContactPersons().addAll(contactPersons); + + Organization organisation = getOrgansiationInformation(); + if (organisation != null) + entityDescriptor.setOrganization(organisation); + + //set IDP metadata + if (buildIDPSSODescriptor()) { + RoleDescriptor idpSSODesc = generateIDPMetadata(instancePublicURLPrefix); + if (idpSSODesc != null) + entityDescriptor.getRoleDescriptors().add(idpSSODesc); + + } + + //set SP metadata for interfederation + if (buildSPSSODescriptor()) { + RoleDescriptor spSSODesc = generateSPMetadata(instancePublicURLPrefix); + if (spSSODesc != null) + entityDescriptor.getRoleDescriptors().add(spSSODesc); + + } + + //set metadata signature parameters + Credential metadataSignCred = getMetadataSigningCredentials(); + Signature signature = getIDPSignature(metadataSignCred); + SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null); + + + //initialize XML document builder + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + + + //build entities descriptor + if (buildEntitiesDescriptorAsRootElement()) { + EntitiesDescriptor entitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + entitiesDescriptor.setName(getEntityFriendlyName()); + entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + entitiesDescriptor.setValidUntil(date.plusHours(getMetadataValidUntil())); + entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); + + entitiesDescriptor.setSignature(signature); + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entitiesDescriptor); + out.marshall(entitiesDescriptor, document); + + } else { + entityDescriptor.setValidUntil(date.plusHours(getMetadataValidUntil())); + + entityDescriptor.setSignature(signature); + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entityDescriptor); + out.marshall(entityDescriptor, document); + + } + + //sign metadata + Signer.signObject(signature); + + //transform metadata object to XML string + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + return sw.toString(); + } + + + private RoleDescriptor generateSPMetadata(String instancePublicURLPrefix) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(false); + + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + //Set AuthRequest Signing certificate + Credential authcredential = getRequestorResponseSigningCredentials(); + if (authcredential == null) { + Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. "); + return null; + + } else { + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + } + + //Set assertion encryption credentials + Credential authEncCredential = getEncryptionCredentials(); + + if (authEncCredential != null) { + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + //check nameID formates + if (getIDPPossibleNameITTypes() == null || getIDPPossibleNameITTypes().size() == 0) { + Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } else { + for (String format : getSPAllowedNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + spSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + } + + + //add POST-Binding assertion consumer services + if (MiscUtil.isNotEmpty(getSPAssertionConsumerServicePostBindingURL())) { + AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(instancePublicURLPrefix + getSPAssertionConsumerServicePostBindingURL()); + postassertionConsumerService.setIsDefault(true); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + } + + //add POST-Binding assertion consumer services + if (MiscUtil.isNotEmpty(getSPAssertionConsumerServiceRedirectBindingURL())) { + AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(instancePublicURLPrefix + getSPAssertionConsumerServiceRedirectBindingURL()); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + } + + //validate WebSSO endpoints + if (spSSODescriptor.getAssertionConsumerServices().size() == 0) { + Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. "); + return null; + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(getSPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(instancePublicURLPrefix + getSPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(getSPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(instancePublicURLPrefix + getSPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(getSPSLOSOAPBindingURL())) { + SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapSLOService.setLocation(instancePublicURLPrefix + getSPSLOSOAPBindingURL()); + soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(soapSLOService); + + } + + + //add required attributes + List reqSPAttr = getSPRequiredAttributes(); + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "en")); + attributeService.getNames().add(serviceName); + + if (reqSPAttr != null && reqSPAttr.size() > 0) { + Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata"); + attributeService.getRequestAttributes().addAll(reqSPAttr); + + } else { + Logger.debug("SP metadata contains NO requested attributes."); + + } + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + return spSSODescriptor; + } + + private IDPSSODescriptor generateIDPMetadata(String instancePublicURLPrefix) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + //check response signing credential + Credential responseSignCred = getRequestorResponseSigningCredentials(); + if (responseSignCred == null) { + Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. "); + return null; + + } + + //check nameID formates + if (getIDPPossibleNameITTypes() == null || getIDPPossibleNameITTypes().size() == 0) { + Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } + + // build SAML2 IDP-SSO descriptor element + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + //set ass default value, because PVP 2.x specification defines this feature as MUST + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + // add WebSSO descriptor for POST-Binding + if (MiscUtil.isNotEmpty(getIDPWebSSOPostBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(instancePublicURLPrefix + getIDPWebSSOPostBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + // add WebSSO descriptor for Redirect-Binding + if (MiscUtil.isNotEmpty(getIDPWebSSORedirectBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(instancePublicURLPrefix + getIDPWebSSORedirectBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + //add Single LogOut POST-Binding endpoing + if (MiscUtil.isNotEmpty(getIDPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(instancePublicURLPrefix + getIDPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add Single LogOut Redirect-Binding endpoing + if (MiscUtil.isNotEmpty(getIDPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(instancePublicURLPrefix + getIDPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //validate WebSSO endpoints + if (idpSSODescriptor.getSingleSignOnServices().size() == 0) { + Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. "); + return null; + + } + + //set assertion signing key + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(getRequestorResponseSigningCredentials())); + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + //set IDP attribute set + idpSSODescriptor.getAttributes().addAll(getIDPPossibleAttributes()); + + //set providable nameID formats + for (String format : getIDPPossibleNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + idpSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + + return idpSSODescriptor; + + } + + private Signature getIDPSignature(Credential credentials) { + PrivateKey privatekey = credentials.getPrivateKey(); + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + + if (privatekey instanceof RSAPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1); + + } else { + Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); + + + } + + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java index ebbafd4e3..9c097780b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import java.util.Set; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -46,17 +45,18 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.SignatureException; import org.opensaml.xml.signature.Signer; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -65,9 +65,12 @@ import at.gv.egovernment.moa.util.Constants; * @author tlenz * */ +@Service("AttributQueryBuilder") public class AttributQueryBuilder { - public static List buildSAML2AttributeList(IOAAuthParameters oa, Iterator iterator) { + @Autowired IDPCredentialProvider credentialProvider; + + public List buildSAML2AttributeList(IOAAuthParameters oa, Iterator iterator) { Logger.debug("Build OA specific Attributes for AttributQuery request"); @@ -103,7 +106,7 @@ public class AttributQueryBuilder { } - public static AttributeQuery buildAttributQueryRequest(String nameID, + public AttributeQuery buildAttributQueryRequest(String nameID, String endpoint, List requestedAttributes) throws AttributQueryException { @@ -136,7 +139,7 @@ public class AttributQueryBuilder { query.setDestination(endpoint); - X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + X509Credential idpSigningCredential = credentialProvider.getIDPAssertionSigningCredential(); Signature signer = SAML2Utils.createSAMLObject(Signature.class); signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index dbbc21ec9..959fc7d2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.security.NoSuchAlgorithmException; +import java.util.LinkedHashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -57,14 +58,20 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; @@ -74,7 +81,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -83,9 +90,12 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ +@Service("PVP_SingleLogOutBuilder") public class SingleLogOutBuilder { - public static void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) { + @Autowired private IDPCredentialProvider credentialProvider; + + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { Status status = logOutResp.getStatus(); if (!status.getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { String message = " Message: "; @@ -111,12 +121,12 @@ public class SingleLogOutBuilder { * @param relayState * @return */ - public static String getFrontChannelSLOMessageURL(String serviceURL, String bindingType, + public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType, RequestAbstractType sloReq, HttpServletRequest httpReq, HttpServletResponse httpResp, String relayState) throws MOAIDException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); Logger.debug("create SAML RedirectBinding response"); @@ -143,12 +153,12 @@ public class SingleLogOutBuilder { } } - public static String getFrontChannelSLOMessageURL(SingleLogoutService service, + public String getFrontChannelSLOMessageURL(SingleLogoutService service, StatusResponseType sloResp, HttpServletRequest httpReq, HttpServletResponse httpResp, String relayState) throws MOAIDException { try { - X509Credential credentials = CredentialProvider + X509Credential credentials = credentialProvider .getIDPAssertionSigningCredential(); Logger.debug("create SAML RedirectBinding response"); @@ -171,7 +181,7 @@ public class SingleLogOutBuilder { } } - public static void sendFrontChannelSLOMessage(SingleLogoutService consumerService, + public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, String relayState) throws MOAIDException { IEncoder binding = null; @@ -205,7 +215,7 @@ public class SingleLogOutBuilder { } - public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException { + public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException { LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); SecureRandomIdentifierGenerator gen; @@ -236,7 +246,7 @@ public class SingleLogOutBuilder { //sign message try { - X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + X509Credential idpSigningCredential = credentialProvider.getIDPAssertionSigningCredential(); Signature signer = SAML2Utils.createSAMLObject(Signature.class); signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); @@ -265,7 +275,7 @@ public class SingleLogOutBuilder { return sloReq; } - public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException { + public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status = SAML2Utils.createSAMLObject(Status.class); @@ -282,7 +292,7 @@ public class SingleLogOutBuilder { return sloResp; } - public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List failedOAs) throws MOAIDException { + public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List failedOAs) throws MOAIDException { LogoutResponse sloResp = buildBasicResponse(sloService, spRequest); Status status; @@ -307,7 +317,7 @@ public class SingleLogOutBuilder { } - private static LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { + private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException { LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); issuer.setValue(spRequest.getAuthURLWithOutSlash()); @@ -338,7 +348,7 @@ public class SingleLogOutBuilder { } - public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException { + public SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException { try { EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID); SSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -379,7 +389,7 @@ public class SingleLogOutBuilder { } - public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { + public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { MOARequest moaReq = (MOARequest) spRequest.getRequest(); EntityDescriptor metadata = moaReq.getEntityMetadata(); SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -415,4 +425,91 @@ public class SingleLogOutBuilder { return sloService; } + public void parseActiveOAs(SLOInformationContainer container, + List dbOAs, String removeOAID) { + if (container.getActiveBackChannelOAs() == null) + container.setActiveBackChannelOAs(new LinkedHashMap()); + if (container.getActiveFrontChannalOAs() == null) + container.setActiveFrontChannalOAs(new LinkedHashMap()); + + + if (dbOAs != null) { + for (OASessionStore oa : dbOAs) { + if (!oa.getOaurlprefix().equals(removeOAID)) { + + //Actually only PVP 2.1 support Single LogOut + if (PVP2XProtocol.PATH.equals(oa.getProtocolType())) { + SingleLogoutService sloDesc; + try { + sloDesc = getRequestSLODescriptor(oa.getOaurlprefix()); + + if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + container.getActiveBackChannelOAs().put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAuthURL(), + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + else + container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAuthURL(), + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + } catch (NOSLOServiceDescriptorException e) { + container.putFailedOA(oa.getOaurlprefix()); + + } + + } else + container.putFailedOA(oa.getOaurlprefix()); + } + } + } + } + + /** + * @param dbIDPs + * @param value + */ + public void parseActiveIDPs(SLOInformationContainer container, + List dbIDPs, String removeIDP) { + if (container.getActiveBackChannelOAs() == null) + container.setActiveBackChannelOAs(new LinkedHashMap()); + if (container.getActiveFrontChannalOAs() == null) + container.setActiveFrontChannalOAs(new LinkedHashMap()); + + if (dbIDPs != null) { + for (InterfederationSessionStore el : dbIDPs) { + if (!el.getIdpurlprefix().equals(removeIDP)) { + + SingleLogoutService sloDesc; + try { + sloDesc = getRequestSLODescriptor(el.getIdpurlprefix()); + + container.getActiveFrontChannalOAs().put(el.getIdpurlprefix(), + new SLOInformationImpl( + el.getAuthURL(), + el.getSessionIndex(), + el.getUserNameID(), + NameID.TRANSIENT, + PVP2XProtocol.PATH, + sloDesc)); + + } catch (NOSLOServiceDescriptorException e) { + container.putFailedOA(el.getIdpurlprefix()); + + } + } + } + } + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 47d7a29b3..bbf395a6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.config; -import iaik.x509.X509Certificate; - import java.io.IOException; import java.net.URL; import java.security.cert.CertificateException; @@ -51,12 +49,11 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; public class PVPConfiguration { @@ -79,18 +76,6 @@ public class PVPConfiguration { public static final String PVP_CONFIG_FILE = "pvp2config.properties"; - public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; - public static final String IDP_KS_PASS = "idp.ks.kspassword"; - - public static final String IDP_KEYALIASMETADATA = "idp.ks.metadata.alias"; - public static final String IDP_KEY_PASSMETADATA = "idp.ks.metadata.keypassword"; - - public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; - public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; - - public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; - public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; - public static final String IDP_ISSUER_NAME = "servicename"; public static final String IDP_ORG_NAME = "name.short"; @@ -162,38 +147,6 @@ public class PVPConfiguration { public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException { return publicURLPrefix + PVP2_METADATA; } - - public String getIDPKeyStoreFilename() { - return FileUtils.makeAbsoluteURL(props.getProperty(IDP_JAVAKEYSTORE), rootDir); - } - - public String getIDPKeyStorePassword() { - return props.getProperty(IDP_KS_PASS).trim(); - } - - public String getIDPKeyAliasMetadata() { - return props.getProperty(IDP_KEYALIASMETADATA).trim(); - } - - public String getIDPKeyPasswordMetadata() { - return props.getProperty(IDP_KEY_PASSMETADATA).trim(); - } - - public String getIDPKeyAliasAssertionSign() { - return props.getProperty(IDP_KEYALIASASSERTION).trim(); - } - - public String getIDPKeyPasswordAssertionSign() { - return props.getProperty(IDP_KEY_PASSASSERTION).trim(); - } - - public String getIDPKeyAliasAssertionEncryption() { - return props.getProperty(IDP_KEYALIASASSERTION).trim(); - } - - public String getIDPKeyPasswordAssertionEncryption() { - return props.getProperty(IDP_KEY_PASSASSERTION).trim(); - } public String getIDPIssuerName() throws ConfigurationException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java new file mode 100644 index 000000000..e7df23d61 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java @@ -0,0 +1,186 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import java.security.KeyStore; + +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.X509Credential; + +import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +public abstract class AbstractCredentialProvider { + + private static KeyStore keyStore = null; + + /** + * Get a friendlyName for this keyStore implementation + * This friendlyName is used for logging + * + * @return keyStore friendlyName + */ + public abstract String getFriendlyName(); + + /** + * Get KeyStore + * + * @return URL to the keyStore + */ + public abstract String getKeyStoreFilePath(); + + /** + * Get keyStore password + * + * @return Password of the keyStore + */ + public abstract String getKeyStorePassword(); + + /** + * Get alias of key for metadata signing + * + * @return key alias + */ + public abstract String getMetadataKeyAlias(); + + /** + * Get password of key for metadata signing + * + * @return key password + */ + public abstract String getMetadataKeyPassword(); + + /** + * Get alias of key for request/response signing + * + * @return key alias + */ + public abstract String getSignatureKeyAlias(); + + /** + * Get password of key for request/response signing + * + * @return key password + */ + public abstract String getSignatureKeyPassword(); + + /** + * Get alias of key for IDP response encryption + * + * @return key alias + */ + public abstract String getEncryptionKeyAlias(); + + /** + * Get password of key for IDP response encryption + * + * @return key password + */ + public abstract String getEncryptionKeyPassword(); + + + public X509Credential getIDPMetaDataSigningCredential() + throws CredentialsNotAvailableException { + try { + + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " + + getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null); + + } + return credentials; + } catch (Exception e) { + Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + + public X509Credential getIDPAssertionSigningCredential() + throws CredentialsNotAvailableException { + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: " + + getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null); + + } + + return (X509Credential) credentials; + } catch (Exception e) { + Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + + public X509Credential getIDPAssertionEncryptionCredential() + throws CredentialsNotAvailableException { + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + //if no encryption key is configured return null + if (MiscUtil.isEmpty(getEncryptionKeyAlias())) + return null; + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.ENCRYPTION); + + if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { + Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey."); + throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: " + + getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null); + + } + + return (X509Credential) credentials; + } catch (Exception e) { + Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java deleted file mode 100644 index d76e6c2f1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ /dev/null @@ -1,198 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.signer; - -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.interfaces.RSAPrivateKey; - -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.x509.BasicX509Credential; -import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; -import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; - -import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -public class CredentialProvider { - - private static KeyStore keyStore = null; - - public static X509Credential getIDPMetaDataSigningCredential() - throws CredentialsNotAvailableException { - PVPConfiguration config = PVPConfiguration.getInstance(); - try { - - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), - config.getIDPKeyStorePassword()); - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, config.getIDPKeyAliasMetadata(), config - .getIDPKeyPasswordMetadata().toCharArray()); - - credentials.setUsageType(UsageType.SIGNING); - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error("IDP Metadata Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: " - + config.getIDPKeyAliasMetadata() + ") is not found or contains no PrivateKey.", null); - - } - return credentials; - } catch (Exception e) { - Logger.error("Failed to generate IDP Metadata Signing credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } - } - - public static X509Credential getIDPAssertionSigningCredential() - throws CredentialsNotAvailableException { - PVPConfiguration config = PVPConfiguration.getInstance(); - try { - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), - config.getIDPKeyStorePassword()); - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, config.getIDPKeyAliasAssertionSign(), config - .getIDPKeyPasswordAssertionSign().toCharArray()); - - credentials.setUsageType(UsageType.SIGNING); - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error("IDP Assertion Signing credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("IDP Assertion Signing credentials (Alias: " - + config.getIDPKeyAliasAssertionSign() + ") is not found or contains no PrivateKey.", null); - - } - - return (X509Credential) credentials; - } catch (Exception e) { - Logger.error("Failed to generate IDP Assertion Signing credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } - } - - public static X509Credential getIDPAssertionEncryptionCredential() - throws CredentialsNotAvailableException { - PVPConfiguration config = PVPConfiguration.getInstance(); - try { - if (keyStore == null) - keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), - config.getIDPKeyStorePassword()); - - //if no encryption key is configured return null - if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption())) - return null; - - MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( - keyStore, config.getIDPKeyAliasAssertionEncryption(), config - .getIDPKeyPasswordAssertionEncryption().toCharArray()); - - credentials.setUsageType(UsageType.ENCRYPTION); - - if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) { - Logger.error("IDP Assertion Encryption credentials is not found or contains no PrivateKey."); - throw new CredentialsNotAvailableException("IDP Assertion Encryption credentials (Alias: " - + config.getIDPKeyAliasAssertionEncryption() + ") is not found or contains no PrivateKey.", null); - - } - - return (X509Credential) credentials; - } catch (Exception e) { - Logger.error("Failed to generate IDP Assertion Encryption credentials"); - e.printStackTrace(); - throw new CredentialsNotAvailableException(e.getMessage(), null); - } - } - - public static Signature getIDPSignature(Credential credentials) { - - PrivateKey privatekey = credentials.getPrivateKey(); - - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - - if (privatekey instanceof RSAPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - - } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1); - - } else { - Logger.warn("Could NOT evaluate the Private-Key type from PVP credential."); - - } - - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - - } - - public static Credential getSPTrustedCredential(String entityID) - throws CredentialsNotAvailableException { - - iaik.x509.X509Certificate cert = PVPConfiguration.getInstance() - .getTrustEntityCertificate(entityID); - - if (cert == null) { - throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null); - } - - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityId(entityID); - credential.setUsageType(UsageType.SIGNING); - credential.setPublicKey(cert.getPublicKey()); - - return credential; - } - /* - * public static Credential getTrustedCredential() throws - * CredentialsNotAvailableException { String filename = - * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); - * - * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new - * FileInputStream(new File(filename))); } catch (CertificateException e) { - * e.printStackTrace(); throw new - * CredentialsNotAvailableException(e.getMessage(), null); } catch - * (FileNotFoundException e) { e.printStackTrace(); throw new - * CredentialsNotAvailableException(e.getMessage(), null); } catch - * (IOException e) { e.printStackTrace(); throw new - * CredentialsNotAvailableException(e.getMessage(), null); } - * - * BasicX509Credential credential = new BasicX509Credential(); - * credential.setEntityId("sp.crt"); - * credential.setUsageType(UsageType.SIGNING); - * credential.setPublicKey(cert.getPublicKey()); - * - * return credential; } - */ -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java new file mode 100644 index 000000000..8fb4ec3cf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -0,0 +1,150 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import java.util.Properties; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.util.FileUtils; + +@Service("IDPCredentialProvider") +public class IDPCredentialProvider extends AbstractCredentialProvider { + public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; + public static final String IDP_KS_PASS = "idp.ks.kspassword"; + + public static final String IDP_KEYALIASMETADATA = "idp.ks.metadata.alias"; + public static final String IDP_KEY_PASSMETADATA = "idp.ks.metadata.keypassword"; + + public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; + public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; + + public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; + public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; + + + private @Autowired AuthConfiguration authConfig; + private Properties props = null; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return FileUtils.makeAbsoluteURL( + props.getProperty(IDP_JAVAKEYSTORE), + authConfig.getRootConfigFileDir()); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KS_PASS).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEYALIASMETADATA).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEY_PASSMETADATA).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEYALIASASSERTION).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEY_PASSASSERTION).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEYALIASENCRYTPION).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + if (props == null) + props = authConfig.getGeneralPVP2ProperiesConfig(); + + return props.getProperty(IDP_KEYALIASENCRYTPION).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "IDP"; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 69c760f19..4650327b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -29,6 +29,8 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.security.SAMLSignatureProfileValidator; import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; @@ -37,9 +39,10 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -83,8 +86,7 @@ public class EntityVerifier { throw new SAMLRequestNotSignedException(e); } - Credential credential = CredentialProvider - .getSPTrustedCredential(entityDescriptor.getEntityID()); + Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID()); if (credential == null) { throw new NoCredentialsException(entityDescriptor.getEntityID()); } @@ -171,8 +173,7 @@ public class EntityVerifier { + " entryID is used to select the certificate to perform Metadata verification."); } - Credential credential = CredentialProvider - .getSPTrustedCredential(entities.get(0).getEntityID()); + Credential credential = getSPTrustedCredential(entities.get(0).getEntityID()); if (credential == null) { throw new NoCredentialsException("moaID IDP"); @@ -188,5 +189,23 @@ public class EntityVerifier { } } } + + public static Credential getSPTrustedCredential(String entityID) + throws CredentialsNotAvailableException { + + iaik.x509.X509Certificate cert = PVPConfiguration.getInstance() + .getTrustEntityCertificate(entityID); + + if (cert == null) { + throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null); + } + + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityId(entityID); + credential.setUsageType(UsageType.SIGNING); + credential.setPublicKey(cert.getPublicKey()); + + return credential; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 812e27a36..cc7afa842 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -22,55 +22,34 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; -import java.util.ArrayList; -import java.util.List; - import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; -import org.opensaml.saml2.core.Conditions; -import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.encryption.Decrypter; -import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCriteria; import org.opensaml.security.SAMLSignatureProfileValidator; -import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; -import org.opensaml.xml.encryption.DecryptionException; -import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; -import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; -import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.validation.ValidationException; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -179,114 +158,114 @@ public class SAMLVerificationEngine { } } - public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption { - try { - if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - List saml2assertions = new ArrayList(); - - List allowedPublicURLPrefix = - AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); - boolean isValidDestination = false; - for (String allowedPreFix : allowedPublicURLPrefix) { - if (validateDestination && samlResp.getDestination().startsWith( - allowedPreFix)) { - isValidDestination = true; - break; - - } - } - if (!isValidDestination) { - Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); - throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); - - } - - //check encrypted Assertion - List encryAssertionList = samlResp.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - Logger.debug("Found encryped assertion. Start decryption ..."); - - X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(authDecCredential); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - Logger.debug("Assertion decryption finished. "); - - } else { - saml2assertions.addAll(samlResp.getAssertions()); - - } - - List validatedassertions = new ArrayList(); - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - try { - performSchemaValidation(saml2assertion.getDOM()); - - Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore().minusMinutes(5); - DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - Logger.warn("PVP2 Assertion is out of Date. " - + "{ Current : " + new DateTime() - + " NotBefore: " + notbefore - + " NotAfter : " + notafter - + " }");; - - } else { - validatedassertions.add(saml2assertion); - - } - - } catch (SchemaValidationException e) { - - } - } - - if (validatedassertions.isEmpty()) { - Logger.info("No valid PVP 2.1 assertion received."); - throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); - } - - samlResp.getAssertions().clear(); - samlResp.getEncryptedAssertions().clear(); - samlResp.getAssertions().addAll(validatedassertions); - - } else { - Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " - + samlResp.getStatus().getStatusCode().getValue()); - throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " - + samlResp.getStatus().getStatusCode().getValue(), null); - } - - } catch (CredentialsNotAvailableException e) { - Logger.warn("Assertion decrypt FAILED - No Credentials", e); - throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e); - - } catch (DecryptionException e) { - Logger.warn("Assertion decrypt FAILED.", e); - throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); - - } catch (ConfigurationException e) { - throw new AssertionValidationExeption("pvp.12", null, e); - } - } +// public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption { +// try { +// if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { +// List saml2assertions = new ArrayList(); +// +// List allowedPublicURLPrefix = +// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); +// boolean isValidDestination = false; +// for (String allowedPreFix : allowedPublicURLPrefix) { +// if (validateDestination && samlResp.getDestination().startsWith( +// allowedPreFix)) { +// isValidDestination = true; +// break; +// +// } +// } +// if (!isValidDestination) { +// Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); +// throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); +// +// } +// +// //check encrypted Assertion +// List encryAssertionList = samlResp.getEncryptedAssertions(); +// if (encryAssertionList != null && encryAssertionList.size() > 0) { +// //decrypt assertions +// +// Logger.debug("Found encryped assertion. Start decryption ..."); +// +// X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); +// +// StaticKeyInfoCredentialResolver skicr = +// new StaticKeyInfoCredentialResolver(authDecCredential); +// +// ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); +// encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); +// encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); +// encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); +// +// Decrypter samlDecrypter = +// new Decrypter(null, skicr, encryptedKeyResolver); +// +// for (EncryptedAssertion encAssertion : encryAssertionList) { +// saml2assertions.add(samlDecrypter.decrypt(encAssertion)); +// +// } +// +// Logger.debug("Assertion decryption finished. "); +// +// } else { +// saml2assertions.addAll(samlResp.getAssertions()); +// +// } +// +// List validatedassertions = new ArrayList(); +// for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { +// +// try { +// performSchemaValidation(saml2assertion.getDOM()); +// +// Conditions conditions = saml2assertion.getConditions(); +// DateTime notbefore = conditions.getNotBefore().minusMinutes(5); +// DateTime notafter = conditions.getNotOnOrAfter(); +// if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { +// Logger.warn("PVP2 Assertion is out of Date. " +// + "{ Current : " + new DateTime() +// + " NotBefore: " + notbefore +// + " NotAfter : " + notafter +// + " }");; +// +// } else { +// validatedassertions.add(saml2assertion); +// +// } +// +// } catch (SchemaValidationException e) { +// +// } +// } +// +// if (validatedassertions.isEmpty()) { +// Logger.info("No valid PVP 2.1 assertion received."); +// throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); +// } +// +// samlResp.getAssertions().clear(); +// samlResp.getEncryptedAssertions().clear(); +// samlResp.getAssertions().addAll(validatedassertions); +// +// } else { +// Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " +// + samlResp.getStatus().getStatusCode().getValue()); +// throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " +// + samlResp.getStatus().getStatusCode().getValue(), null); +// } +// +// } catch (CredentialsNotAvailableException e) { +// Logger.warn("Assertion decrypt FAILED - No Credentials", e); +// throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e); +// +// } catch (DecryptionException e) { +// Logger.warn("Assertion decrypt FAILED.", e); +// throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); +// +// } catch (ConfigurationException e) { +// throw new AssertionValidationExeption("pvp.12", null, e); +// } +// } private static void performSchemaValidation(Element source) throws SchemaValidationException { diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index dcaeb42c3..abb9720a7 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -44,27 +44,35 @@ + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateBKUSelectionFrameTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateInterfedeartionRequestTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.ReceiveInterfederationResponseTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl" + scope="prototype"/> \ No newline at end of file diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java new file mode 100644 index 000000000..3aefeba3e --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java @@ -0,0 +1,235 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.module.test; + +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; + +/** + * @author tlenz + * + */ +public class TestRequestImpl implements IRequest { + + private String processInstanceID = null; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() + */ + @Override + public String requestedModule() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() + */ + @Override + public String requestedAction() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL() + */ + @Override + public String getOAURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv() + */ + @Override + public boolean isPassiv() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth() + */ + @Override + public boolean forceAuth() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String) + */ + @Override + public Object getGenericData(String key) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericData(String key, Class clazz) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setGenericDataToSession(java.lang.String, java.lang.Object) + */ + @Override + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + // TODO Auto-generated method stub + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID() + */ + @Override + public String getRequestID() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getMOASessionIdentifier() + */ + @Override + public String getMOASessionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier() + */ + @Override + public String getUniqueTransactionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier() + */ + @Override + public String getUniqueSessionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId() + */ + @Override + public String getProcessInstanceId() { + return processInstanceID; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL() + */ + @Override + public String getAuthURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash() + */ + @Override + public String getAuthURLWithOutSlash() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication() + */ + @Override + public boolean isNeedAuthentication() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality() + */ + @Override + public boolean needSingleSignOnFunctionality() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean) + */ + @Override + public void setNeedSingleSignOnFunctionality(boolean needSSO) { + // TODO Auto-generated method stub + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated() + */ + @Override + public boolean isAuthenticated() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean) + */ + @Override + public void setAuthenticated(boolean isAuthenticated) { + // TODO Auto-generated method stub + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getOnlineApplicationConfiguration() + */ + @Override + public IOAAuthParameters getOnlineApplicationConfiguration() { + // TODO Auto-generated method stub + return null; + } + + /** + * @param processInstanceID the processInstanceID to set + */ + public void setProcessInstanceID(String processInstanceID) { + this.processInstanceID = processInstanceID; + } + + + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml index dcea83b8a..b0ab11a11 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml @@ -15,33 +15,43 @@ + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareGetMISMandateTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask" + scope="prototype"/> \ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 374c3df30..5c25c49c5 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -2,26 +2,19 @@ package at.gv.egovernment.moa.id.protocols.eidas; import java.util.List; -import javax.servlet.http.HttpServletRequest; - import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import eu.eidas.auth.commons.EIDASAuthnRequest; +@Component("EIDASData") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class EIDASData extends RequestImpl { - /** - * @param req - * @throws ConfigurationException - */ - public EIDASData(HttpServletRequest req) throws ConfigurationException { - super(req); - - } - /** The Constant serialVersionUID. */ private static final long serialVersionUID = 8765755670214923910L; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index cf3960815..4caa6700a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -69,7 +69,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { //create pendingRequest object - EIDASData pendingReq = new EIDASData(req); + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -97,7 +98,8 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { //create pending-request object - EIDASData pendingReq = new EIDASData(req); + EIDASData pendingReq = applicationContext.getBean(EIDASData.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml index 9f48b686b..a3f5042a1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/moaid_eidas_auth.beans.xml @@ -12,12 +12,15 @@ + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.GenerateAuthnRequestTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + class="at.gv.egovernment.moa.id.auth.modules.eidas.tasks.CreateIdentityLinkTask" + scope="prototype"/> \ No newline at end of file diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 416445fa6..34ab0eaba 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -29,6 +29,9 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -43,18 +46,18 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; import at.gv.egovernment.moa.logging.Logger; +@Component("OAuth20AuthRequest") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class OAuth20AuthRequest extends OAuth20BaseRequest { /** * @param req * @throws ConfigurationException */ - public OAuth20AuthRequest(HttpServletRequest req) - throws ConfigurationException { - super(req); + public OAuth20AuthRequest() { + super(); //AuthnRequest needs authentication this.setNeedAuthentication(true); @@ -236,6 +239,6 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } } - return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); + return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 5906964a4..4eae5ac3b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -38,7 +38,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; -import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -49,11 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set allowedParameters = new HashSet(); - - public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException { - super(req); - } - + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -119,28 +114,4 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; - public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception { - OAuth20BaseRequest res; - try { - if (action.equals(OAuth20Protocol.AUTH_ACTION)) { - res = new OAuth20AuthRequest(request); - - } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) { - res = new OAuth20TokenRequest(request); - - } else { - throw new OAuth20InvalidRequestException(); - } - - } catch (ConfigurationException e) { - Logger.warn(e.getMessage()); - throw new OAuth20InvalidRequestException(); - - } - - res.setModule(OAuth20Protocol.NAME); - - res.populateParameters(request); - return res; - } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 20fe71518..b88365e39 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -74,8 +74,17 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { } - //PreProcess - IRequest pendingReq = preProcess(req, resp, AUTH_ACTION); + OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); + try { + pendingReq.initialize(req); + pendingReq.setModule(OAuth20Protocol.NAME); + pendingReq.populateParameters(req); + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessage(), null); + + } revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); @@ -99,9 +108,18 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { } - //PreProcess - IRequest pendingReq = preProcess(req, resp, TOKEN_ACTION); - + OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); + try { + pendingReq.initialize(req); + pendingReq.setModule(OAuth20Protocol.NAME); + pendingReq.populateParameters(req); + + } catch (OAuth20Exception e) { + Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); + throw new InvalidProtocolRequestException(e.getMessage(), null); + + } + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); revisionsLogger.logEvent( @@ -114,28 +132,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { performAuthentication(req, resp, (RequestImpl)pendingReq); } - - /* - * (non-Javadoc) - * @see - * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse, java.lang.String) - */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { - // validation is done inside creation - try { - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); - Logger.debug("Created: " + res); - return res; - - } catch (OAuth20Exception e) { - Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessage(), null); - - } - } - /* * (non-Javadoc) * @see diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 9b0ee099e..3fad5d83e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -27,6 +27,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -39,16 +42,16 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrant import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.logging.Logger; +@Component("OAuth20TokenRequest") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) class OAuth20TokenRequest extends OAuth20BaseRequest { /** * @param req * @throws ConfigurationException */ - public OAuth20TokenRequest(HttpServletRequest req) - throws ConfigurationException { - super(req); - + public OAuth20TokenRequest() { + super(); //AuthnRequest needs authentication this.setNeedAuthentication(false); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 3eabf71c0..1b1815b44 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -104,7 +104,8 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { } - SAML1RequestImpl pendingReq = new SAML1RequestImpl(req); + SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); + pendingReq.initialize(req); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 5867bbac6..4c6dfdc63 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -25,31 +25,22 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.ArrayList; import java.util.List; -import javax.servlet.http.HttpServletRequest; - import org.opensaml.saml2.core.Attribute; +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; /** * @author tlenz * */ +@Component("SAML1RequestImpl") +@Scope(value = BeanDefinition.SCOPE_PROTOTYPE) public class SAML1RequestImpl extends RequestImpl { - - /** - * @param req - * @throws ConfigurationException - */ - public SAML1RequestImpl(HttpServletRequest req) - throws ConfigurationException { - super(req); - - } private static final long serialVersionUID = -4961979968425683115L; @@ -90,9 +81,8 @@ public class SAML1RequestImpl extends RequestImpl { reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); } - return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator()); - - + return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator()); + } } -- cgit v1.2.3 From cbdb6946d5af7de63afebf5ad256743303f00935 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 24 Feb 2016 06:21:22 +0100 Subject: refactor PVP protocol implementation to resuse code in other modules --- .../moa/id/auth/MOAIDAuthConstants.java | 4 +- .../id/auth/builder/AuthenticationDataBuilder.java | 50 +- .../id/auth/modules/BKUSelectionModuleImpl.java | 3 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 3 + .../tasks/RestartAuthProzessManagement.java | 10 +- .../moa/id/moduls/AuthenticationManager.java | 12 +- .../id/protocols/pvp2x/AttributQueryAction.java | 5 +- .../id/protocols/pvp2x/AuthenticationAction.java | 12 +- .../moa/id/protocols/pvp2x/MetadataAction.java | 257 +------- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 112 +--- .../moa/id/protocols/pvp2x/binding/IEncoder.java | 24 +- .../id/protocols/pvp2x/binding/PostBinding.java | 35 +- .../protocols/pvp2x/binding/RedirectBinding.java | 43 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 21 +- .../pvp2x/builder/AbstractPVPMetadataBuilder.java | 649 --------------------- .../pvp2x/builder/PVPMetadataBuilder.java | 460 +++++++++++++++ .../pvp2x/builder/SingleLogOutBuilder.java | 3 +- .../pvp2x/config/IDPPVPMetadataConfiguration.java | 288 +++++++++ .../config/IPVPMetadataBuilderConfiguration.java | 217 +++++++ .../pvp2x/verification/SAMLVerificationEngine.java | 236 ++++---- .../tasks/InitializeBKUAuthenticationTask.java | 1 + .../builder/FederatedAuthMetadataBuilder.java | 273 --------- .../config/FederatedAuthMetadataConfiguration.java | 281 +++++++++ 23 files changed, 1513 insertions(+), 1486 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java delete mode 100644 id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java create mode 100644 id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index d76021bbd..1a9018563 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -174,8 +174,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{ //AuthnRequest IssueInstant validation public static final int TIME_JITTER = 5; //all 5 minutes time jitter - public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID"; + public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication"; public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; + public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection"; + public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; //General protocol-request data-store keys public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index dbf95f604..8a9999d85 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -104,7 +104,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -127,24 +126,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected AuthConfiguration authConfig; @Autowired private AttributQueryBuilder attributQueryBuilder; + @Autowired private SAMLVerificationEngine samlVerificationEngine; public IAuthData buildAuthenticationData(IRequest protocolRequest, - AuthenticationSession session, List reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - - - String oaID = protocolRequest.getOAURL(); - if (oaID == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaID)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - + AuthenticationSession session, List reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { AuthenticationData authdata = null; + //only needed for SAML1 legacy support try { //check if SAML1 authentication module is in Classpath Class saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); @@ -165,15 +153,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { authdata = new AuthenticationData(); } - - + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { authdata = new AuthenticationData(); } - //reuse some parameters if it is a reauthentication - OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); + //reuse some parameters if it is a Service-Provider reauthentication + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, protocolRequest.getOAURL(), protocolRequest.requestedModule()); if (activeOA != null) { authdata.setSessionIndex(activeOA.getAssertionSessionID()); authdata.setNameID(activeOA.getUserNameID()); @@ -193,7 +180,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } } - + + //search federated IDP information in MOASession InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); IOAAuthParameters oaParam = null; @@ -201,20 +189,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //get OnlineApplication from MOA-ID-Auth configuration oaParam = protocolRequest.getOnlineApplicationConfiguration(); - //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway if (oaParam.isSTORKPVPGateway()) oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, protocolRequest); } else { - //build OnlineApplication dynamic from requested attributes + //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); } - if (interfIDP != null ) { - //IDP is a chained interfederated IDP and Authentication is requested + if (interfIDP != null ) { + //authentication by using a federated IDP if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration && !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) { + //IDP is a chained interfederated IDP and Authentication is requested + //only set minimal response attributes authdata.setQAALevel(interfIDP.getQAALevel()); authdata.setBPK(interfIDP.getUserNameID()); @@ -290,12 +280,15 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } + //get SAML2 Response from federated IDP Response intfResp = (Response) req.getGenericData( RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse(); - AssertionAttributeExtractor extractor = - new AssertionAttributeExtractor(intfResp); - + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(intfResp); + + //check if SAML2 Assertion contains already all required attributes if (!extractor.containsAllRequiredAttributes()) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //collect attributes by using BackChannel communication @@ -323,8 +316,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //validate PVP 2.1 response try { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + samlVerificationEngine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); //TODO: find better solution //SAMLVerificationEngine.validateAssertion(intfResp, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 8b02a5bf6..c96167e71 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** @@ -44,7 +45,7 @@ public class BKUSelectionModuleImpl implements AuthModule { @Override public String selectProcess(ExecutionContext context) { boolean performBKUSelection = false; - Object performBKUSelectionObj = context.get("performBKUSelection"); + Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION); if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index ed88c2aff..bd8dd709f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -62,6 +62,9 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { } + //remove BKU-selection flag from context + executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION); + Logger.info("BKU is selected finished -> Start BKU selection evaluation ..."); } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index e0403f242..ddda86ecc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -64,11 +64,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { } - //remove BKU selection flag - newec.remove("performBKUSelection"); - - - Logger.debug("Swicht to specific authentication process after BKU is selected"); + Logger.debug("Select new auth.-process and restart restart process-engine ... "); // select and create new process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); @@ -91,8 +87,8 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() }); } - - Logger.info("BKU is selected -> Start BKU communication ..."); + + Logger.info("Restart process-engine with auth.process:" + processDefinitionId); // start process processEngine.start(pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 39106dc3b..22561e435 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -99,6 +99,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired private MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; @Autowired private SingleLogOutBuilder sloBuilder; + @Autowired private SAMLVerificationEngine samlVerificationEngine; public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { @@ -346,13 +347,15 @@ public class AuthenticationManager extends MOAIDAuthConstants { //create authentication process execution context ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID, + //set interfederation authentication flag + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, MiscUtil.isNotEmpty( pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); + //set legacy mode or BKU-selection flags boolean leagacyMode = (legacyallowed && legacyparamavail); - executionContext.put("isLegacyRequest", leagacyMode); - executionContext.put("performBKUSelection", !leagacyMode + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); //add leagcy parameters to context @@ -485,8 +488,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { sloContainer.putFailedOA(sloReq.getIssuer().getValue()); } else { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifySLOResponse(sloResp, + samlVerificationEngine.verifySLOResponse(sloResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 36145375b..bd6399377 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -64,6 +65,7 @@ public class AttributQueryAction implements IAction { @Autowired IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private AuthenticationDataBuilder authDataBuilder; + @Autowired private IDPCredentialProvider pvpCredentials; private final static List DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -114,7 +116,8 @@ public class AttributQueryAction implements IAction { try { SoapBinding decoder = new SoapBinding(); - decoder.encodeRespone(httpReq, httpResp, authResponse, null, null); + decoder.encodeRespone(httpReq, httpResp, authResponse, null, null, + pvpCredentials.getIDPAssertionSigningCredential()); return null; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index f64aacc6d..21f505bf1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -35,7 +35,6 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -51,13 +50,13 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { - - @Autowired ApplicationContext context; + @Autowired IDPCredentialProvider pvpCredentials; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -88,11 +87,11 @@ public class AuthenticationAction implements IAction { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = context.getBean(RedirectBinding.class); + binding = new RedirectBinding(); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = context.getBean(PostBinding.class); + binding = new PostBinding(); } @@ -102,7 +101,8 @@ public class AuthenticationAction implements IAction { try { binding.encodeRespone(httpReq, httpResp, authResponse, - consumerService.getLocation(), moaRequest.getRelayState()); + consumerService.getLocation(), moaRequest.getRelayState(), + pvpCredentials.getIDPAssertionSigningCredential()); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index d48603a7c..15fe1e9d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -22,43 +22,33 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.Arrays; -import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.xml.security.credential.Credential; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; @Service("pvpMetadataService") -public class MetadataAction extends AbstractPVPMetadataBuilder implements IAction { +public class MetadataAction implements IAction { - private static final int VALIDUNTIL_IN_HOURS = 24; + @Autowired private MOAReversionLogger revisionsLogger; @Autowired private IDPCredentialProvider credentialProvider; + @Autowired private PVPMetadataBuilder metadatabuilder; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -66,7 +56,10 @@ public class MetadataAction extends AbstractPVPMetadataBuilder implements IActio revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); //build metadata - String metadataXML = buildPVPMetadata(req.getAuthURLWithOutSlash()); + IPVPMetadataBuilderConfiguration metadataConfig = + new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider); + + String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); Logger.debug("METADATA: " + metadataXML); httpResp.setContentType("text/xml"); @@ -87,236 +80,12 @@ public class MetadataAction extends AbstractPVPMetadataBuilder implements IActio return false; } - public String getDefaultActionName() { - return (PVP2XProtocol.METADATA); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() - */ - @Override - public int getMetadataValidUntil() { - return VALIDUNTIL_IN_HOURS; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() - */ - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return true; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() - */ - @Override - public boolean buildIDPSSODescriptor() { - return true; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() - */ - @Override - public boolean buildSPSSODescriptor() { - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityID() - */ - @Override - public String getEntityIDPostfix() { - //TODO: maybe change EntityID to Metadata URL - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() - */ - @Override - public String getEntityFriendlyName() { - try { - return PVPConfiguration.getInstance().getIDPIssuerName(); - - } catch (ConfigurationException e) { - Logger.error("Can not load Metadata entry: EntityID friendlyName.", e); - return null; - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() - */ - @Override - public List getContactPersonInformation() { - try { - return PVPConfiguration.getInstance().getIDPContacts(); - - } catch (ConfigurationException e) { - Logger.warn("Can not load Metadata entry: Contect Person", e); - return null; - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() - */ - @Override - public Organization getOrgansiationInformation() { - try { - return PVPConfiguration.getInstance().getIDPOrganisation(); - - } catch (ConfigurationException e) { - Logger.warn("Can not load Metadata entry: Organisation", e); - return null; - - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() - */ - @Override - public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPMetaDataSigningCredential(); - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() - */ - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPAssertionSigningCredential(); - - } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() */ @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPAssertionEncryptionCredential(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() - */ - @Override - public String getIDPWebSSOPostBindingURL() { - return PVPConfiguration.PVP2_IDP_POST; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() - */ - @Override - public String getIDPWebSSORedirectBindingURL() { - return PVPConfiguration.PVP2_IDP_REDIRECT; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() - */ - @Override - public String getIDPSLOPostBindingURL() { - return PVPConfiguration.PVP2_IDP_POST; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() - */ - @Override - public String getIDPSLORedirectBindingURL() { - return PVPConfiguration.PVP2_IDP_REDIRECT; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() - */ - @Override - public String getSPAssertionConsumerServicePostBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() - */ - @Override - public String getSPAssertionConsumerServiceRedirectBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() - */ - @Override - public String getSPSLOPostBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() - */ - @Override - public String getSPSLORedirectBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() - */ - @Override - public String getSPSLOSOAPBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() - */ - @Override - public List getIDPPossibleAttributes() { - return PVPAttributeBuilder.buildSupportedEmptyAttributes(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() - */ - @Override - public List getIDPPossibleNameITTypes() { - return Arrays.asList(NameIDType.PERSISTENT, - NameIDType.TRANSIENT, - NameIDType.UNSPECIFIED); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() - */ - @Override - public List getSPRequiredAttributes() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() - */ - @Override - public List getSPAllowedNameITTypes() { - return null; + public String getDefaultActionName() { + return "IDP - PVP Metadata action"; } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 88f0e3b74..08d9f67b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -48,7 +48,9 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.ws.security.SecurityPolicyException; import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.SignableXMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -81,6 +83,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; @@ -96,6 +99,9 @@ import at.gv.egovernment.moa.util.MiscUtil; @Controller public class PVP2XProtocol extends AbstractAuthProtocolModulController { + @Autowired IDPCredentialProvider pvpCredentials; + @Autowired SAMLVerificationEngine samlVerificationEngine; + public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -182,8 +188,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - PostBinding coder = applicationContext.getBean(PostBinding.class); - InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); + InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp, false); pendingReq.setRequest(msg); //preProcess Message @@ -231,8 +236,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - RedirectBinding coder = applicationContext.getBean(RedirectBinding.class); - InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); + InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp, false); pendingReq.setRequest(msg); //preProcess Message @@ -270,8 +274,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } if(!msg.isVerified()) { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); msg.setVerified(true); } @@ -301,53 +304,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); //switch to session authentication - performAuthentication(request, response, pendingReq); - -// else if (msg instanceof MOAResponse && -// ((MOAResponse)msg).getResponse() instanceof Response) { -// //load service provider AuthRequest from session -// -// IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); -// if (obj instanceof RequestImpl) { -// RequestImpl iReqSP = (RequestImpl) obj; -// -// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); -// -// MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); -// -// if ( processedMsg != null ) { -// iReqSP.setInterfederationResponse(processedMsg); -// -// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); -// -// Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() -// + ". Switch to original transaction with ID " + iReqSP.getRequestID()); -// TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); -// TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); -// -// } else { -// Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." -// +". Switch back local authentication process ..."); -// -// SSOManager ssomanager = SSOManager.getInstance(); -// ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); -// -// iReqSP.setRequestedIDP(null); -// -// } -// -// return iReqSP; -// -// } -// -// Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); -// return null; - -// } - - - - + performAuthentication(request, response, pendingReq); } public boolean generateErrorMessage(Throwable e, @@ -424,11 +381,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { encoder = new RedirectBinding(); - - } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { - // TODO: not supported YET!! - //binding = new ArtifactBinding(); - + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { encoder = new PostBinding(); @@ -445,8 +398,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { if (pvpRequest.getRequest() != null) relayState = pvpRequest.getRequest().getRelayState(); + X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential(); + encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), - relayState); + relayState, signCred); return true; } @@ -731,43 +686,4 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); } - -// /** -// * PreProcess AuthResponse and Assertion -// * @param msg -// */ -// private MOAResponse preProcessAuthResponse(MOAResponse msg) { -// Logger.debug("Start PVP21 assertion processing... "); -// Response samlResp = (Response) msg.getResponse(); -// -// try { -// if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { -// -// //validate PVP 2.1 assertion -// SAMLVerificationEngine.validateAssertion(samlResp, true); -// -// msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); -// return msg; -// -// } else { -// Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() -// + " from interfederated IDP."); -// -// } -// -// } catch (IOException e) { -// Logger.warn("Interfederation response marshaling FAILED.", e); -// -// } catch (MarshallingException e) { -// Logger.warn("Interfederation response marshaling FAILED.", e); -// -// } catch (TransformerException e) { -// Logger.warn("Interfederation response marshaling FAILED.", e); -// -// } catch (AssertionValidationExeption e) { -// //error is already logged, to nothing -// } -// -// return null; -// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index de5548a44..3b2fb3687 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -29,24 +29,40 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { + + /** + * + * @param req The http request + * @param resp The http response + * @param request The SAML2 request object + * @param targetLocation URL, where the request should be transmit + * @param relayState token for session handling + * @param credentials Credential to sign the request object + * @throws MessageEncodingException + * @throws SecurityException + * @throws PVP2Exception + */ public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException, PVP2Exception; /** * Encoder SAML Response * @param req The http request * @param resp The http response - * @param response The repsonse object - * @param targetLocation + * @param response The SAML2 repsonse object + * @param targetLocation URL, where the request should be transmit + * @param relayState token for session handling + * @param credentials Credential to sign the response object * @throws MessageEncodingException * @throws SecurityException */ public void encodeRespone(HttpServletRequest req, - HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState) + HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException, PVP2Exception; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 24bdf4c3c..ebb4b2991 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -46,9 +46,7 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.x509.X509Credential; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; @@ -59,8 +57,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -68,18 +64,15 @@ import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@Service("PVPPostBindingCoder") public class PostBinding implements IDecoder, IEncoder { - - @Autowired private IDPCredentialProvider credentialProvider; - + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException { try { - X509Credential credentials = credentialProvider - .getIDPAssertionSigningCredential(); +// X509Credential credentials = credentialProvider +// .getIDPAssertionSigningCredential(); //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); @@ -102,9 +95,9 @@ public class PostBinding implements IDecoder, IEncoder { encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); +// } catch (CredentialsNotAvailableException e) { +// e.printStackTrace(); +// throw new SecurityException(e); } catch (Exception e) { e.printStackTrace(); throw new SecurityException(e); @@ -112,12 +105,12 @@ public class PostBinding implements IDecoder, IEncoder { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState) + StatusResponseType response, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException { try { - X509Credential credentials = credentialProvider - .getIDPAssertionSigningCredential(); +// X509Credential credentials = credentialProvider +// .getIDPAssertionSigningCredential(); //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); @@ -143,9 +136,9 @@ public class PostBinding implements IDecoder, IEncoder { context.setRelayState(relayState); encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); +// } catch (CredentialsNotAvailableException e) { +// e.printStackTrace(); +// throw new SecurityException(e); } catch (Exception e) { e.printStackTrace(); throw new SecurityException(e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 7167d8b7d..0ff18d903 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -47,9 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.x509.X509Credential; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; @@ -60,25 +58,20 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@Service("PVPRedirectBindingCoder") public class RedirectBinding implements IDecoder, IEncoder { - - @Autowired private IDPCredentialProvider credentialProvider; public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException { - try { - X509Credential credentials = credentialProvider - .getIDPAssertionSigningCredential(); +// try { +// X509Credential credentials = credentialProvider +// .getIDPAssertionSigningCredential(); //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); @@ -100,18 +93,18 @@ public class RedirectBinding implements IDecoder, IEncoder { context.setRelayState(relayState); encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); - } +// } catch (CredentialsNotAvailableException e) { +// e.printStackTrace(); +// throw new SecurityException(e); +// } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState) - throws MessageEncodingException, SecurityException { - try { - X509Credential credentials = credentialProvider - .getIDPAssertionSigningCredential(); + StatusResponseType response, String targetLocation, String relayState, + Credential credentials) throws MessageEncodingException, SecurityException { +// try { +// X509Credential credentials = credentialProvider +// .getIDPAssertionSigningCredential(); //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); @@ -133,10 +126,10 @@ public class RedirectBinding implements IDecoder, IEncoder { context.setRelayState(relayState); encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); - } +// } catch (CredentialsNotAvailableException e) { +// e.printStackTrace(); +// throw new SecurityException(e); +// } } public InboundMessageInterface decode(HttpServletRequest req, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index bd60b7a13..cc3553551 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -46,7 +46,6 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; @@ -55,12 +54,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@Service("PVPSOAPBindingCoder") public class SoapBinding implements IDecoder, IEncoder { @Autowired private IDPCredentialProvider credentialProvider; @@ -136,17 +133,17 @@ public class SoapBinding implements IDecoder, IEncoder { } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException, PVP2Exception { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState) + StatusResponseType response, String targetLocation, String relayState, Credential credentials) throws MessageEncodingException, SecurityException, PVP2Exception { - try { - Credential credentials = credentialProvider - .getIDPAssertionSigningCredential(); +// try { +// Credential credentials = credentialProvider +// .getIDPAssertionSigningCredential(); //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); @@ -160,10 +157,10 @@ public class SoapBinding implements IDecoder, IEncoder { context.setOutboundMessageTransport(responseAdapter); encoder.encode(context); - } catch (CredentialsNotAvailableException e) { - e.printStackTrace(); - throw new SecurityException(e); - } +// } catch (CredentialsNotAvailableException e) { +// e.printStackTrace(); +// throw new SecurityException(e); +// } } public String getSAML2BindingName() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java deleted file mode 100644 index 0212f8f1c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AbstractPVPMetadataBuilder.java +++ /dev/null @@ -1,649 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols.pvp2x.builder; - -import java.io.IOException; -import java.io.StringWriter; -import java.security.PrivateKey; -import java.security.interfaces.RSAPrivateKey; -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - -import org.joda.time.DateTime; -import org.opensaml.Configuration; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.metadata.AssertionConsumerService; -import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor; -import org.opensaml.saml2.metadata.LocalizedString; -import org.opensaml.saml2.metadata.NameIDFormat; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.saml2.metadata.RoleDescriptor; -import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml2.metadata.ServiceName; -import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.xml.io.Marshaller; -import org.opensaml.xml.io.MarshallingException; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.SecurityHelper; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; -import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; -import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; -import org.opensaml.xml.signature.SignatureException; -import org.opensaml.xml.signature.Signer; -import org.w3c.dom.Document; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ - -public abstract class AbstractPVPMetadataBuilder { - - X509KeyInfoGeneratorFactory keyInfoFactory = null; - - /** - * - */ - public AbstractPVPMetadataBuilder() { - keyInfoFactory = new X509KeyInfoGeneratorFactory(); - keyInfoFactory.setEmitEntityIDAsKeyName(true); - keyInfoFactory.setEmitEntityCertificate(true); - - } - - - /** - * Set metadata valid area - * - * @return valid until in hours [h] - */ - public abstract int getMetadataValidUntil(); - - /** - * Build a SAML2 Entities element as metadata root element - * - * @return true, if the metadata should start with entities element - */ - public abstract boolean buildEntitiesDescriptorAsRootElement(); - - /** - * - * - * @return true, if an IDP SSO-descriptor element should be generated - */ - public abstract boolean buildIDPSSODescriptor(); - - /** - * - * - * @return true, if an SP SSO-descriptor element should be generated - */ - public abstract boolean buildSPSSODescriptor(); - - /** - * Set the PVP entityID for this SAML2 metadata. - * The entityID must be a URL and is public-URL prefix of the server, as minimum. - * If this is null or a empty String, the EntityID is the public-url prefix - * - * @return PVP entityID postfix as String - */ - public abstract String getEntityIDPostfix(); - - /** - * Set a friendlyName for this PVP entity - * - * @return - */ - public abstract String getEntityFriendlyName(); - - /** - * Set the contact information for this metadata entity - * - * @return - */ - public abstract List getContactPersonInformation(); - - /** - * Set organisation information for this metadata entity - * - * @return - */ - public abstract Organization getOrgansiationInformation(); - - - /** - * Set the credential for metadata signing - * - * @return - * @throws CredentialsNotAvailableException - */ - public abstract Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; - - /** - * Set the credential for request/response signing - * IDP metadata: this credential is used for SAML2 response signing - * SP metadata: this credential is used for SAML2 response signing - * - * @return - * @throws CredentialsNotAvailableException - */ - public abstract Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; - - /** - * Set the credential for response encryption - * - * @return - * @throws CredentialsNotAvailableException - */ - public abstract Credential getEncryptionCredentials() throws CredentialsNotAvailableException; - - /** - * Set the IDP Post-Binding URL-postfix for WebSSO - * - * @return - */ - public abstract String getIDPWebSSOPostBindingURL(); - - /** - * Set the IDP Redirect-Binding URL-postfix for WebSSO - * - * @return - */ - public abstract String getIDPWebSSORedirectBindingURL(); - - /** - * Set the IDP Post-Binding URL-postfix for Single LogOut - * - * @return - */ - public abstract String getIDPSLOPostBindingURL(); - - /** - * Set the IDP Redirect-Binding URL-postfix for Single LogOut - * - * @return - */ - public abstract String getIDPSLORedirectBindingURL(); - - /** - * Set the SP Post-Binding URL-postfix for for the Assertion-Consumer Service - * - * @return - */ - public abstract String getSPAssertionConsumerServicePostBindingURL(); - - /** - * Set the SP Redirect-Binding URL-postfix for the Assertion-Consumer Service - * - * @return - */ - public abstract String getSPAssertionConsumerServiceRedirectBindingURL(); - - /** - * Set the SP Post-Binding URL-postfix for Single LogOut - * - * @return - */ - public abstract String getSPSLOPostBindingURL(); - - /** - * Set the SP Redirect-Binding URL-postfix for Single LogOut - * - * @return - */ - public abstract String getSPSLORedirectBindingURL(); - - /** - * Set the SP SOAP-Binding URL-postfix for Single LogOut - * - * @return - */ - public abstract String getSPSLOSOAPBindingURL(); - - - /** - * Set all SAML2 attributes which could be provided by this IDP - * - * @return - */ - public abstract List getIDPPossibleAttributes(); - - /** - * Set all nameID types which could be provided by this IDP - * - * @return a List of SAML2 nameID types - */ - public abstract List getIDPPossibleNameITTypes(); - - /** - * Set all SAML2 attributes which are required by the SP - * - * @return - */ - public abstract List getSPRequiredAttributes(); - - /** - * Set all nameID types which allowed from the SP - * - * @return a List of SAML2 nameID types - */ - public abstract List getSPAllowedNameITTypes(); - - /** - * - * Build PVP 2.1 conform SAML2 metadata - * - * @param instancePublicURLPrefix - * Public-URL prefix which should be used to generate URLs. - * The URL String must by without trailing / - * - * @return PVP metadata as XML String - * @throws SecurityException - * @throws ConfigurationException - * @throws CredentialsNotAvailableException - * @throws TransformerFactoryConfigurationError - * @throws MarshallingException - * @throws TransformerException - * @throws ParserConfigurationException - * @throws IOException - * @throws SignatureException - */ - public String buildPVPMetadata(String instancePublicURLPrefix) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException { - if (MiscUtil.isEmpty(instancePublicURLPrefix)) { - Logger.error("Metadata generation FAILED! --> PublicURL Prefix is null or empty"); - throw new NullPointerException("PublicURL Prefix is null or empty"); - - } - - //remove trailing slash - if (instancePublicURLPrefix.endsWith("/")) - instancePublicURLPrefix.substring(0, instancePublicURLPrefix.length()-1); - - DateTime date = new DateTime(); - EntityDescriptor entityDescriptor = SAML2Utils - .createSAMLObject(EntityDescriptor.class); - - //set entityID - if (MiscUtil.isNotEmpty(getEntityIDPostfix())) - entityDescriptor.setEntityID(instancePublicURLPrefix + getEntityIDPostfix()); - else - entityDescriptor.setEntityID(instancePublicURLPrefix); - - //set contact and organisation information - List contactPersons = getContactPersonInformation(); - if (contactPersons != null) - entityDescriptor.getContactPersons().addAll(contactPersons); - - Organization organisation = getOrgansiationInformation(); - if (organisation != null) - entityDescriptor.setOrganization(organisation); - - //set IDP metadata - if (buildIDPSSODescriptor()) { - RoleDescriptor idpSSODesc = generateIDPMetadata(instancePublicURLPrefix); - if (idpSSODesc != null) - entityDescriptor.getRoleDescriptors().add(idpSSODesc); - - } - - //set SP metadata for interfederation - if (buildSPSSODescriptor()) { - RoleDescriptor spSSODesc = generateSPMetadata(instancePublicURLPrefix); - if (spSSODesc != null) - entityDescriptor.getRoleDescriptors().add(spSSODesc); - - } - - //set metadata signature parameters - Credential metadataSignCred = getMetadataSigningCredentials(); - Signature signature = getIDPSignature(metadataSignCred); - SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null); - - - //initialize XML document builder - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory - .newInstance(); - - builder = factory.newDocumentBuilder(); - Document document = builder.newDocument(); - - - //build entities descriptor - if (buildEntitiesDescriptorAsRootElement()) { - EntitiesDescriptor entitiesDescriptor = - SAML2Utils.createSAMLObject(EntitiesDescriptor.class); - entitiesDescriptor.setName(getEntityFriendlyName()); - entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); - entitiesDescriptor.setValidUntil(date.plusHours(getMetadataValidUntil())); - entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); - - entitiesDescriptor.setSignature(signature); - - //marshall document - Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(entitiesDescriptor); - out.marshall(entitiesDescriptor, document); - - } else { - entityDescriptor.setValidUntil(date.plusHours(getMetadataValidUntil())); - - entityDescriptor.setSignature(signature); - - //marshall document - Marshaller out = Configuration.getMarshallerFactory() - .getMarshaller(entityDescriptor); - out.marshall(entityDescriptor, document); - - } - - //sign metadata - Signer.signObject(signature); - - //transform metadata object to XML string - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(document); - transformer.transform(source, sr); - sw.close(); - - return sw.toString(); - } - - - private RoleDescriptor generateSPMetadata(String instancePublicURLPrefix) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { - SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); - spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - spSSODescriptor.setAuthnRequestsSigned(true); - spSSODescriptor.setWantAssertionsSigned(false); - - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - - //Set AuthRequest Signing certificate - Credential authcredential = getRequestorResponseSigningCredentials(); - if (authcredential == null) { - Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. "); - return null; - - } else { - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - } - - //Set assertion encryption credentials - Credential authEncCredential = getEncryptionCredentials(); - - if (authEncCredential != null) { - KeyDescriptor encryKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - encryKeyDescriptor.setUse(UsageType.ENCRYPTION); - encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); - spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); - - } else { - Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); - - } - - //check nameID formates - if (getSPAllowedNameITTypes() == null || getSPAllowedNameITTypes().size() == 0) { - Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); - return null; - - } else { - for (String format : getSPAllowedNameITTypes()) { - NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - nameIDFormat.setFormat(format); - spSSODescriptor.getNameIDFormats().add(nameIDFormat); - - } - } - - - //add POST-Binding assertion consumer services - if (MiscUtil.isNotEmpty(getSPAssertionConsumerServicePostBindingURL())) { - AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - postassertionConsumerService.setIndex(0); - postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - postassertionConsumerService.setLocation(instancePublicURLPrefix + getSPAssertionConsumerServicePostBindingURL()); - postassertionConsumerService.setIsDefault(true); - spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - } - - //add POST-Binding assertion consumer services - if (MiscUtil.isNotEmpty(getSPAssertionConsumerServiceRedirectBindingURL())) { - AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); - redirectassertionConsumerService.setIndex(1); - redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - redirectassertionConsumerService.setLocation(instancePublicURLPrefix + getSPAssertionConsumerServiceRedirectBindingURL()); - spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); - - } - - //validate WebSSO endpoints - if (spSSODescriptor.getAssertionConsumerServices().size() == 0) { - Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. "); - return null; - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(getSPSLOPostBindingURL())) { - SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postSLOService.setLocation(instancePublicURLPrefix + getSPSLOPostBindingURL()); - postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(postSLOService); - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(getSPSLORedirectBindingURL())) { - SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(instancePublicURLPrefix + getSPSLORedirectBindingURL()); - redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); - - } - - //add POST-Binding SLO descriptor - if (MiscUtil.isNotEmpty(getSPSLOSOAPBindingURL())) { - SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - soapSLOService.setLocation(instancePublicURLPrefix + getSPSLOSOAPBindingURL()); - soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - spSSODescriptor.getSingleLogoutServices().add(soapSLOService); - - } - - - //add required attributes - List reqSPAttr = getSPRequiredAttributes(); - AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); - - attributeService.setIndex(0); - attributeService.setIsDefault(true); - ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); - serviceName.setName(new LocalizedString("Default Service", "en")); - attributeService.getNames().add(serviceName); - - if (reqSPAttr != null && reqSPAttr.size() > 0) { - Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata"); - attributeService.getRequestAttributes().addAll(reqSPAttr); - - } else { - Logger.debug("SP metadata contains NO requested attributes."); - - } - - spSSODescriptor.getAttributeConsumingServices().add(attributeService); - - return spSSODescriptor; - } - - private IDPSSODescriptor generateIDPMetadata(String instancePublicURLPrefix) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { - //check response signing credential - Credential responseSignCred = getRequestorResponseSigningCredentials(); - if (responseSignCred == null) { - Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. "); - return null; - - } - - //check nameID formates - if (getIDPPossibleNameITTypes() == null || getIDPPossibleNameITTypes().size() == 0) { - Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); - return null; - - } - - // build SAML2 IDP-SSO descriptor element - IDPSSODescriptor idpSSODescriptor = SAML2Utils - .createSAMLObject(IDPSSODescriptor.class); - - idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - //set ass default value, because PVP 2.x specification defines this feature as MUST - idpSSODescriptor.setWantAuthnRequestsSigned(true); - - // add WebSSO descriptor for POST-Binding - if (MiscUtil.isNotEmpty(getIDPWebSSOPostBindingURL())) { - SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(instancePublicURLPrefix + getIDPWebSSOPostBindingURL()); - postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); - - } - - // add WebSSO descriptor for Redirect-Binding - if (MiscUtil.isNotEmpty(getIDPWebSSORedirectBindingURL())) { - SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(instancePublicURLPrefix + getIDPWebSSORedirectBindingURL()); - postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); - - } - - //add Single LogOut POST-Binding endpoing - if (MiscUtil.isNotEmpty(getIDPSLOPostBindingURL())) { - SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - postSLOService.setLocation(instancePublicURLPrefix + getIDPSLOPostBindingURL()); - postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleLogoutServices().add(postSLOService); - - } - - //add Single LogOut Redirect-Binding endpoing - if (MiscUtil.isNotEmpty(getIDPSLORedirectBindingURL())) { - SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); - redirectSLOService.setLocation(instancePublicURLPrefix + getIDPSLORedirectBindingURL()); - redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); - - } - - //validate WebSSO endpoints - if (idpSSODescriptor.getSingleSignOnServices().size() == 0) { - Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. "); - return null; - - } - - //set assertion signing key - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(getRequestorResponseSigningCredentials())); - idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - //set IDP attribute set - idpSSODescriptor.getAttributes().addAll(getIDPPossibleAttributes()); - - //set providable nameID formats - for (String format : getIDPPossibleNameITTypes()) { - NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - nameIDFormat.setFormat(format); - idpSSODescriptor.getNameIDFormats().add(nameIDFormat); - - } - - return idpSSODescriptor; - - } - - private Signature getIDPSignature(Credential credentials) { - PrivateKey privatekey = credentials.getPrivateKey(); - Signature signer = SAML2Utils.createSAMLObject(Signature.class); - - if (privatekey instanceof RSAPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); - - } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { - signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1); - - } else { - Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); - - - } - - signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); - signer.setSigningCredential(credentials); - return signer; - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java new file mode 100644 index 000000000..3418ffb69 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java @@ -0,0 +1,460 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.PrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("PVPMetadataBuilder") +public class PVPMetadataBuilder { + + X509KeyInfoGeneratorFactory keyInfoFactory = null; + + /** + * + */ + public PVPMetadataBuilder() { + keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityIDAsKeyName(true); + keyInfoFactory.setEmitEntityCertificate(true); + + } + + + /** + * + * Build PVP 2.1 conform SAML2 metadata + * + * @param config + * PVPMetadataBuilder configuration + * + * @return PVP metadata as XML String + * @throws SecurityException + * @throws ConfigurationException + * @throws CredentialsNotAvailableException + * @throws TransformerFactoryConfigurationError + * @throws MarshallingException + * @throws TransformerException + * @throws ParserConfigurationException + * @throws IOException + * @throws SignatureException + */ + public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException { + DateTime date = new DateTime(); + EntityDescriptor entityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + //set entityID + entityDescriptor.setEntityID(config.getEntityID()); + + //set contact and organisation information + List contactPersons = config.getContactPersonInformation(); + if (contactPersons != null) + entityDescriptor.getContactPersons().addAll(contactPersons); + + Organization organisation = config.getOrgansiationInformation(); + if (organisation != null) + entityDescriptor.setOrganization(organisation); + + //set IDP metadata + if (config.buildIDPSSODescriptor()) { + RoleDescriptor idpSSODesc = generateIDPMetadata(config); + if (idpSSODesc != null) + entityDescriptor.getRoleDescriptors().add(idpSSODesc); + + } + + //set SP metadata for interfederation + if (config.buildSPSSODescriptor()) { + RoleDescriptor spSSODesc = generateSPMetadata(config); + if (spSSODesc != null) + entityDescriptor.getRoleDescriptors().add(spSSODesc); + + } + + //set metadata signature parameters + Credential metadataSignCred = config.getMetadataSigningCredentials(); + Signature signature = getIDPSignature(metadataSignCred); + SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null); + + + //initialize XML document builder + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + + + //build entities descriptor + if (config.buildEntitiesDescriptorAsRootElement()) { + EntitiesDescriptor entitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + entitiesDescriptor.setName(config.getEntityFriendlyName()); + entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); + entitiesDescriptor.getEntityDescriptors().add(entityDescriptor); + + entitiesDescriptor.setSignature(signature); + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entitiesDescriptor); + out.marshall(entitiesDescriptor, document); + + } else { + entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil())); + + entityDescriptor.setSignature(signature); + + //marshall document + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(entityDescriptor); + out.marshall(entityDescriptor, document); + + } + + //sign metadata + Signer.signObject(signature); + + //transform metadata object to XML string + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + return sw.toString(); + } + + + private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class); + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(false); + + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + //Set AuthRequest Signing certificate + Credential authcredential = config.getRequestorResponseSigningCredentials(); + if (authcredential == null) { + Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. "); + return null; + + } else { + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + } + + //Set assertion encryption credentials + Credential authEncCredential = config.getEncryptionCredentials(); + + if (authEncCredential != null) { + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + //check nameID formates + if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) { + Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } else { + for (String format : config.getSPAllowedNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + spSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + } + + + //add POST-Binding assertion consumer services + if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) { + AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL()); + postassertionConsumerService.setIsDefault(true); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + } + + //add POST-Binding assertion consumer services + if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) { + AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL()); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + } + + //validate WebSSO endpoints + if (spSSODescriptor.getAssertionConsumerServices().size() == 0) { + Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. "); + return null; + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(config.getSPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(config.getSPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //add POST-Binding SLO descriptor + if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) { + SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + soapSLOService.setLocation(config.getSPSLOSOAPBindingURL()); + soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + spSSODescriptor.getSingleLogoutServices().add(soapSLOService); + + } + + + //add required attributes + List reqSPAttr = config.getSPRequiredAttributes(); + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "en")); + attributeService.getNames().add(serviceName); + + if (reqSPAttr != null && reqSPAttr.size() > 0) { + Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata"); + attributeService.getRequestAttributes().addAll(reqSPAttr); + + } else { + Logger.debug("SP metadata contains NO requested attributes."); + + } + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + return spSSODescriptor; + } + + private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + //check response signing credential + Credential responseSignCred = config.getRequestorResponseSigningCredentials(); + if (responseSignCred == null) { + Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. "); + return null; + + } + + //check nameID formates + if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) { + Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. "); + return null; + + } + + // build SAML2 IDP-SSO descriptor element + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + //set ass default value, because PVP 2.x specification defines this feature as MUST + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + // add WebSSO descriptor for POST-Binding + if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + // add WebSSO descriptor for Redirect-Binding + if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) { + SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL()); + postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService); + + } + + //add Single LogOut POST-Binding endpoing + if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) { + SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + postSLOService.setLocation(config.getIDPSLOPostBindingURL()); + postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + //add Single LogOut Redirect-Binding endpoing + if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) { + SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class); + redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL()); + redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + } + + //validate WebSSO endpoints + if (idpSSODescriptor.getSingleSignOnServices().size() == 0) { + Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. "); + return null; + + } + + //set assertion signing key + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials())); + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + //set IDP attribute set + idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes()); + + //set providable nameID formats + for (String format : config.getIDPPossibleNameITTypes()) { + NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + nameIDFormat.setFormat(format); + idpSSODescriptor.getNameIDFormats().add(nameIDFormat); + + } + + return idpSSODescriptor; + + } + + private Signature getIDPSignature(Credential credentials) { + PrivateKey privatekey = credentials.getPrivateKey(); + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + + if (privatekey instanceof RSAPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) { + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1); + + } else { + Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential."); + + + } + + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index 959fc7d2d..a7fc8295a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -201,7 +201,8 @@ public class SingleLogOutBuilder { try { binding.encodeRespone(req, resp, sloResp, - consumerService.getLocation(), relayState); + consumerService.getLocation(), relayState, + credentialProvider.getIDPAssertionSigningCredential()); } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java new file mode 100644 index 000000000..e0994ff19 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java @@ -0,0 +1,288 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import java.util.Arrays; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private static final int VALIDUNTIL_IN_HOURS = 24; + + private String authURL; + private IDPCredentialProvider credentialProvider; + + public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + + } + + public String getDefaultActionName() { + return (PVP2XProtocol.METADATA); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return VALIDUNTIL_IN_HOURS; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityID() + */ + @Override + public String getEntityID() { + return authURL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + try { + return PVPConfiguration.getInstance().getIDPIssuerName(); + + } catch (ConfigurationException e) { + Logger.error("Can not load Metadata entry: EntityID friendlyName.", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return PVPConfiguration.getInstance().getIDPContacts(); + + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return PVPConfiguration.getInstance().getIDPOrganisation(); + + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return authURL + PVPConfiguration.PVP2_IDP_POST; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return authURL + PVPConfiguration.PVP2_IDP_REDIRECT; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return authURL + PVPConfiguration.PVP2_IDP_POST; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return authURL + PVPConfiguration.PVP2_IDP_REDIRECT; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List getIDPPossibleAttributes() { + return PVPAttributeBuilder.buildSupportedEmptyAttributes(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List getIDPPossibleNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT, + NameIDType.TRANSIENT, + NameIDType.UNSPECIFIED); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public List getSPRequiredAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List getSPAllowedNameITTypes() { + return null; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java new file mode 100644 index 000000000..52096fd19 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java @@ -0,0 +1,217 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +/** + * @author tlenz + * + */ +public interface IPVPMetadataBuilderConfiguration { + + + /** + * Set metadata valid area + * + * @return valid until in hours [h] + */ + public int getMetadataValidUntil(); + + /** + * Build a SAML2 Entities element as metadata root element + * + * @return true, if the metadata should start with entities element + */ + public boolean buildEntitiesDescriptorAsRootElement(); + + /** + * + * + * @return true, if an IDP SSO-descriptor element should be generated + */ + public boolean buildIDPSSODescriptor(); + + /** + * + * + * @return true, if an SP SSO-descriptor element should be generated + */ + public boolean buildSPSSODescriptor(); + + /** + * Set the PVP entityID for this SAML2 metadata. + * The entityID must be an URL and must be start with the public-URL prefix of the server + * + * @return PVP entityID postfix as String + */ + public String getEntityID(); + + /** + * Set a friendlyName for this PVP entity + * + * @return + */ + public String getEntityFriendlyName(); + + /** + * Set the contact information for this metadata entity + * + * @return + */ + public List getContactPersonInformation(); + + /** + * Set organisation information for this metadata entity + * + * @return + */ + public Organization getOrgansiationInformation(); + + + /** + * Set the credential for metadata signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for request/response signing + * IDP metadata: this credential is used for SAML2 response signing + * SP metadata: this credential is used for SAML2 response signing + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; + + /** + * Set the credential for response encryption + * + * @return + * @throws CredentialsNotAvailableException + */ + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException; + + /** + * Set the IDP Post-Binding URL for WebSSO + * + * @return + */ + public String getIDPWebSSOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL for WebSSO + * + * @return + */ + public String getIDPWebSSORedirectBindingURL(); + + /** + * Set the IDP Post-Binding URL for Single LogOut + * + * @return + */ + public String getIDPSLOPostBindingURL(); + + /** + * Set the IDP Redirect-Binding URL for Single LogOut + * + * @return + */ + public String getIDPSLORedirectBindingURL(); + + /** + * Set the SP Post-Binding URL for for the Assertion-Consumer Service + * + * @return + */ + public String getSPAssertionConsumerServicePostBindingURL(); + + /** + * Set the SP Redirect-Binding URL for the Assertion-Consumer Service + * + * @return + */ + public String getSPAssertionConsumerServiceRedirectBindingURL(); + + /** + * Set the SP Post-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLOPostBindingURL(); + + /** + * Set the SP Redirect-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLORedirectBindingURL(); + + /** + * Set the SP SOAP-Binding URL for Single LogOut + * + * @return + */ + public String getSPSLOSOAPBindingURL(); + + + /** + * Set all SAML2 attributes which could be provided by this IDP + * + * @return + */ + public List getIDPPossibleAttributes(); + + /** + * Set all nameID types which could be provided by this IDP + * + * @return a List of SAML2 nameID types + */ + public List getIDPPossibleNameITTypes(); + + /** + * Set all SAML2 attributes which are required by the SP + * + * @return + */ + public List getSPRequiredAttributes(); + + /** + * Set all nameID types which allowed from the SP + * + * @return a List of SAML2 nameID types + */ + public List getSPAllowedNameITTypes(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index f7e753273..5e44c9057 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -22,29 +22,50 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.util.ArrayList; +import java.util.List; + import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.encryption.Decrypter; +import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCriteria; import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; +import org.opensaml.xml.encryption.DecryptionException; +import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; +import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.validation.ValidationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -53,8 +74,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("SAMLVerificationEngine") public class SAMLVerificationEngine { + @Autowired AuthConfiguration authConfig; + public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { try { if (msg instanceof MOARequest && @@ -158,116 +182,110 @@ public class SAMLVerificationEngine { } } -// public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption { -// try { -// if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { -// List saml2assertions = new ArrayList(); -// -// List allowedPublicURLPrefix = -// AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); -// boolean isValidDestination = false; -// for (String allowedPreFix : allowedPublicURLPrefix) { -// if (validateDestination && samlResp.getDestination().startsWith( -// allowedPreFix)) { -// isValidDestination = true; -// break; -// -// } -// } -// if (!isValidDestination && validateDestination) { -// Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); -// throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); -// -// } -// -// //check encrypted Assertion -// List encryAssertionList = samlResp.getEncryptedAssertions(); -// if (encryAssertionList != null && encryAssertionList.size() > 0) { -// //decrypt assertions -// -// Logger.debug("Found encryped assertion. Start decryption ..."); -// -// X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); -// -// StaticKeyInfoCredentialResolver skicr = -// new StaticKeyInfoCredentialResolver(authDecCredential); -// -// ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); -// encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); -// encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); -// encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); -// -// Decrypter samlDecrypter = -// new Decrypter(null, skicr, encryptedKeyResolver); -// -// for (EncryptedAssertion encAssertion : encryAssertionList) { -// saml2assertions.add(samlDecrypter.decrypt(encAssertion)); -// -// } -// -// Logger.debug("Assertion decryption finished. "); -// -// } else { -// saml2assertions.addAll(samlResp.getAssertions()); -// -// } -// -// List validatedassertions = new ArrayList(); -// for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { -// -// try { -// performSchemaValidation(saml2assertion.getDOM()); -// -// Conditions conditions = saml2assertion.getConditions(); -// DateTime notbefore = conditions.getNotBefore().minusMinutes(5); -// DateTime notafter = conditions.getNotOnOrAfter(); -// if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { -// Logger.warn("PVP2 Assertion is out of Date. " -// + "{ Current : " + new DateTime() -// + " NotBefore: " + notbefore -// + " NotAfter : " + notafter -// + " }");; -// -// } else { -// validatedassertions.add(saml2assertion); -// -// } -// -// } catch (SchemaValidationException e) { -// -// } -// } -// -// if (validatedassertions.isEmpty()) { -// Logger.info("No valid PVP 2.1 assertion received."); -// throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); -// } -// -// samlResp.getAssertions().clear(); -// samlResp.getEncryptedAssertions().clear(); -// samlResp.getAssertions().addAll(validatedassertions); -// -// } else { -// Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " -// + samlResp.getStatus().getStatusCode().getValue()); -// throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " -// + samlResp.getStatus().getStatusCode().getValue(), null); -// } -// -// } catch (CredentialsNotAvailableException e) { -// Logger.warn("Assertion decrypt FAILED - No Credentials", e); -// throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e); -// -// } catch (DecryptionException e) { -// Logger.warn("Assertion decrypt FAILED.", e); -// throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); -// -// } catch (ConfigurationException e) { -// throw new AssertionValidationExeption("pvp.12", null, e); -// } -// } + public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption) throws AssertionValidationExeption { + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + List saml2assertions = new ArrayList(); + + //validate destination URL + List allowedPublicURLPrefix = authConfig.getPublicURLPrefix(); + boolean isValidDestination = false; + for (String allowedPreFix : allowedPublicURLPrefix) { + if (validateDestination && samlResp.getDestination().startsWith( + allowedPreFix)) { + isValidDestination = true; + break; + + } + } + if (!isValidDestination && validateDestination) { + Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + + } + + //check encrypted Assertion + List encryAssertionList = samlResp.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + //decrypt assertions + + Logger.debug("Found encryped assertion. Start decryption ..."); + + StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(assertionDecryption); + + ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); + + Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + Logger.debug("Assertion decryption finished. "); + + } else { + saml2assertions.addAll(samlResp.getAssertions()); + + } + + List validatedassertions = new ArrayList(); + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + try { + performSchemaValidation(saml2assertion.getDOM()); + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore().minusMinutes(5); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + Logger.warn("PVP2 Assertion is out of Date. " + + "{ Current : " + new DateTime() + + " NotBefore: " + notbefore + + " NotAfter : " + notafter + + " }");; + + } else { + validatedassertions.add(saml2assertion); + + } + + } catch (SchemaValidationException e) { + + } + } + + if (validatedassertions.isEmpty()) { + Logger.info("No valid PVP 2.1 assertion received."); + throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); + } + + samlResp.getAssertions().clear(); + samlResp.getEncryptedAssertions().clear(); + samlResp.getAssertions().addAll(validatedassertions); + + } else { + Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue()); + throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue(), null); + } + + } catch (DecryptionException e) { + Logger.warn("Assertion decrypt FAILED.", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); + + } catch (ConfigurationException e) { + throw new AssertionValidationExeption("pvp.12", null, e); + } + } - private static void performSchemaValidation(Element source) throws SchemaValidationException { + private void performSchemaValidation(Element source) throws SchemaValidationException { String err = null; try { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 44b1fe2da..54db1d8ff 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -62,6 +62,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { + Logger.info("BKU is selected -> Start BKU communication ..."); defaultTaskInitialization(request, executionContext); boolean isLegacyRequest = false; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java deleted file mode 100644 index 45d76d4fe..000000000 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/builder/FederatedAuthMetadataBuilder.java +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.federatedauth.builder; - -import java.util.Arrays; -import java.util.List; - -import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.metadata.ContactPerson; -import org.opensaml.saml2.metadata.Organization; -import org.opensaml.saml2.metadata.RequestedAttribute; -import org.opensaml.xml.security.credential.Credential; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Service("FederatedAuthMetadataBuilder") -public class FederatedAuthMetadataBuilder extends AbstractPVPMetadataBuilder { - - @Autowired FederatedAuthCredentialProvider credentialProvider; - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() - */ - @Override - public int getMetadataValidUntil() { - return FederatedAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() - */ - @Override - public boolean buildEntitiesDescriptorAsRootElement() { - return false; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() - */ - @Override - public boolean buildIDPSSODescriptor() { - return false; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() - */ - @Override - public boolean buildSPSSODescriptor() { - return true; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() - */ - @Override - public String getEntityIDPostfix() { - return FederatedAuthConstants.ENDPOINT_METADATA; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() - */ - @Override - public String getEntityFriendlyName() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() - */ - @Override - public List getContactPersonInformation() { - try { - return PVPConfiguration.getInstance().getIDPContacts(); - - } catch (ConfigurationException e) { - Logger.warn("Can not load Metadata entry: Contect Person", e); - return null; - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() - */ - @Override - public Organization getOrgansiationInformation() { - try { - return PVPConfiguration.getInstance().getIDPOrganisation(); - - } catch (ConfigurationException e) { - Logger.warn("Can not load Metadata entry: Organisation", e); - return null; - - } - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() - */ - @Override - public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPMetaDataSigningCredential(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() - */ - @Override - public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPAssertionSigningCredential(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() - */ - @Override - public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { - return credentialProvider.getIDPAssertionEncryptionCredential(); - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() - */ - @Override - public String getIDPWebSSOPostBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() - */ - @Override - public String getIDPWebSSORedirectBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() - */ - @Override - public String getIDPSLOPostBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() - */ - @Override - public String getIDPSLORedirectBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() - */ - @Override - public String getSPAssertionConsumerServicePostBindingURL() { - return FederatedAuthConstants.ENDPOINT_POST; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() - */ - @Override - public String getSPAssertionConsumerServiceRedirectBindingURL() { - return FederatedAuthConstants.ENDPOINT_REDIRECT; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() - */ - @Override - public String getSPSLOPostBindingURL() { - return FederatedAuthConstants.ENDPOINT_POST; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() - */ - @Override - public String getSPSLORedirectBindingURL() { - return FederatedAuthConstants.ENDPOINT_REDIRECT; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() - */ - @Override - public String getSPSLOSOAPBindingURL() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() - */ - @Override - public List getIDPPossibleAttributes() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() - */ - @Override - public List getIDPPossibleNameITTypes() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() - */ - @Override - public List getSPRequiredAttributes() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() - */ - @Override - public List getSPAllowedNameITTypes() { - return Arrays.asList(NameIDType.PERSISTENT, - NameIDType.TRANSIENT, - NameIDType.UNSPECIFIED); - - } - -} diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java new file mode 100644 index 000000000..29b6ea18b --- /dev/null +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -0,0 +1,281 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; + +import java.util.Arrays; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + + private static final int VALIDUNTIL_IN_HOURS = 24; + + private String authURL; + private FederatedAuthCredentialProvider credentialProvider; + + public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return FederatedAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + FederatedAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List getContactPersonInformation() { + try { + return PVPConfiguration.getInstance().getIDPContacts(); + + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return PVPConfiguration.getInstance().getIDPOrganisation(); + + } catch (ConfigurationException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + FederatedAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + FederatedAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return authURL + FederatedAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return authURL + FederatedAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public List getSPRequiredAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT, + NameIDType.TRANSIENT, + NameIDType.UNSPECIFIED); + + } + +} -- cgit v1.2.3 From f04f5ff7977d87bdad7ed48b00fbffce239a416e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 26 Feb 2016 08:30:01 +0100 Subject: Change CitizenCard AuthModule implementation to make it reusable in other modules --- .../id/auth/modules/internal/AuthModuleImpl.java | 44 ------------------- .../internal/DefaultCitizenCardAuthModuleImpl.java | 50 ++++++++++++++++++++++ ...t.gv.egovernment.moa.id.auth.modules.AuthModule | 2 +- 3 files changed, 51 insertions(+), 45 deletions(-) delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java deleted file mode 100644 index 29118ac17..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java +++ /dev/null @@ -1,44 +0,0 @@ -package at.gv.egovernment.moa.id.auth.modules.internal; - - -import org.apache.commons.lang3.StringUtils; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; - -/** - * Module descriptor - */ -public class AuthModuleImpl implements AuthModule { - - @Override - public int getPriority() { - return 0; - } - - @Override - public String selectProcess(ExecutionContext context) { - //select process if BKU is selected and it is no STORK authentication - - boolean performBKUSelection = false; - Object performBKUSelectionObj = context.get("performBKUSelection"); - if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) - performBKUSelection = (boolean) performBKUSelectionObj; - - if (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && - !performBKUSelection) - return "DefaultAuthentication"; - - else - return null; - - } - - @Override - public String[] getProcessDefinitions() { - return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml" }; - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java new file mode 100644 index 000000000..cbdef7093 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -0,0 +1,50 @@ +package at.gv.egovernment.moa.id.auth.modules.internal; + + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * Module descriptor + */ +public class DefaultCitizenCardAuthModuleImpl implements AuthModule { + + @Override + public int getPriority() { + return 0; + } + + public String getProcessName() { + return "DefaultAuthentication"; + + + } + + @Override + public String selectProcess(ExecutionContext context) { + //select process if BKU is selected and it is no STORK authentication + + boolean performBKUSelection = false; + Object performBKUSelectionObj = context.get("performBKUSelection"); + if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) + performBKUSelection = (boolean) performBKUSelectionObj; + + if (StringUtils.isBlank((String) context.get("ccc")) && + StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && + !performBKUSelection) + return getProcessName(); + + else + return null; + + } + + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule index 02b4e5d7c..e628fbd1b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -1,2 +1,2 @@ # The default moaid process -at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl +at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl -- cgit v1.2.3 From d6a3569addaf5a7db27dd3e79a4ba4bcd27c2486 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 8 Mar 2016 10:55:47 +0100 Subject: update mandate ReferenceValue generator. This was necessary to get a referencevalue, which is MIS conform and which could used as SAML2 RequestID --- .../moa/id/auth/data/AuthenticationSession.java | 22 ++--- .../java/at/gv/egovernment/moa/id/util/Random.java | 95 ++++++++++++++++++---- .../AuthenticationBlockAssertionBuilder.java | 10 ++- 3 files changed, 99 insertions(+), 28 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 196415ddc..7873fb96d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -86,7 +86,7 @@ public class AuthenticationSession implements Serializable { /** * Use mandate */ - private boolean useMandate; + private boolean useMandates; private boolean isOW = false; @@ -371,19 +371,22 @@ public class AuthenticationSession implements Serializable { */ public void setUseMandate(String useMandate) { if (useMandate.compareToIgnoreCase("true") == 0) - this.useMandate = true; + this.useMandates = true; else - this.useMandate = false; + this.useMandates = false; + + } + + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; } /** - * Returns if mandate is used or not - * * @return */ - public boolean getUseMandate() { - return this.useMandate; + public boolean isMandateUsed() { + return this.useMandates; } /** @@ -502,6 +505,7 @@ public class AuthenticationSession implements Serializable { return genericSessionDataStorate; } + /** * Returns a generic session-data object with is stored with a specific identifier * @@ -579,7 +583,5 @@ public class AuthenticationSession implements Serializable { Logger.trace("Add generic session-data with key:" + key + " to session."); genericSessionDataStorate.put(key, object); - } - - + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 22a021d99..07679999b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -47,10 +47,17 @@ package at.gv.egovernment.moa.id.util; -import iaik.security.random.SeedGenerator; - import java.nio.ByteBuffer; import java.security.SecureRandom; +import java.text.DateFormat; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.apache.commons.codec.binary.Hex; + +import com.google.common.primitives.Bytes; + +import iaik.security.random.SeedGenerator; /** @@ -60,37 +67,97 @@ import java.security.SecureRandom; */ public class Random { + + private final static char[] allowedPreFix = + {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z', + 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'}; + private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM"); + /** random number generator used */ //private static SecureRandom random = new SecureRandom(); private static SecureRandom random; - private static SeedGenerator seedgenerator; - + private static SeedGenerator seedgenerator; + static { random = iaik.security.random.SHA256FIPS186Random.getDefault(); seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault(); - } + + /** + * Generate a unique process reference-value [160bit], which always starts with a letter + *
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM], + * and a 88bit random value. + * + * @return 160bit ID, which is hex encoded + */ + public static String nextProcessReferenceValue() { + //pre-process all three parts of a unique reference value + String now = dateFormater.format(new Date()); //8 bytes = 64bit + byte[] randValue = nextByteRandom(11); + char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)]; + + //generate ID + return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue), true)); // 20 bytes = 160 bits + + } + + + + /** + * Creates a new random number [256bit], and encode it as hex value. + * + * @return random hex encoded value [256bit] + */ + public static String nextHexRandom() { + return new String(Hex.encodeHex(nextByteRandom(32), true)); // 32 bytes = 256 bits + + } + + /** + * Creates a new random number [64bit], to be used as an ID. + * + * @return random long as a String [64bit] + */ + public static String nextLongRandom() { + return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits + + } + /** * Creates a new random number, to be used as an ID. * - * @return random long as a String + * @return random long as a String [64bit] */ - public static String nextRandom() { - - byte[] b = new byte[32]; // 32 bytes = 256 bits - random.nextBytes(b); - - ByteBuffer bb = ByteBuffer.wrap(b); - long l = bb.getLong(); + @Deprecated + public static String nextRandom() { + long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits return "" + Math.abs(l); - } + public static void seedRandom() { if (seedgenerator.seedAvailable()) random.setSeed(seedgenerator.getSeed()); + } + + private static long generateLongRandom(int size) { + return ByteBuffer.wrap(nextByteRandom(size)).getLong(); + } + + /** + * Generate a new random number + * + * @param size Size of random number in bits + * @return + */ + private static byte[] nextByteRandom(int size) { + byte[] b = new byte[size]; + random.nextBytes(b); + return b; + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 9ae1dc6a7..f00f4386f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -232,9 +232,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(bpkAttribute); } - boolean useMandate = session.getUseMandate(); + boolean useMandate = session.isMandateUsed(); if (useMandate) { - String mandateReferenceValue = Random.nextRandom(); + //String mandateReferenceValue = Random.nextRandom(); + String mandateReferenceValue = Random.nextProcessReferenceValue(); // remove leading "-" if (mandateReferenceValue.startsWith("-")) mandateReferenceValue = mandateReferenceValue.substring(1); @@ -488,9 +489,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion if (target != null) { - boolean useMandate = session.getUseMandate(); + boolean useMandate = session.isMandateUsed(); if (useMandate) { - String mandateReferenceValue = Random.nextRandom(); + //String mandateReferenceValue = Random.nextRandom(); + String mandateReferenceValue = Random.nextProcessReferenceValue(); // remove leading "-" if (mandateReferenceValue.startsWith("-")) mandateReferenceValue = mandateReferenceValue.substring(1); -- cgit v1.2.3 From e2d27757411fdcba586cc162f362c72ca3ae689c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 8 Mar 2016 11:09:04 +0100 Subject: move SpingWebContextInitialisation into an appropriate jar to use moa-id-lib in other Spring based web applications --- .../moa/id/auth/MOAIDAuthInitializer.java | 282 --------------------- .../id/auth/MOAIDAuthSpringResourceProvider.java | 66 ----- id/server/moa-id-spring-initializer/pom.xml | 45 ++++ .../moa/id/auth/MOAIDAuthSpringInitializer.java | 151 +++++++++++ .../id/auth/MOAIDAuthSpringResourceProvider.java | 66 +++++ ...iz.components.spring.api.SpringResourceProvider | 1 + ...enCardAuthenticationSpringResourceProvider.java | 2 +- .../eIDASAuthenticationSpringResourceProvider.java | 3 +- 8 files changed, 265 insertions(+), 351 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java create mode 100644 id/server/moa-id-spring-initializer/pom.xml create mode 100644 id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java create mode 100644 id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java create mode 100644 id/server/moa-id-spring-initializer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java deleted file mode 100644 index ce158d7fe..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ /dev/null @@ -1,282 +0,0 @@ - - - -package at.gv.egovernment.moa.id.auth; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.Security; - -import javax.activation.CommandMap; -import javax.activation.MailcapCommandMap; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRegistration; - -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.beans.factory.support.BeanDefinitionRegistry; -import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; -import org.springframework.context.support.GenericApplicationContext; -import org.springframework.web.WebApplicationInitializer; -import org.springframework.web.context.ContextLoaderListener; -import org.springframework.web.context.request.RequestContextListener; -import org.springframework.web.context.support.GenericWebApplicationContext; -import org.springframework.web.context.support.ServletContextResource; -import org.springframework.web.servlet.DispatcherServlet; - -import at.gv.egiz.components.spring.api.SpringLoader; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; -import iaik.pki.PKIException; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; - -/** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class MOAIDAuthInitializer implements WebApplicationInitializer { - - private String[] rootServletContexts = null; - - private String[] servletContexts = null; - - private String[] activeProfiles = null; - - public MOAIDAuthInitializer() { - this.rootServletContexts = null; - this.servletContexts = new String[] { - "/WEB-INF/applicationContext.xml", - - }; - this.activeProfiles = null; - } - - - /* (non-Javadoc) - * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.ServletContext) - */ - @Override - public void onStartup(ServletContext servletContext) throws ServletException { - try { - Logger.info("=============== Loading Root Context! ==============="); - GenericWebApplicationContext rootContext = new GenericWebApplicationContext(); - rootContext.setServletContext(servletContext); - - Logger.info("=============== Setting active profiles! ==============="); - if (this.activeProfiles != null) { - for (String profile : this.activeProfiles) { - rootContext.getEnvironment().addActiveProfile(profile); - } - } - - Logger.info("=============== Loading Local Contexts! ==============="); - XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader( - rootContext); - if (rootServletContexts != null) { - for (String rootServletContext : rootServletContexts) { - Logger.debug("Loading: "+ rootServletContext); - xmlReader.loadBeanDefinitions(new ServletContextResource( - servletContext, rootServletContext)); - } - } - // Manage the lifecycle of the root application context - servletContext.addListener(new ContextLoaderListener(rootContext)); - - // logger.debug("Beans after logAMQP in {}", rootContext); - // dumpBeanDefinitions(rootContext); - - Logger.info("=============== Loading SPI Context! ==============="); - // logger.debug("Startup with context {}", rootContext); - if (rootContext instanceof BeanDefinitionRegistry) { - Logger.debug("Loading EGIZ components"); - SpringLoader - .loadSpringServices(rootContext); - } else { - Logger.warn("Failed to load external Spring since no BeanDefinitionRegistry"); - } - - Logger.trace("Beans after SPI in "+ rootContext); - dumpBeanDefinitions(rootContext); - - Logger.debug("Loading servlet config in "+ rootContext); - if (servletContexts != null) { - for (String servletContextString : servletContexts) { - xmlReader.loadBeanDefinitions(new ServletContextResource( - servletContext, servletContextString)); - } - } - Logger.debug("Refreshing context "+ rootContext); - rootContext.refresh(); - - Logger.info("=============== Register Dispatcher Servlet! ==============="); - - Logger.trace("Final Beans in "+ rootContext); - dumpBeanDefinitions(rootContext); - - - Logger.info("Registering dispatcher configuration"); - ServletRegistration.Dynamic dispatcher = servletContext.addServlet( - "dispatcher", new DispatcherServlet(rootContext)); - if (dispatcher != null) { - dispatcher.setLoadOnStartup(1); - dispatcher.addMapping("/"); - dispatcher.setAsyncSupported(true); - } else { - Logger.error("Failed to register dispatcher server in servlet context!"); - } - - Logger.info("=============== Register RequestContextListener! ==============="); - servletContext.addListener(new RequestContextListener()); - - Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ..."); - MOAIDAuthInitializer.initialize(rootContext); - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "init.00", null)); - Logger.info("MOA-ID-Auth initialization finished."); - - - } catch (Throwable e) { - Logger.fatal( - MOAIDMessageProvider.getInstance().getMessage("init.02", - null), e); - - } - - } - - - - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - * @param rootContext - */ - public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, - PKIException, IOException, GeneralSecurityException { - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " - + System.getProperty("file.encoding")); - - - //JDK bug workaround according to: - // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier - // register content data handlers for S/MIME types - MailcapCommandMap mc = new MailcapCommandMap(); - CommandMap.setDefaultCommandMap(mc); - - if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites"))) - System.setProperty( - "https.cipherSuites", - "TLS_DH_anon_WITH_AES_128_CBC_SHA" + - ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + - ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + - ",TLS_RSA_WITH_AES_128_CBC_SHA" + - ",TLS_RSA_WITH_AES_256_CBC_SHA" + - ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" + - ",SSL_RSA_WITH_3DES_EDE_CBC_SHA" - ); - - - - // load some jsse classes so that the integrity of the jars can be - // verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction - // with - // iaik-jce (on jdk1.3) - ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } catch (ClassNotFoundException e) { - Logger.warn(MOAIDMessageProvider.getInstance().getMessage( - "init.01", null), e); - } - - Logger.info("Loading Java security providers."); - IAIK.addAsProvider(); - ECCProvider.addAsProvider(); - - // Initializes SSLSocketFactory store - SSLUtils.initialize(); - - // Initializes Namespace Map - Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); - Constants.nSMap.put(Constants.ECDSA_PREFIX, - "http://www.w3.org/2001/04/xmldsig-more#"); - Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - - - // Initialize configuration provider - AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext); - - //test, if MOA-ID is already configured - authConf.getPublicURLPrefix(); - - - // Initialize MOA-SP - //MOA-SP is only use by API calls since MOA-ID 3.0.0 - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - ConfigurationProvider config = ConfigurationProvider - .getInstance(); - new IaikConfigurator().configure(config); - - } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { - throw new ConfigurationException("config.10", new Object[] { ex - .toString() }, ex); - - } - - - //IAIK.addAsProvider(); - //ECCProvider.addAsProvider(); - - Security.insertProviderAt(IAIK.getInstance(), 0); - Security.addProvider(new ECCProvider()); - - if (Logger.isDebugEnabled()) { - Logger.debug("Loaded Security Provider:"); - Provider[] providerList = Security.getProviders(); - for (int i=0; i " + beanDefinition.getBeanClassName()); - - } - - Logger.trace("Registered Bean in context --"+ context); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java deleted file mode 100644 index a82a958db..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth; - -import org.springframework.core.io.ClassPathResource; -import org.springframework.core.io.Resource; - -import at.gv.egiz.components.spring.api.SpringResourceProvider; - -/** - * @author tlenz - * - */ -public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider { - - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() - */ - @Override - public Resource[] getResourcesToLoad() { - ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthSpringResourceProvider.class); - ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthSpringResourceProvider.class); - ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthSpringResourceProvider.class); - - return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans}; - - } - - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() - */ - @Override - public String[] getPackagesToScan() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() - */ - @Override - public String getName() { - return "MOA-ID-Auth SpringResourceProvider"; - } - -} diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml new file mode 100644 index 000000000..d838bbe53 --- /dev/null +++ b/id/server/moa-id-spring-initializer/pom.xml @@ -0,0 +1,45 @@ + + 4.0.0 + + MOA.id + moa-id + 3.x + + + MOA.id.server + moa-id-spring-initializer + ${moa-id-version} + + jar + MOA-ID Spring Initializer + + + ${basedir}/../../../repository + + + + + MOA.id.server + moa-id-lib + + + + at.gv.egiz.components + egiz-spring-api + 0.1 + + + + org.springframework + spring-webmvc + + + + javax.servlet + javax.servlet-api + provided + + + + + \ No newline at end of file diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java new file mode 100644 index 000000000..75e076d84 --- /dev/null +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java @@ -0,0 +1,151 @@ +package at.gv.egovernment.moa.id.auth; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletRegistration; + +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.beans.factory.support.BeanDefinitionRegistry; +import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; +import org.springframework.context.support.GenericApplicationContext; +import org.springframework.web.WebApplicationInitializer; +import org.springframework.web.context.ContextLoaderListener; +import org.springframework.web.context.request.RequestContextListener; +import org.springframework.web.context.support.GenericWebApplicationContext; +import org.springframework.web.context.support.ServletContextResource; +import org.springframework.web.servlet.DispatcherServlet; + +import at.gv.egiz.components.spring.api.SpringLoader; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Web application initializer + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDAuthSpringInitializer implements WebApplicationInitializer { + + private String[] rootServletContexts = null; + + private String[] servletContexts = null; + + private String[] activeProfiles = null; + + public MOAIDAuthSpringInitializer() { + this.rootServletContexts = null; + this.servletContexts = new String[] { + "/WEB-INF/applicationContext.xml", + + }; + this.activeProfiles = null; + } + + + /* (non-Javadoc) + * @see org.springframework.web.WebApplicationInitializer#onStartup(javax.servlet.ServletContext) + */ + @Override + public void onStartup(ServletContext servletContext) throws ServletException { + try { + Logger.info("=============== Loading Root Context! ==============="); + GenericWebApplicationContext rootContext = new GenericWebApplicationContext(); + rootContext.setServletContext(servletContext); + + Logger.info("=============== Setting active profiles! ==============="); + if (this.activeProfiles != null) { + for (String profile : this.activeProfiles) { + rootContext.getEnvironment().addActiveProfile(profile); + } + } + + Logger.info("=============== Loading Local Contexts! ==============="); + XmlBeanDefinitionReader xmlReader = new XmlBeanDefinitionReader( + rootContext); + if (rootServletContexts != null) { + for (String rootServletContext : rootServletContexts) { + Logger.debug("Loading: "+ rootServletContext); + xmlReader.loadBeanDefinitions(new ServletContextResource( + servletContext, rootServletContext)); + } + } + // Manage the lifecycle of the root application context + servletContext.addListener(new ContextLoaderListener(rootContext)); + + // logger.debug("Beans after logAMQP in {}", rootContext); + // dumpBeanDefinitions(rootContext); + + Logger.info("=============== Loading SPI Context! ==============="); + // logger.debug("Startup with context {}", rootContext); + if (rootContext instanceof BeanDefinitionRegistry) { + Logger.debug("Loading EGIZ components"); + SpringLoader + .loadSpringServices(rootContext); + } else { + Logger.warn("Failed to load external Spring since no BeanDefinitionRegistry"); + } + + Logger.trace("Beans after SPI in "+ rootContext); + dumpBeanDefinitions(rootContext); + + Logger.debug("Loading servlet config in "+ rootContext); + if (servletContexts != null) { + for (String servletContextString : servletContexts) { + xmlReader.loadBeanDefinitions(new ServletContextResource( + servletContext, servletContextString)); + } + } + Logger.debug("Refreshing context "+ rootContext); + rootContext.refresh(); + + Logger.info("=============== Register Dispatcher Servlet! ==============="); + + Logger.trace("Final Beans in "+ rootContext); + dumpBeanDefinitions(rootContext); + + + Logger.info("Registering dispatcher configuration"); + ServletRegistration.Dynamic dispatcher = servletContext.addServlet( + "dispatcher", new DispatcherServlet(rootContext)); + if (dispatcher != null) { + dispatcher.setLoadOnStartup(1); + dispatcher.addMapping("/"); + dispatcher.setAsyncSupported(true); + } else { + Logger.error("Failed to register dispatcher server in servlet context!"); + } + + Logger.info("=============== Register RequestContextListener! ==============="); + servletContext.addListener(new RequestContextListener()); + + Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ..."); + MOAIDAuthInitializer.initialize(rootContext); + Logger.info(MOAIDMessageProvider.getInstance().getMessage( + "init.00", null)); + Logger.info("MOA-ID-Auth initialization finished."); + + + } catch (Throwable e) { + Logger.fatal( + MOAIDMessageProvider.getInstance().getMessage("init.02", + null), e); + + } + + } + + private void dumpBeanDefinitions(GenericApplicationContext context) { + Logger.trace("Registered Bean in context " + context.toString()); + + String[] registeredBeans = context.getBeanDefinitionNames(); + for (String registeredBean : registeredBeans) { + BeanDefinition beanDefinition = context + .getBeanDefinition(registeredBean); + Logger.trace(registeredBean + " -> " + beanDefinition.getBeanClassName()); + + } + + Logger.trace("Registered Bean in context --"+ context); + } +} diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java new file mode 100644 index 000000000..def32e144 --- /dev/null +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthInitializer.class); + ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthInitializer.class); + ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthInitializer.class); + + return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans}; + + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID-Auth SpringResourceProvider"; + } + +} diff --git a/id/server/moa-id-spring-initializer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/moa-id-spring-initializer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..caaad10ca --- /dev/null +++ b/id/server/moa-id-spring-initializer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.MOAIDAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java index 18bf5a1ba..ea22b8c4f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java @@ -38,7 +38,7 @@ public class CitizenCardAuthenticationSpringResourceProvider implements SpringRe */ @Override public Resource[] getResourcesToLoad() { - ClassPathResource citizenCardAuthConfig = new ClassPathResource("/moaid_citizencard_auth.beans.xml", MOAIDAuthSpringResourceProvider.class); + ClassPathResource citizenCardAuthConfig = new ClassPathResource("/moaid_citizencard_auth.beans.xml", CitizenCardAuthenticationSpringResourceProvider.class); return new Resource[] {citizenCardAuthConfig}; } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java index 384516711..70bd7b3d7 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationSpringResourceProvider.java @@ -4,7 +4,6 @@ import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; import at.gv.egiz.components.spring.api.SpringResourceProvider; -import at.gv.egovernment.moa.id.auth.MOAIDAuthSpringResourceProvider; public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { @@ -21,7 +20,7 @@ public class eIDASAuthenticationSpringResourceProvider implements SpringResource @Override public Resource[] getResourcesToLoad() { - ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", MOAIDAuthSpringResourceProvider.class); + ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_auth.beans.xml", eIDASAuthenticationSpringResourceProvider.class); return new Resource[] {eIDASAuthConfig}; } -- cgit v1.2.3 From b9937af42fdab6b85aa1121148bda474c70f5e75 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 8 Mar 2016 11:10:19 +0100 Subject: finish first beta-version of ELGA mandate-service client-module --- .../java/at/gv/egovernment/moa/util/Constants.java | 4 + id/server/auth/pom.xml | 11 +- id/server/idserverlib/pom.xml | 17 +- .../id/advancedlogging/MOAIDEventConstants.java | 6 +- .../moa/id/advancedlogging/StatisticLogger.java | 13 +- .../moa/id/auth/MOAIDAuthConstants.java | 4 + .../moa/id/auth/MOAIDAuthInitializer.java | 166 ++ .../id/auth/builder/AuthenticationDataBuilder.java | 1652 ++++++++++---------- .../moa/id/auth/builder/BPKBuilder.java | 97 +- .../AuthenticationSessionStorageConstants.java | 2 + .../StartAuthentificationParameterParser.java | 24 +- .../moa/id/data/AuthenticationData.java | 76 +- .../at/gv/egovernment/moa/id/data/IAuthData.java | 4 +- .../at/gv/egovernment/moa/id/data/MISMandate.java | 26 +- .../java/at/gv/egovernment/moa/id/data/Trible.java | 51 + .../moa/id/moduls/AuthenticationManager.java | 4 +- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 5 +- .../attributes/BirthdateAttributeBuilder.java | 1 - .../protocols/builder/attributes/EIDSourcePIN.java | 1 - .../MandateFullMandateAttributeBuilder.java | 5 +- ...dateNaturalPersonGivenNameAttributeBuilder.java | 2 +- .../id/protocols/pvp2x/AttributQueryAction.java | 212 ++- .../id/protocols/pvp2x/AuthenticationAction.java | 15 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 22 +- .../moa/id/protocols/pvp2x/binding/IDecoder.java | 3 +- .../id/protocols/pvp2x/binding/PostBinding.java | 29 +- .../protocols/pvp2x/binding/RedirectBinding.java | 26 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 3 +- .../pvp2x/builder/AuthResponseBuilder.java | 19 +- .../pvp2x/builder/PVPAttributeBuilder.java | 49 + .../pvp2x/builder/PVPAuthnRequestBuilder.java | 15 +- .../builder/assertion/PVP2AssertionBuilder.java | 167 +- .../IPVPAuthnRequestBuilderConfiguruation.java | 17 + .../protocols/pvp2x/config/PVPConfiguration.java | 21 +- .../metadata/IMOARefreshableMetadataProvider.java | 38 + .../pvp2x/metadata/MOAMetadataProvider.java | 3 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 92 +- .../AbstractRequestSignedSecurityPolicyRule.java | 4 +- .../validation/MOAPVPSignedRequestPolicyRule.java | 17 +- .../pvp2x/verification/SAMLVerificationEngine.java | 129 +- .../verification/SAMLVerificationEngineSP.java | 161 ++ .../storage/DBAuthenticationSessionStoreage.java | 5 - .../resources/properties/id_messages_de.properties | 6 +- .../protocol_response_statuscodes_de.properties | 5 + .../id/commons/db/dao/session/OASessionStore.java | 24 +- .../internal/tasks/CertificateReadRequestTask.java | 2 +- .../tasks/InitializeBKUAuthenticationTask.java | 180 ++- .../internal/tasks/VerifyCertificateTask.java | 2 +- .../id/util/client/mis/simple/MISSimpleClient.java | 2 - .../internal/DefaultAuthentication.process.xml | 2 +- .../moa/id/auth/modules/eidas/Constants.java | 2 - .../eidas/tasks/ReceiveAuthnResponseTask.java | 4 + .../moa/id/protocols/eidas/EIDASProtocol.java | 3 +- .../eidas/eIDASAuthenticationRequest.java | 6 +- .../ELGAMandatesRequestBuilderConfiguration.java | 40 +- .../tasks/ELGAInitializeBKUAuthenticationTask.java | 107 ++ .../tasks/ReceiveElgaMandateResponseTask.java | 65 +- .../elgamandates/tasks/RequestELGAMandateTask.java | 15 +- .../utils/ELGAMandateServiceMetadataProvider.java | 5 +- .../DefaultAuth_with_ELGA_mandates.process.xml | 8 +- .../moaid_elga_mandate_client_auth.beans.xml | 4 + id/server/modules/moa-id-module-openID/pom.xml | 6 - .../data/SSOTransferAuthenticationData.java | 20 +- .../ssotransfer/utils/SSOContainerUtils.java | 4 +- .../src/test/java/at/gv/egiz/tests/Tests.java | 19 +- .../FederatedAuthnRequestBuilderConfiguration.java | 17 +- .../tasks/ReceiveAuthnResponseTask.java | 94 +- .../protocols/saml1/SAML1AuthenticationServer.java | 280 ++-- .../moa/id/protocols/saml1/SAML1Protocol.java | 11 +- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 19 +- id/server/pom.xml | 5 +- pom.xml | 8 +- 72 files changed, 2527 insertions(+), 1656 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 5d12691f8..5a5f4edac 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -443,6 +443,10 @@ public interface Constants { /** URN prefix for context dependent id (stork). */ public static final String URN_PREFIX_STORK = URN_PREFIX + ":storkid"; + + //TODO: update to eIDAS prefix + /** URN prefix for context dependent id (eIDAS). */ + public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":storkid"; /** URN prefix for context dependent id. */ public static final String URN_PREFIX_BASEID = URN_PREFIX + ":baseid"; diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index e3e9ee4f0..e88692a14 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -128,6 +128,11 @@ + + MOA.id.server + moa-id-spring-initializer + + MOA.id.server.modules @@ -172,11 +177,13 @@ moa-id-modules-federated_authentication - + + + iaik.prod diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 770230bfc..8cf2603e1 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -33,17 +33,12 @@ 6.1.1 test - + + + com.google.guava + guava + 19.0 + at.gv.egiz.components diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index d5d0a3ab1..eccd63e3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -81,7 +81,7 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402; - + //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001; @@ -92,6 +92,10 @@ public interface MOAIDEventConstants extends EventConstants { public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102; public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103; + //Attribute Provider [6000 --> 7900] + public static final int AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED = 6000; + public static final int AUTHPROCESS_ELGA_MANDATE_RECEIVED = 6001; + public static final int AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED = 6002; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 87b3bc9ca..8efdf6014 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -106,12 +107,14 @@ public class StatisticLogger { boolean isbusinessservice = isBusinessService(dbOA); dblog.setBusinessservice(isbusinessservice); dblog.setOatarget(authData.getBPKType()); - - dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession()); + + + boolean isFederatedAuthentication = protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; + dblog.setInterfederatedSSOSession(isFederatedAuthentication); - if (authData.isInterfederatedSSOSession()) { + if (isFederatedAuthentication) { dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); - dblog.setBkuurl(authData.getInterfederatedIDP()); + dblog.setBkuurl(protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); } else { dblog.setBkuurl(authData.getBkuURL()); @@ -252,7 +255,7 @@ public class StatisticLogger { dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); } - dblog.setMandatelogin(moasession.getUseMandate()); + dblog.setMandatelogin(moasession.isMandateUsed()); } } catch (MOADatabaseException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index c7ef73b47..27c87ccbf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -25,6 +25,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PARAM_TARGET = "Target"; /** servlet parameter "useMandate" */ public static final String PARAM_USEMANDATE = "useMandate"; + public static final String PARAM_USEMISMANDATE = "useMISMandate"; + public static final String PARAM_USEELGAMANDATE = "useELGAMandate"; /** servlet parameter "OA" */ public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ @@ -166,6 +168,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{ } }); + public static final String COUNTRYCODE_AUSTRIA = "AT"; + public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; public static final String MDC_TRANSACTION_ID = "transactionId"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java new file mode 100644 index 000000000..458f9afe6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -0,0 +1,166 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.Provider; +import java.security.Security; + +import javax.activation.CommandMap; +import javax.activation.MailcapCommandMap; + +import org.springframework.web.context.support.GenericWebApplicationContext; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.pki.PKIException; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; + +/** + * @author tlenz + * + */ +public class MOAIDAuthInitializer { + + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + * @param rootContext + */ + public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, + PKIException, IOException, GeneralSecurityException { + Logger.setHierarchy("moa.id.auth"); + Logger.info("Default java file.encoding: " + + System.getProperty("file.encoding")); + + + //JDK bug workaround according to: + // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier + // register content data handlers for S/MIME types + MailcapCommandMap mc = new MailcapCommandMap(); + CommandMap.setDefaultCommandMap(mc); + + if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites"))) + System.setProperty( + "https.cipherSuites", + "TLS_DH_anon_WITH_AES_128_CBC_SHA" + + ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_128_CBC_SHA" + + ",TLS_RSA_WITH_AES_256_CBC_SHA" + + ",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" + + ",SSL_RSA_WITH_3DES_EDE_CBC_SHA" + ); + + + + // load some jsse classes so that the integrity of the jars can be + // verified + // before the iaik jce is installed as the security provider + // this workaround is only needed when sun jsse is used in conjunction + // with + // iaik-jce (on jdk1.3) + ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); + try { + cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar + } catch (ClassNotFoundException e) { + Logger.warn(MOAIDMessageProvider.getInstance().getMessage( + "init.01", null), e); + } + + Logger.info("Loading Java security providers."); + IAIK.addAsProvider(); + ECCProvider.addAsProvider(); + + // Initializes SSLSocketFactory store + SSLUtils.initialize(); + + // Initializes Namespace Map + Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); + Constants.nSMap.put(Constants.ECDSA_PREFIX, + "http://www.w3.org/2001/04/xmldsig-more#"); + Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + + //seed the random number generator + Random.seedRandom(); + Logger.debug("Random-number generator is seeded."); + + // Initialize configuration provider + AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext); + + //test, if MOA-ID is already configured + authConf.getPublicURLPrefix(); + + + // Initialize MOA-SP + //MOA-SP is only use by API calls since MOA-ID 3.0.0 + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + ConfigurationProvider config = ConfigurationProvider + .getInstance(); + new IaikConfigurator().configure(config); + + } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + throw new ConfigurationException("config.10", new Object[] { ex + .toString() }, ex); + + } + + + //IAIK.addAsProvider(); + //ECCProvider.addAsProvider(); + + Security.insertProviderAt(IAIK.getInstance(), 0); + Security.addProvider(new ECCProvider()); + + if (Logger.isDebugEnabled()) { + Logger.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException { - AuthenticationData authdata = new AuthenticationData(); + + public IAuthData buildAuthenticationData(IRequest pendingReq, + AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration()); + } + + public IAuthData buildAuthenticationData(IRequest pendingReq, + AuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + AuthenticationData authdata = null; + + //only needed for SAML1 legacy support try { - //mark AttributeQuery as used if it exists - OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); - if (activeOA != null) { - //reuse some parameters if it is a Service-Provider reauthentication - authdata.setSessionIndex(activeOA.getAssertionSessionID()); - authdata.setNameID(activeOA.getUserNameID()); - authdata.setNameIDFormat(activeOA.getUserNameIDFormat()); - - //mark - if ( pendingReq instanceof PVPTargetConfiguration && - ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && - ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) { - try { - activeOA.setAttributeQueryUsed(true); - MOASessionDBUtils.saveOrUpdate(activeOA); - - } catch (MOADatabaseException e) { - Logger.error("MOASession interfederation information can not stored to database.", e); + //check if SAML1 authentication module is in Classpath + Class saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); + IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); + if (saml1RequstTemplate != null && + saml1RequstTemplate.isInstance(pendingReq)) { + //request is SAML1 --> invoke SAML1 protocol specific methods + if (session.getExtendedSAMLAttributesOA() == null) { + saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList()); - } + } else { + saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA()); } + + authdata = (AuthenticationData) saml1authdata; + + } else { + authdata = new AuthenticationData(); + } + + } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { + authdata = new AuthenticationData(); - //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration - IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes); - - //search federated IDP information for this MOASession - if (nextIDPInformation != null) { - Logger.info("Find active federated IDP information." - + ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() - + " for authentication information."); - - //load configuration of next IDP - OAAuthParameter idp = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); - if (idp == null) { - Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() - + "is not loadable."); - throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()}); - - } - - //check if next IDP config allows inbound messages - if (!idp.isInboundSSOInterfederationAllowed()) { - Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() - + "disallow inbound authentication messages."); - throw new MOAIDException("auth.33", new Object[]{nextIDPInformation.getIdpurlprefix()}); - - } - - //check next IDP service area policy. BusinessService IDPs can only request wbPKs - if (!spConfig.getBusinessService() && !idp.isIDPPublicService()) { - Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() - + " has a BusinessService-IDP but requests PublicService attributes."); - throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()}); - - } + } - //validation complete --> start AttributeQuery Request - getAuthDataFromInterfederation(authdata, reqAttributes, nextIDPInformation, idp); - - } else { - Logger.debug("Build authData for AttributQuery from local MOASession."); - buildAuthDataFormMOASession(authdata, session, spConfig, pendingReq); + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + //reuse authentication information in case of service-provider reauthentication + if (activeOA != null) { + authdata.setSessionIndex(activeOA.getAssertionSessionID()); + authdata.setNameID(activeOA.getUserNameID()); + authdata.setNameIDFormat(activeOA.getUserNameIDFormat()); + + } + + //TODO: move to eIDAS-Code in case of ISA1.18 action is enabled for eIDAS + //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway + if (oaParam.isSTORKPVPGateway()) + oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - } - - return authdata; + Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( + PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); + if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { + //only set minimal response attributes + authdata.setQAALevel( + pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class)); + authdata.setBPK( + pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class)); - } catch (MOAIDException e) { - throw e; + } else { + //build AuthenticationData from MOASession + buildAuthDataFormMOASession(authdata, session, oaParam, pendingReq); + } + + return authdata; } - - private void getAuthDataFromInterfederation( - AuthenticationData authdata, List reqQueryAttr, - InterfederationSessionStore nextIDPInfo, OAAuthParameter nextIDPConfig ) throws MOAIDException{ - String idpEnityID = nextIDPConfig.getPublicURLPrefix(); + /** + * Get PVP authentication attributes by using a SAML2 AttributeQuery + * + * @param reqQueryAttr List of PVP attributes which are requested + * @param userNameID SAML2 UserNameID of the user for which attributes are requested + * @param idpConfig Configuration of the IDP, which is requested + * @return + * @return PVP attribute DAO, which contains all received information + * @throws MOAIDException + */ + public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List reqQueryAttr, + String userNameID, IOAAuthParameters idpConfig ) throws MOAIDException{ + String idpEnityID = idpConfig.getPublicURLPrefix(); - AssertionAttributeExtractor extractor; try { Logger.debug("Starting AttributeQuery process ..."); //collect attributes by using BackChannel communication - String endpoint = nextIDPConfig.getIDPAttributQueryServiceURL(); + String endpoint = idpConfig.getIDPAttributQueryServiceURL(); if (MiscUtil.isEmpty(endpoint)) { Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID); throw new ConfigurationException("config.26", new Object[]{idpEnityID}); @@ -226,7 +202,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } //build attributQuery request - AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(nextIDPInfo.getUserNameID(), endpoint, reqQueryAttr); + AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(userNameID, endpoint, reqQueryAttr); //build SOAP request List xmlObjects = MOASAMLSOAPClient.send(endpoint, query); @@ -249,17 +225,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { MOAMetadataProvider.getInstance())); //create assertion attribute extractor from AttributeQuery response - extractor = new AssertionAttributeExtractor(intfResp); - - //copy attributes into authData object - Set includedAttrNames = extractor.getAllIncludeAttributeNames(); - for (String el : includedAttrNames) { - authdata.setGenericData(el, extractor.getSingleAttributeValue(el)); - Logger.debug("Add PVP-attribute " + el + " into authData objext"); - - } - - + return new AssertionAttributeExtractor(intfResp); + } catch (Exception e) { Logger.warn("PVP 2.1 assertion validation FAILED.", e); throw new AssertionValidationExeption("auth.27", @@ -272,24 +239,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"}); } - - try { - //mark attribute request as used - if (nextIDPInfo.isStoreSSOInformation()) { - nextIDPInfo.setAttributesRequested(true); - MOASessionDBUtils.saveOrUpdate(nextIDPInfo); - - //delete federated IDP from Session - } else { - MOASessionDBUtils.delete(nextIDPInfo); - - } - - } catch (MOADatabaseException e) { - Logger.error("MOASession interfederation information can not stored to database.", e); - - } - + } catch (SOAPException e) { throw new BuildException("builder.06", null, e); @@ -301,589 +251,588 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - - - public IAuthData buildAuthenticationData(IRequest pendingReq, - AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - AuthenticationData authdata = null; - //only needed for SAML1 legacy support - try { - //check if SAML1 authentication module is in Classpath - Class saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); - IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance(); - if (saml1RequstTemplate != null && - saml1RequstTemplate.isInstance(pendingReq)) { - //request is SAML1 --> invoke SAML1 protocol specific methods - if (session.getExtendedSAMLAttributesOA() == null) { - saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList()); + private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { + + Collection includedToGenericAuthData = null; + if (session.getGenericSessionDataStorage() != null && + !session.getGenericSessionDataStorage().isEmpty()) + includedToGenericAuthData = session.getGenericSessionDataStorage().keySet(); + else + includedToGenericAuthData = new ArrayList(); + + try { + //#################################################### + //set general authData info's + authData.setIssuer(protocolRequest.getAuthURL()); + authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); + authData.setIsBusinessService(oaParam.getBusinessService()); + + + //#################################################### + //parse user info's from identityLink + IdentityLink idlFromPVPAttr = null; + IdentityLink identityLink = session.getIdentityLink(); + if (identityLink != null) { + parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); + + } else { + // identityLink is not direct in MOASession + String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class); + //find PVP-Attr. which contains the IdentityLink + if (MiscUtil.isNotEmpty(pvpAttrIDL)) { + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME + + " --> Parse basic user info's from that attribute."); + InputStream idlStream = null; + try { + idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false); + idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); + parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData); + + } catch (ParseException e) { + Logger.error("Received IdentityLink is not valid", e); + + } catch (Exception e) { + Logger.error("Received IdentityLink is not valid", e); + + } finally { + try { + includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME); + if (idlStream != null) + idlStream.close(); + + } catch (IOException e) { + Logger.fatal("Close InputStream FAILED.", e); + + } + + } - } else { - saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA()); } - authdata = (AuthenticationData) saml1authdata; - - } else { - authdata = new AuthenticationData(); - + //if no basic user info's are set yet, parse info's single PVP-Attributes + if (MiscUtil.isEmpty(authData.getFamilyName())) { + Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes."); + authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class)); + authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class)); + authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class)); + authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class)); + authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class)); + + //remove corresponding keys from genericSessionData if exists + includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME); + includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME); + includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME); + includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + } + } - - } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { - authdata = new AuthenticationData(); - } + if (authData.getIdentificationType() != null && + !authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + Logger.trace("IdentificationType is not a baseID --> clear it. "); + authData.setBPK(authData.getIdentificationValue()); + authData.setBPKType(authData.getIdentificationType()); - OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); - //reuse authentication information in case of service-provider reauthentication - if (activeOA != null) { - authdata.setSessionIndex(activeOA.getAssertionSessionID()); - authdata.setNameID(activeOA.getUserNameID()); - authdata.setNameIDFormat(activeOA.getUserNameIDFormat()); + authData.setIdentificationValue(null); + authData.setIdentificationType(null); + + } + + + //#################################################### + //set BKU URL + includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME); + if (MiscUtil.isNotEmpty(session.getBkuURL())) + authData.setBkuURL(session.getBkuURL()); + else + authData.setBkuURL(session.getGenericDataFromSession(PVPConstants.EID_CCS_URL_NAME, String.class)); - } - - //get OnlineApplication from MOA-ID-Auth configuration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - //TODO: move to eIDAS-Code in case of ISA1.18 action is enabled for eIDAS - //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway - if (oaParam.isSTORKPVPGateway()) - oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - - //check if minimal response is required - - //TODO check if really required - Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); - if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { - //only set minimal response attributes - authdata.setQAALevel( - pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class)); - authdata.setBPK( - pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class)); + + //#################################################### + //set QAA level + includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + if (MiscUtil.isNotEmpty(session.getQAALevel())) + authData.setQAALevel(session.getQAALevel()); + + else { + String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class); + if (MiscUtil.isNotEmpty(qaaLevel)) { + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + + " --> Parse QAA-Level from that attribute."); - } else { - //build AuthenticationData from MOASession - buildAuthDataFormMOASession(authdata, session, oaParam, pendingReq); + if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + authData.setQAALevel(qaaLevel); + + } else { + Logger.debug("Found PVP QAA level. QAA mapping process starts ... "); + String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + authData.setQAALevel(mappedQAA); + + } + } + } - } - - return authdata; - } + //if no QAA level is set in MOASession then set default QAA level + if (MiscUtil.isEmpty(authData.getQAALevel())) { + Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1"); + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1"); + + } - private void buildAuthDataFormInterfederationResponse( - AuthenticationData authData, - AuthenticationSession session, - AssertionAttributeExtractor extractor, - IOAAuthParameters oaParam, - IRequest req) - throws BuildException, AssertionAttributeExtractorExeption { - - Logger.debug("Build AuthData from assertion starts ...."); - - authData.setIsBusinessService(oaParam.getBusinessService()); - - authData.setFamilyName(extractor.getSingleAttributeValue(PVPConstants.PRINCIPAL_NAME_NAME)); - authData.setGivenName(extractor.getSingleAttributeValue(PVPConstants.GIVEN_NAME_NAME)); - authData.setDateOfBirth(extractor.getSingleAttributeValue(PVPConstants.BIRTHDATE_NAME)); - authData.setCcc(extractor.getSingleAttributeValue(PVPConstants.EID_ISSUING_NATION_NAME)); - authData.setBkuURL(extractor.getSingleAttributeValue(PVPConstants.EID_CCS_URL_NAME)); - authData.setIdentificationValue(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_NAME)); - authData.setIdentificationType(extractor.getSingleAttributeValue(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)); - - - if (extractor.containsAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { - String bpkType = extractor.getSingleAttributeValue(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME); - if (bpkType.startsWith(Constants.URN_PREFIX_CDID) && - !bpkType.substring(Constants.URN_PREFIX_CDID.length(), - Constants.URN_PREFIX_CDID.length() + 1).equals("+")) { - Logger.warn("Receive uncorrect encoded bBKType attribute " + bpkType + " Starting attribute value correction ... "); - bpkType = Constants.URN_PREFIX_CDID + "+" + bpkType.substring(Constants.URN_PREFIX_CDID.length() + 1); + + //#################################################### + //set signer certificate + includedToGenericAuthData.remove(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + if (session.getEncodedSignerCertificate() != null) + authData.setSignerCertificate(session.getEncodedSignerCertificate()); + + else { + String pvpAttrSignerCert = session.getGenericDataFromSession(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpAttrSignerCert)) { + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME); + try { + authData.setSignerCertificate(Base64Utils.decode(pvpAttrSignerCert, false)); + + } catch (IOException e) { + Logger.error("SignerCertificate received via federated IDP is NOT valid", e); + + } + } else + Logger.info("NO SignerCertificate in MOASession."); } - - authData.setBPKType(bpkType); - } - - if (extractor.containsAttribute(PVPConstants.BPK_NAME)) { - String pvpbPK = extractor.getSingleAttributeValue(PVPConstants.BPK_NAME); - if (pvpbPK.startsWith("bPK:")) { - Logger.warn("Attribute " + PVPConstants.BPK_NAME - + " contains a not standardize prefix! Staring attribute value correction process ..."); - pvpbPK = pvpbPK.substring("bPK:".length()); + + //#################################################### + //set authBlock + includedToGenericAuthData.remove(PVPConstants.EID_AUTH_BLOCK_NAME); + if (MiscUtil.isNotEmpty(session.getAuthBlock())) { + authData.setAuthBlock(session.getAuthBlock()); + + } else { + String pvpAttrAuthBlock = session.getGenericDataFromSession(PVPConstants.EID_AUTH_BLOCK_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpAttrAuthBlock)) { + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_AUTH_BLOCK_FRIENDLY_NAME); + try { + byte[] authBlock = Base64Utils.decode(pvpAttrAuthBlock, false); + authData.setAuthBlock(new String(authBlock, "UTF-8")); + + } catch (IOException e) { + Logger.error("AuthBlock received via federated IDP is NOT valid", e); + + } + + } else + Logger.info("NO AuthBlock in MOASession."); } - String[] spitted = pvpbPK.split(":"); - authData.setBPK(spitted[1]); - if (MiscUtil.isEmpty(authData.getBPKType())) { - Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + - "Starting target extraction from bPK/wbPK prefix ..."); - //exract bPK/wbPK type from bpk attribute value prefix if type is - //not transmitted as single attribute - Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); - Matcher matcher = pattern.matcher(spitted[0]); - if (matcher.matches()) { - //find public service bPK - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); - Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); - - } else { - //find business service wbPK - authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); - Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); - - } + + //#################################################### + //set isForeigner flag + //TODO: change to new eIDAS-token attribute identifier + if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) { + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME + + " --> Set 'isForeigner' flag to TRUE"); + authData.setForeigner(true); + + } else { + authData.setForeigner(session.isForeigner()); + } - } - - boolean foundEncryptedbPKForOA = false; - if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) { - List encbPKList = Arrays.asList( - extractor.getSingleAttributeValue(PVPConstants.ENC_BPK_LIST_NAME).split(";")); - authData.setEncbPKList(encbPKList); - for (String fullEncbPK : encbPKList) { - int index = fullEncbPK.indexOf("|"); - if (index >= 0) { - String encbPK = fullEncbPK.substring(index+1); - String second = fullEncbPK.substring(0, index); - int secIndex = second.indexOf("+"); - if (secIndex >= 0) { - if (oaParam.getTarget().equals(second.substring(secIndex+1))) { - Logger.debug("Found encrypted bPK for online-application " - + oaParam.getPublicURLPrefix() - + " Start decryption process ..."); - PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey(); - foundEncryptedbPKForOA = true; - if (privKey != null) { - try { - String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey); - if (MiscUtil.isNotEmpty(bPK)) { - if (MiscUtil.isEmpty(authData.getBPK())) { - authData.setBPK(bPK); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - Logger.info("bPK decryption process finished successfully."); - } - - } else { - Logger.error("bPK decryption FAILED."); - + + + //#################################################### + //set citizen country-code + includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME); + String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpCCCAttr)) { + authData.setCcc(pvpCCCAttr); + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME); + + } else { + if (authData.isForeigner()) { + try { + if (authData.getSignerCertificate() != null) { + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); + if (certificate != null) { + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + authData.setCcc(rdn.getValue().toString()); + break; } - } catch (BuildException e) { - Logger.error("bPK decryption FAILED.", e); - } - - } else { - Logger.info("bPK decryption FAILED, because no valid decryption key is found."); - - } - - } else { - Logger.info("Found encrypted bPK but " + - "encrypted bPK target does not match to online-application target"); + } - } - } - } - } - } - - if (MiscUtil.isEmpty(authData.getIdentificationValue()) && - MiscUtil.isEmpty(authData.getBPK()) && - !foundEncryptedbPKForOA) { - Logger.info("Federated assertion include no bPK, encrypted bPK or baseID"); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME - + " or " + PVPConstants.ENC_BPK_LIST_NAME); - - } - - //check if received bPK matchs to online application configuration - //and no encrypted bPK is found for this oa - if (!matchsReceivedbPKToOnlineApplication(oaParam, authData) - && !foundEncryptedbPKForOA) { - Logger.info("Received bPK/wbPK does not match to online application"); - - if (MiscUtil.isEmpty(authData.getIdentificationValue())) { - Logger.info("No baseID found. Connect SZR to reveive baseID ..."); - try { - EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); - if (eGovClientsConfig != null) { - SZRClient szrclient = new SZRClient(eGovClientsConfig); + } else + Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME + + " and NO SignerCertificate in MOASession -->" + + " Can NOT extract citizen-country of foreign person."); - Logger.debug("Create SZR request to get baseID ... "); - PersonInfoType personInfo = new PersonInfoType(); - at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); - personInfo.setPerson(person); - at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); - person.setName(name); - at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); - person.setIdentification(idValue); - //set bPK or wbPK - idValue.setValue(authData.getBPK()); - idValue.setType(authData.getBPKType()); - - //set person information - name.setGivenName(authData.getGivenName()); - name.setFamilyName(authData.getFamilyName()); - if (authData.getDateOfBirth() != null) - person.setDateOfBirth(authData.getFormatedDateOfBirth()); - - //request szr and store baseID - authData.setIdentificationValue(szrclient.getStammzahl(personInfo)); - authData.setIdentificationType(Constants.URN_PREFIX_BASEID); - - } else { - Logger.warn("No SZR clieht configuration found. Interfederation SSO login not possible."); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate with message: " + e.getMessage()); } - - } catch (EgovUtilException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - - } catch (SZRException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); + + } else { + authData.setCcc(COUNTRYCODE_AUSTRIA); - } + } } - //build OA specific bPK/wbPK information - buildOAspecificbPK(req, oaParam, authData, - authData.getIdentificationValue(), - authData.getIdentificationType()); - } - - if (MiscUtil.isEmpty(authData.getBPK())) { - Logger.debug("Calcutlate bPK from baseID"); - buildOAspecificbPK(req, oaParam, authData, - authData.getIdentificationValue(), - authData.getIdentificationType()); - - } - - - try { - String qaaLevel = extractor.getQAALevel(); - if (MiscUtil.isNotEmpty(qaaLevel) && - qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { - authData.setQAALevel(qaaLevel); - - } else { - Logger.debug("Found PVP QAA level. QAA mapping process starts ... "); - String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - authData.setQAALevel(mappedQAA); + //#################################################### + //set max. SSO session time + includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO); + Date validToFromFederatedIDP = session.getGenericDataFromSession( + AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, Date.class); + if (validToFromFederatedIDP != null) { + authData.setSsoSessionValidTo(validToFromFederatedIDP); + Logger.debug("Use idToken validTo periode from federated IDP response."); - else - throw new AssertionAttributeExtractorExeption("PVP SecClass not mappable"); + } else { + if (authData.isSsoSession()) { + long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000; + Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); + authData.setSsoSessionValidTo(ssoSessionValidTo); - } - - } catch (AssertionAttributeExtractorExeption e) { - Logger.warn("No QAA level found in element of interfederated assertion. " + - "(ErrorHeader=" + e.getMessage() + ")"); - if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { - authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + - extractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)); - - } else { - Logger.info("No QAA level found. Set to default level " + - PVPConstants.STORK_QAA_PREFIX + "1"); - authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1"); + } else { + //set valid to 5 min + Date ssoSessionValidTo = new Date(new Date().getTime() + 5 * 60 * 1000); + authData.setSsoSessionValidTo(ssoSessionValidTo); + } } - - } - - if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) { - try { - byte[] authBlock = Base64Utils.decode(extractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME), false); - authData.setAuthBlock(new String(authBlock, "UTF-8")); - } catch (IOException e) { - Logger.error("Received AuthBlock is not valid", e); + //mandate functionality + MISMandate misMandate = null; + if (session.isMandateUsed()) { + //#################################################### + //set Mandate reference value + includedToGenericAuthData.remove(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); + if (MiscUtil.isNotEmpty(session.getMandateReferenceValue())) + authData.setMandateReferenceValue(session.getMandateReferenceValue()); - } - } - - if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { - try { - authData.setSignerCertificate(Base64Utils.decode( - extractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false)); + else { + String pvpMandateRefAttr = session.getGenericDataFromSession(PVPConstants.MANDATE_REFERENCE_VALUE_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpMandateRefAttr)) { + authData.setMandateReferenceValue(pvpMandateRefAttr); + Logger.debug("Find PVP-Attr: " + PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME); + } + } - } catch (IOException e) { - Logger.error("Received SignerCertificate is not valid", e); - } - } + /* TODO: Support SSO Mandate MODE! + * Insert functionality to translate mandates in case of SSO + */ - if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) { - try { - InputStream idlStream = Base64Utils.decodeToStream(extractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME), false); - IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); - idlStream.close(); - buildOAspecificIdentityLink(oaParam, authData, idl); + //#################################################### + //set Full-mandate + misMandate = session.getMISMandate(); + if (misMandate != null ) { + //set MIS mandate to authdata + authData.setMISMandate(misMandate); + authData.setUseMandate(session.isMandateUsed()); + + } else { + String pvpFullMandateAttr = session.getGenericDataFromSession( + PVPConstants.MANDATE_FULL_MANDATE_NAME, String.class); + //check if full-mandate is available as PVP attribute + if (MiscUtil.isNotEmpty(pvpFullMandateAttr)) { + Logger.debug("Find PVP-Attr: " + PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME); + try { + byte[] mandate = Base64Utils.decode(pvpFullMandateAttr, false); + misMandate = new MISMandate(); + misMandate.setMandate(mandate); + + //read Organwalter OID + String pvpRepOIDAttr = session.getGenericDataFromSession(PVPConstants.MANDATE_PROF_REP_OID_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpRepOIDAttr)) { + misMandate.setProfRep(pvpRepOIDAttr); + Logger.debug("Find PVP-Attr: " + PVPConstants.MANDATE_PROF_REP_OID_NAME); - } catch (ParseException e) { - Logger.error("Received IdentityLink is not valid", e); - - } catch (Exception e) { - Logger.error("Received IdentityLink is not valid", e); + } + + //read Organwalter bPK from full-mandate + NodeList mandateElements = misMandate.getMandateDOM().getChildNodes(); + for (int i=0; i Use single PVP attributes for mandate information."); + //check if ELGA mandates exists + String mandateType = session.getGenericDataFromSession(PVPConstants.MANDATE_TYPE_NAME, String.class); + if (MiscUtil.isNotEmpty(mandateType)) { + //switch to mandate-mode for authdata generation, because mandate-information + // is directly included in MOA-Session as PVP attributes + Logger.info("AuthDataBuilder find directly included 'MandateType' PVP-attribute." + + " --> Switch to mandate-mode for authdata generation."); + authData.setUseMandate(true); + + } + } + } + //remove PVP attributes with mandate information, because full-mandate exists + if (authData.getMISMandate() != null) { + includedToGenericAuthData.remove(PVPConstants.MANDATE_FULL_MANDATE_NAME); + + includedToGenericAuthData.remove(PVPConstants.MANDATE_TYPE_NAME); + + includedToGenericAuthData.remove(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_BPK_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); + + includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_DESC_NAME); + includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME); + } } - } - // set mandate attributes - authData.setMandateReferenceValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)); - - if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { - try { - byte[] mandate = Base64Utils.decode( - (extractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false); + + + + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - if (authData.getMISMandate() == null) - authData.setMISMandate(new MISMandate()); - authData.getMISMandate().setMandate(mandate); - authData.getMISMandate().setFullMandateIncluded(true); - authData.setUseMandate(true); - - } catch (Exception e) { - Logger.error("Received Mandate is not valid", e); - throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - } - - //TODO: build short mandate if full mandate is no included. - if (authData.getMISMandate() == null && - (extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME) - || extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME) - || extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) ) { - Logger.info("Federated assertion contains no full mandate. Start short mandate generation process ... "); - - MISMandate misMandate = new MISMandate(); - misMandate.setFullMandateIncluded(false); - - Mandate mandateObject = new Mandate(); - Mandator mandator = new Mandator(); - mandateObject.setMandator(mandator); + //TODO: check in case of mandates for business services + if (identityLink != null) + authData.setIdentityLink(identityLink); - //build legal person short mandate - if (extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME) && - extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME) && - extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)) { - Logger.debug("Build short mandate for legal person ..."); - CorporateBodyType legalperson = new CorporateBodyType(); - IdentificationType legalID = new IdentificationType(); - Value idvalue = new Value(); - legalID.setValue(idvalue ); - legalperson.getIdentification().add(legalID ); - mandator.setCorporateBody(legalperson ); - - legalperson.setFullName(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)); - legalID.setType(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)); - idvalue.setValue(extractor.getSingleAttributeValue(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)); - - //build natural person short mandate - } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) || - extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)) && - extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME) && - extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME) && - extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME)) { - Logger.debug("Build short mandate for natural person ..."); - PhysicalPersonType physPerson = new PhysicalPersonType(); - PersonNameType persName = new PersonNameType(); - mandator.setPhysicalPerson(physPerson ); - physPerson.setName(persName ); - FamilyName familyName = new FamilyName(); - persName.getFamilyName().add(familyName ); - IdentificationType persID = new IdentificationType(); - physPerson.getIdentification().add(persID ); - Value idValue = new Value(); - persID.setValue(idValue ); - - String[] pvp2GivenName = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" "); - for(int i=0; i pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam); + + //check if a unique ID for this citizen exists + if (MiscUtil.isEmpty(authData.getIdentificationValue()) && + MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) && + pvpEncbPKAttr == null) { + Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID"); + throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); + + } + + // baseID is in MOASesson --> calculate bPK directly + if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) { + Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this."); + Pair result = buildOAspecificbPK(protocolRequest, oaParam, authData); + authData.setBPK(result.getFirst()); + authData.setBPKType(result.getSecond()); + + //check if bPK already added to AuthData matches OA + } else if (MiscUtil.isNotEmpty(authData.getBPK()) + && matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) { + Logger.debug("Correct bPK is already included in AuthData."); + + //check if bPK received by PVP-Attribute matches OA + } else if (MiscUtil.isNotEmpty(pvpbPKValue) && + matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) { + Logger.debug("Receive correct bPK from PVP-Attribute"); + authData.setBPK(pvpbPKValue); + authData.setBPKType(pvpbPKTypeAttr); + //check if decrypted bPK exists + } else if (pvpEncbPKAttr != null) { + Logger.debug("Receive bPK as encrypted bPK and decryption was possible."); + authData.setBPK(pvpEncbPKAttr.getFirst()); + authData.setBPKType(pvpEncbPKAttr.getSecond()); + + //ask SZR to get bPK } else { - String[] pvp2bPK = extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":"); - if (pvp2bPK.length == 2) { - idValue.setValue(pvp2bPK[1]); + String notValidbPK = authData.getBPK(); + String notValidbPKType = authData.getBPKType(); + if (MiscUtil.isEmpty(notValidbPK) && + MiscUtil.isEmpty(notValidbPKType)) { + notValidbPK = pvpbPKValue; + notValidbPKType = pvpbPKTypeAttr; - Pattern pattern = Pattern.compile(MOAIDAuthConstants.REGEX_PATTERN_TARGET); - Matcher matcher = pattern.matcher(pvp2bPK[0]); - if (matcher.matches()) - persID.setType(Constants.URN_PREFIX_CDID + "+" + pvp2bPK[0]); - else - persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]); + if (MiscUtil.isEmpty(notValidbPK) && + MiscUtil.isEmpty(notValidbPKType)) { + Logger.fatal("No bPK in MOASession. THIS error should not occur any more."); + throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more."); + } + } + + Pair baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType); + if (baseIDFromSZR != null) { + Logger.info("Receive citizen baseID from SRZ. Authentication can be completed"); + authData.setIdentificationValue(baseIDFromSZR.getFirst()); + authData.setIdentificationType(baseIDFromSZR.getSecond()); + Pair result = buildOAspecificbPK(protocolRequest, oaParam, authData); + authData.setBPK(result.getFirst()); + authData.setBPKType(result.getSecond()); } else { - Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BPK_NAME)); - throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format."); + Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID"); + throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME + + " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME + + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME}); } } - - } else { - Logger.error("Short mandate could not generated. Assertion contains not all attributes which are necessary."); - throw new AssertionAttributeExtractorExeption("Assertion contains not all attributes which are necessary for mandate generation", null); - - } - - try { - JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_"); - Marshaller m = jc.createMarshaller(); - ByteArrayOutputStream stream = new ByteArrayOutputStream(); - m.marshal(mandateObject, stream); - misMandate.setMandate(Base64Utils.encode(stream.toByteArray()).getBytes()); - stream.close(); + + //build IdentityLink + if (identityLink != null) + authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType())); - } catch (JAXBException e) { - Logger.error("Failed to parse short mandate", e); - throw new AssertionAttributeExtractorExeption(); + else if (idlFromPVPAttr != null) { + authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType())); + Logger.debug("Set IdentityLink received from federated IDP"); - } catch (IOException e) { - Logger.error("Failed to parse short mandate", e); - throw new AssertionAttributeExtractorExeption(); - - } - authData.setUseMandate(true); + } else { + Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found"); + + } + } - } - - - if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)) { - if (authData.getMISMandate() == null) - authData.setMISMandate(new MISMandate()); - authData.getMISMandate().setProfRep( - extractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME)); - } - - //set PVP role attribute - if (extractor.containsAttribute(PVPConstants.ROLES_NAME)) { - String pvpRoles = extractor.getSingleAttributeValue(PVPConstants.ROLES_NAME); - if (MiscUtil.isNotEmpty(pvpRoles)) { - List roles = Arrays.asList(pvpRoles.split(";")); + //################################################################### + //set PVP role attribute (implemented for ISA 1.18 action) + includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); + String pvpAttrRoles = session.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpAttrRoles)) { + List roles = Arrays.asList(pvpAttrRoles.split(";")); for (String role : roles) { authData.addAuthenticationRole(AuthenticationRoleFactory.buildFormPVPole(role)); - } - } - } - - //set PVP OU attribute - if (extractor.containsAttribute(PVPConstants.OU_NAME)) { - authData.setPvpAttribute_OU(extractor.getSingleAttributeValue(PVPConstants.OU_NAME)); - Logger.debug("Found PVP 'OU' attribute in response -> " + authData.getPvpAttribute_OU()); - - } - - //set STORK attributes - if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) { - try { - authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE, - extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME)); - authData.setForeigner(true); - } catch (SessionDataStorageException e) { - Logger.warn("STORK Response can not stored into generic authData.", e); + } + } + + + //################################################################### + //set PVP OU attribute (implemented for ISA 1.18 action) + includedToGenericAuthData.remove(PVPConstants.OU_NAME); + String pvpAttrOUName = session.getGenericDataFromSession(PVPConstants.OU_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpAttrOUName)) { + authData.setPvpAttribute_OU(pvpAttrOUName); + Logger.debug("Found PVP 'OU' attribute in response -> " + authData.getPvpAttribute_OU()); - } + } - } - -// if (!extractor.getSTORKAttributes().isEmpty()) { -// authData.setStorkAttributes(extractor.getSTORKAttributes()); -// authData.setForeigner(true); -// -// } + //#################################################################### + //parse AuthBlock signature-verification response + //INFO: this parameters are only required for SAML1 auth. protocol + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + if (verifyXMLSigResp != null) { + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); - authData.setSsoSession(true); - authData.setInterfederatedSSOSession(true); - - if (extractor.getFullAssertion().getAuthnStatements() != null - && extractor.getFullAssertion().getAuthnStatements().size() > 0) { - for (AuthnStatement el : extractor.getFullAssertion().getAuthnStatements()) { - if (el.getSessionNotOnOrAfter() != null) { - authData.setSsoSessionValidTo(el.getSessionNotOnOrAfter().toDate()); - break; - } + } else { + //set parameters in respect to QAA level + Logger.info("No authBlock signature-verfication response found. Maybe IDP federation is in use."); + if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel())) + authData.setQualifiedCertificate(true); + else + authData.setQualifiedCertificate(false); + authData.setPublicAuthority(false); + + } + + //#################################################################### + //copy all generic authentication information, which are not processed before to authData + Iterator copyInterator = includedToGenericAuthData.iterator(); + while (copyInterator.hasNext()) { + String elementKey = copyInterator.next(); + try { + authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey)); + + } catch (SessionDataStorageException e) { + Logger.warn("Can not add generic authData with key:" + elementKey, e); + + } } - } else { - authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate()); + } catch (BuildException e) { + throw e; - } + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } - //only for SAML1 - if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel())) - authData.setQualifiedCertificate(true); - else - authData.setQualifiedCertificate(false); - authData.setPublicAuthority(false); } - + /** - * @param oaParam - * @param authData - * @return + * Check a bPK-Type against a Service-Provider configuration
+ * If bPK-Type is null the result is false. + * + * @param oaParam Service-Provider configuration, never null + * @param bPKType bPK-Type to check + * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false */ - private boolean matchsReceivedbPKToOnlineApplication( - IOAAuthParameters oaParam, AuthenticationData authData) { - + private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) { String oaTarget = null; if (oaParam.getBusinessService()) { - if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK) || - oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_STORK)) - oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - - else { - Logger.warn("BusinessIdentifier can not be clearly assigned, because it starts without a prefix."); - return false; - - } - + oaTarget = oaParam.getIdentityLinkDomainIdentifier(); + } else { oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); } - - - if (oaTarget.equals(authData.getBPKType())) + + if (oaTarget.equals(bPKType)) return true; else return false; } - private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, - IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { - - IdentityLink identityLink = session.getIdentityLink(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - authData.setIssuer(protocolRequest.getAuthURL()); - + private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection includedGenericSessionData) { //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); @@ -892,173 +841,238 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); - if (verifyXMLSigResp != null) { - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - - } else { - Logger.warn("No signature verfication response found!"); - - } - - authData.setBkuURL(session.getBkuURL()); - - //copy all generic authentication information to authData - if (session.getGenericSessionDataStorage() != null && - !session.getGenericSessionDataStorage().isEmpty()) { - Iterator> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator(); - while (copyInterator.hasNext()) { - Entry element = copyInterator.next(); - try { - authData.setGenericData(element.getKey(), element.getValue()); - - } catch (SessionDataStorageException e) { - Logger.warn("Can not add generic authData with key:" + element.getKey(), e); - - } - } - } - - authData.setSignerCertificate(session.getEncodedSignerCertificate()); - authData.setAuthBlock(session.getAuthBlock()); - - authData.setForeigner(session.isForeigner()); - authData.setQAALevel(session.getQAALevel()); - - authData.setIsBusinessService(oaParam.getBusinessService()); + //remove corresponding keys from genericSessionData if exists + includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME); + includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME); + includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME); + includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME); + includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); - if (session.isForeigner()) { - try { - //TODO: replace with TSL lookup when TSL is ready! - X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); - if (certificate != null) { - LdapName ln = new LdapName(certificate.getIssuerDN() - .getName()); - for (Rdn rdn : ln.getRdns()) { - if (rdn.getType().equalsIgnoreCase("C")) { - Logger.info("C is: " + rdn.getValue()); - authData.setCcc(rdn.getValue().toString()); - break; - } - } - } + } + + /** + * @param authData + * @param notValidbPK + * @param notValidbPKType + * @return + */ + private Pair getbaseIDFromSZR(AuthenticationData authData, String notValidbPK, + String notValidbPKType) { + try { + EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); + if (eGovClientsConfig != null) { + Logger.info("bPK in MOASession (bPK-Type:" + notValidbPKType + + " does no match to Service-Provider configuration. --> Request SZR to get correct bPK."); - } catch (Exception e) { - Logger.error("Failed to extract country code from certificate with message: " + e.getMessage()); + SZRClient szrclient = new SZRClient(eGovClientsConfig); - } - - if (MiscUtil.isEmpty(authData.getCcc())) { - String storkCCC = authData.getGenericData( - AuthenticationSessionStorageConstants.STORK_CCC, String.class); + Logger.debug("Create SZR request to get baseID ... "); + PersonInfoType personInfo = new PersonInfoType(); + at.gv.util.xsd.szr.persondata.PhysicalPersonType person = new at.gv.util.xsd.szr.persondata.PhysicalPersonType(); + personInfo.setPerson(person); + at.gv.util.xsd.szr.persondata.PersonNameType name = new at.gv.util.xsd.szr.persondata.PersonNameType(); + person.setName(name); + at.gv.util.xsd.szr.persondata.IdentificationType idValue = new at.gv.util.xsd.szr.persondata.IdentificationType(); + person.setIdentification(idValue); + + //set bPK or wbPK + idValue.setValue(authData.getBPK()); + idValue.setType(authData.getBPKType()); + + //set person information + name.setGivenName(authData.getGivenName()); + name.setFamilyName(authData.getFamilyName()); + if (authData.getDateOfBirth() != null) + person.setDateOfBirth(authData.getFormatedDateOfBirth()); + + //request szr and store baseID + return Pair.newInstance(szrclient.getStammzahl(personInfo), + Constants.URN_PREFIX_BASEID); + + } else { + Logger.debug("No SZR clieht configuration found."); + return null; - if (MiscUtil.isNotEmpty(storkCCC)) { - authData.setCcc(storkCCC); - Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request."); - - } - } + + } catch (SZRException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - } else { - authData.setCcc("AT"); + } catch (at.gv.util.ex.EgovUtilException e) { + Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); } - try { - authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); + return null; + } + + /** + * Add encrypted bPKs from PVP Attribute 'ENC_BPK_LIST_NAME', which could be exist in + * MOASession as 'GenericData' 
session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)
+ * to authData + * + * @param session MOASession, but never null + * @param authData AuthenticationData DAO + * @param spConfig Service-Provider configuration + * + * @return Pair which was received by PVP-Attribute and could be decrypted for this Service Provider, + * or null if no attribute exists or can not decrypted + */ + private Pair getEncryptedbPKFromPVPAttribute(AuthenticationSession session, + AuthenticationData authData, IOAAuthParameters spConfig) { + //set List of encrypted bPKs to authData DAO + String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { + List encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";")); + authData.setEncbPKList(encbPKList); - //set max. SSO session time - if (authData.isSsoSession()) { - long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000; - Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); - authData.setSsoSessionValidTo(ssoSessionValidTo); - - } else { - //set valid to 5 min - Date ssoSessionValidTo = new Date(new Date().getTime() + 5 * 60 * 1000); - authData.setSsoSessionValidTo(ssoSessionValidTo); - + //check if one of this encrypted bPK could be decrypt for this Service-Provider + for (String fullEncbPK : encbPKList) { + int index = fullEncbPK.indexOf("|"); + if (index >= 0) { + String encbPK = fullEncbPK.substring(index+1); + String second = fullEncbPK.substring(0, index); + int secIndex = second.indexOf("+"); + if (secIndex >= 0) { + if (spConfig.getTarget().equals(second.substring(secIndex+1))) { + Logger.debug("Found encrypted bPK for online-application " + + spConfig.getPublicURLPrefix() + + " Start decryption process ..."); + PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey(); + if (privKey != null) { + try { + String bPK = BPKBuilder.decryptBPK(encbPK, spConfig.getTarget(), privKey); + if (MiscUtil.isNotEmpty(bPK)) { + Logger.info("bPK decryption process finished successfully."); + return Pair.newInstance(bPK, Constants.URN_PREFIX_CDID + "+" + spConfig.getTarget()); + + } else { + Logger.error("bPK decryption FAILED."); + + } + } catch (BuildException e) { + Logger.error("bPK decryption FAILED.", e); + + } + + } else { + Logger.info("bPK decryption FAILED, because no valid decryption key is found."); + + } + + } else { + Logger.info("Found encrypted bPK but " + + "encrypted bPK target does not match to online-application target"); + + } + } + } } - - - /* TODO: Support SSO Mandate MODE! - * Insert functionality to translate mandates in case of SSO - */ + } + + return null; + } + /** + * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in + * MOASession as 'GenericData' 
session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)
+ * + * @param session MOASession, but never null + * @return bPK, which was received by PVP-Attribute, or null if no attribute exists + */ + private String getbPKValueFromPVPAttribute(AuthenticationSession session) { + String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) { - MISMandate mandate = session.getMISMandate(); - if (session.getUseMandate() && mandate == null) { - Logger.error("Mandate is requested but NO mandate-data is found!."); - throw new BuildException("builder.00", new Object[]{ - "Mandate", "Mandate is requested but NO mandate-data is found!"}); + //fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations + if (pvpbPKValueAttr.startsWith("bPK:")) { + Logger.warn("Attribute " + PVPConstants.BPK_NAME + + " contains a not standardize prefix! Staring attribute value correction process ..."); + pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length()); } - authData.setMandateReferenceValue(session.getMandateReferenceValue()); - - if (mandate != null) { - //set MIS mandate to authdata - authData.setMISMandate(mandate); - authData.setUseMandate(session.getUseMandate()); - - } else { - //check if ELGA mandates exists - String mandateType = session.getGenericDataFromSession( - PVPConstants.MANDATE_TYPE_NAME, String.class); - if (MiscUtil.isNotEmpty(mandateType)) { - //switch to mandate-mode for authdata generation, because mandate-information - // is directly included in MOA-Session as PVP attributes - Logger.debug("AuthDataBuilder find directly included 'MandateType' attribute." - + " --> Switch to mandate-mode for authdata generation."); - authData.setUseMandate(true); - - } - + String[] spitted = pvpbPKValueAttr.split(":"); + if (spitted.length != 2) { + Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!" + + " Value:" + pvpbPKValueAttr); + return null; } - - if (session.getUseMandate() && session.isOW() - && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) { - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - - //TODO: check in case of mandates for business services - authData.setIdentityLink(identityLink); - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - buildOAspecificbPK(protocolRequest, oaParam, authData, - identityLink.getIdentificationValue(), - identityLink.getIdentificationType()); - - buildOAspecificIdentityLink(oaParam, authData, identityLink); - - } + Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME); + return spitted[1]; - //TODO - } catch (BuildException e) { - throw e; + } + + return null; + } + + /** + * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in + * MOASession as 'GenericData' 
session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)
+ * + * @param session MOASession, but never null + * @return bPKType, which was received by PVP-Attribute, or null if no attribute exists + */ + private String getbPKTypeFromPVPAttribute(AuthenticationSession session) { + String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); + if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) { - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[]{ - "AuthenticationData", ex.toString()}, ex); - } + //fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations + if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) && + !pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(), + Constants.URN_PREFIX_CDID.length() + 1).equals("+")) { + Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... "); + pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1); + + } + Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME); + return pvpbPKTypeAttr; + } + + return null; + + + /* + * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME', + * because the prefix of BPK_NAME attribute contains the postfix of the bPKType + * + * Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER' + * PVP attributes + */ +// String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); +// String[] spitted = pvpbPKValueAttr.split(":"); +// if (MiscUtil.isEmpty(authData.getBPKType())) { +// Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " + +// "Starting target extraction from bPK/wbPK prefix ..."); +// //exract bPK/wbPK type from bpk attribute value prefix if type is +// //not transmitted as single attribute +// Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?"); +// Matcher matcher = pattern.matcher(spitted[0]); +// if (matcher.matches()) { +// //find public service bPK +// authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]); +// Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType()); +// +// } else { +// //find business service wbPK +// authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]); +// Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType()); +// +// } +// } } - - private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { + + private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException { if (oaParam.getBusinessService()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + prIdentification.getFirstChild().setNodeValue(bPK); //set bkp/wpbk type Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + prIdentificationType.getFirstChild().setNodeValue(bPKType); IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); IdentityLink businessServiceIdl = idlparser.parseIdentityLink(); @@ -1073,62 +1087,70 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { resignedilAssertion = businessServiceIdl.getSamlAssertion(); } IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); - IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); + return resignedIDLParser.parseIdentityLink(); - authData.setIdentityLink(resignedIDL); - } else - authData.setIdentityLink(idl); + return idl; } - - private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { - - if (oaParam.getBusinessService()) { - //since we have foreigner, wbPK is not calculated in BKU - if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - authData.setBPK(new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr)); - authData.setBPKType(registerAndOrdNr); - - } else { - authData.setBPK(baseID); - authData.setBPKType(baseIDType); - - } - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - } else { - if (baseIDType.equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String target = null; - Object saml1Requst = null; - try { - saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance(); - - } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | java.lang.SecurityException ex) { - - - } - - if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst)) - target = protocolRequest.getGenericData( - MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); - else - target = oaParam.getTarget(); - - String bpkBase64 = new BPKBuilder().buildBPK(baseID, target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + target); - } + private Pair buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException { + + String bPK; + String bPKType; - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - } + String baseID = authData.getIdentificationValue(); + String baseIDType = authData.getIdentificationType(); + + String eIDASOutboundCountry = pendingReq.getGenericData(RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class); + if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) { + if (MiscUtil.isNotEmpty(eIDASOutboundCountry) && !COUNTRYCODE_AUSTRIA.equals(eIDASOutboundCountry)) { + Pair eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID, + COUNTRYCODE_AUSTRIA, eIDASOutboundCountry); + Logger.trace("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); + return eIDASID; + + } else if (oaParam.getBusinessService()) { + //is Austrian private-service application + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + bPK = new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr); + bPKType = registerAndOrdNr; + + } else { + // only compute bPK if online application is a public service and we have the Stammzahl + String target = null; + Class saml1RequstTemplate = null; + try { + saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); + if (saml1RequstTemplate != null && + saml1RequstTemplate.isInstance(pendingReq)) { + target = (String) pendingReq.getClass().getMethod("getTarget").invoke(pendingReq); + + } + + } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | java.lang.SecurityException | InvocationTargetException | NoSuchMethodException ex) { } + + if (MiscUtil.isEmpty(target)) + target = oaParam.getTarget(); + + bPK = new BPKBuilder().buildBPK(baseID, target); + bPKType = Constants.URN_PREFIX_CDID + "+" + target; + + } + + } else { + Logger.warn("!!!baseID-element does not include a baseID. This should not be happen any more!!!"); + bPK = baseID; + bPKType = baseIDType; + + } + Logger.trace("Authenticate user with bPK:" + bPK + " Type:" + bPKType); + return Pair.newInstance(bPK, bPKType); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 1cf6929e6..9e4e36fec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -46,13 +46,6 @@ package at.gv.egovernment.moa.id.auth.builder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; - import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -66,6 +59,13 @@ import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; + /** * Builder for the bPK, as defined in * "Ableitung f¨r die bereichsspezifische Personenkennzeichnung" @@ -203,73 +203,42 @@ public class BPKBuilder { /** * Builds the storkeid from the given parameters. * - * @param identityLink identity link - * @param destinationCountry destination country code (2 chars) - * @return storkid in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - public String buildStorkeIdentifier(IdentityLink identityLink, String destinationCountry) - throws BuildException { - return buildStorkbPK(identityLink.getIdentificationValue(), - identityLink.getIdentificationType(), "AT", destinationCountry); - } - - /** - * Builds the storkeid from the given parameters. - * - * @param identityLink identity link - * @param destinationCountry destination country code (2 chars) - * @return storkid in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - public String buildStorkeIdentifier(String identificationType, String identificationValue, String destinationCountry) - throws BuildException { - return buildStorkbPK(identificationValue, identificationType, "AT", destinationCountry); - } - - /** - * Builds the storkeid from the given parameters. - * - * @param identityLink identity link - * @param sourceCountry source country code (2 chars) - * @param destinationCountry destination country code (2 chars) - * @return storkid in a BASE64 encoding + * @param baseID baseID of the citizen + * @param baseIDType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs ID + * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * + * @return Pair in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildStorkbPK(String baseID, String baseIDType, String sourceCountry, String destinationCountry) - throws BuildException { - String identificationValue = null; - + public Pair buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) + throws BuildException { + String bPK = null; + String bPKType = null; + // check if we have been called by public sector application - if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { - identificationValue = calculateStorkeIdentifierBase(baseID, sourceCountry, destinationCountry); + if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { + bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; + Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); + bPK = calculatebPKwbPK(baseID + "+" + bPKType); } else { // if not, sector identification value is already calculated by BKU - Logger.debug("STORK eIdentifier already provided by BKU"); - identificationValue = baseID; + Logger.debug("eIDAS eIdentifier already provided by BKU"); + bPK = baseID; } - if ((identificationValue == null || - identificationValue.length() == 0 || - destinationCountry == null || - destinationCountry.length() == 0 || - sourceCountry == null || - sourceCountry.length() == 0)) { + if ((MiscUtil.isEmpty(bPK) || + MiscUtil.isEmpty(sourceCountry) || + MiscUtil.isEmpty(destinationCountry))) { throw new BuildException("builder.00", - new Object[]{"storkid", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); + new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + + bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); } - Logger.info("Building STORK identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); - String eIdentifier = sourceCountry+"/"+destinationCountry+"/"+identificationValue; - - return eIdentifier; - } - - private String calculateStorkeIdentifierBase(String baseID, String sourceCountry, String destinationCountry) throws BuildException { - String basisbegriff = baseID + "+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry; - Logger.debug("Building STORK identification from: [identValue]+" + Constants.URN_PREFIX_STORK + "+" + sourceCountry + "+" + destinationCountry); - return calculatebPKwbPK(basisbegriff); + Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; + + return Pair.newInstance(eIdentifier, baseIDType); } private String calculatebPKwbPK(String basisbegriff) throws BuildException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java index 648dcf6f1..4a764e362 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java @@ -38,5 +38,7 @@ public class AuthenticationSessionStorageConstants { public static final String eIDAS_ATTRIBUTELIST = PREFIX_eIDAS + "attributeList"; public static final String eIDAS_RESPONSE = PREFIX_eIDAS + "response"; + + public static final String FEDERATION_RESPONSE_VALIDE_TO = "federationRespValidTo"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index b7e95785b..a4abbbcfa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -78,20 +78,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //check UseMandate flag - String useMandateString = null; - boolean useMandateBoolean = false; + String useMISMandateString = null; + boolean useMISMandateBoolean = false; if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; + useMISMandateString = useMandate; } else { - useMandateString = "false"; + useMISMandateString = "false"; } - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; + if (useMISMandateString.compareToIgnoreCase("true") == 0) + useMISMandateBoolean = true; else - useMandateBoolean = false; + useMISMandateBoolean = false; - moasession.setUseMandate(useMandateString); + moasession.setUseMandate(useMISMandateString); //load OnlineApplication configuration @@ -155,7 +155,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } else { Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); - if (useMandateBoolean) { + if (useMISMandateBoolean) { Logger.error("Online-Mandate Mode for business application not supported."); throw new AuthenticationException("auth.17", null); } @@ -213,6 +213,12 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ protocolReq.setNeedSingleSignOnFunctionality(false); } + if (protocolReq.needSingleSignOnFunctionality() && useMISMandateBoolean) { + Logger.info("Usage of MIS-MandateService does not allow Single Sign-On. --> SSO is disabled for this request."); + protocolReq.setNeedSingleSignOnFunctionality(false); + + } + } public void parse(ExecutionContext ec, HttpServletRequest req, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 53be0881b..aa9a0824d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -147,8 +147,8 @@ public class AuthenticationData implements IAuthData, Serializable { private boolean ssoSession = false; private Date ssoSessionValidTo = null; - private boolean interfederatedSSOSession = false; - private String interfederatedIDP = null; +// private boolean interfederatedSSOSession = false; +// private String interfederatedIDP = null; private String sessionIndex = null; private String nameID = null; @@ -255,16 +255,18 @@ public class AuthenticationData implements IAuthData, Serializable { } /** - * Returns the identificationValue. - * @return String + * Holds the baseID of a citizen + * + * @return baseID */ public String getIdentificationValue() { return identificationValue; } /** - * Returns the identificationType - * @return String + * Holds the type of the baseID + * + * @return baseID-Type */ public String getIdentificationType() { return identificationType; @@ -439,6 +441,10 @@ public class AuthenticationData implements IAuthData, Serializable { } public Element getMandate() { + if (mandate == null) + return null; + + //parse Element from mandate XML try { byte[] byteMandate = mandate.getMandate(); String stringMandate = new String(byteMandate); @@ -579,7 +585,9 @@ public class AuthenticationData implements IAuthData, Serializable { } /** - * @return the ccc + * CountryCode of the citizen which is identified and authenticated + * + * @return the CountryCode 
like. AT, SI, ...
*/ public String getCcc() { return ccc; @@ -635,33 +643,33 @@ public class AuthenticationData implements IAuthData, Serializable { this.nameIDFormat = nameIDFormat; } - /** - * @return the interfederatedSSOSession - */ - public boolean isInterfederatedSSOSession() { - return interfederatedSSOSession; - } - - /** - * @param interfederatedSSOSession the interfederatedSSOSession to set - */ - public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { - this.interfederatedSSOSession = interfederatedSSOSession; - } - - /** - * @return the interfederatedIDP - */ - public String getInterfederatedIDP() { - return interfederatedIDP; - } - - /** - * @param interfederatedIDP the interfederatedIDP to set - */ - public void setInterfederatedIDP(String interfederatedIDP) { - this.interfederatedIDP = interfederatedIDP; - } +// /** +// * @return the interfederatedSSOSession +// */ +// public boolean isInterfederatedSSOSession() { +// return interfederatedSSOSession; +// } +// +// /** +// * @param interfederatedSSOSession the interfederatedSSOSession to set +// */ +// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +// this.interfederatedSSOSession = interfederatedSSOSession; +// } +// +// /** +// * @return the interfederatedIDP +// */ +// public String getInterfederatedIDP() { +// return interfederatedIDP; +// } +// +// /** +// * @param interfederatedIDP the interfederatedIDP to set +// */ +// public void setInterfederatedIDP(String interfederatedIDP) { +// this.interfederatedIDP = interfederatedIDP; +// } /** * @return the ssoSessionValidTo diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index 91d40fcc3..c32564679 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -40,7 +40,7 @@ public interface IAuthData { boolean isBusinessService(); boolean isSsoSession(); - boolean isInterfederatedSSOSession(); + //boolean isInterfederatedSSOSession(); boolean isUseMandate(); String getFamilyName(); @@ -53,7 +53,7 @@ public interface IAuthData { Date getSsoSessionValidTo(); - String getInterfederatedIDP(); + //String getInterfederatedIDP(); String getIdentificationValue(); String getIdentificationType(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java index 12fe3c948..81157994e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java @@ -79,7 +79,7 @@ public class MISMandate implements Serializable{ private String oid = null; private byte[] mandate = null; private String owBPK = null; - private boolean isFullMandateIncluded = false; +// private boolean isFullMandateIncluded = false; public String getProfRep() { return oid; @@ -144,18 +144,18 @@ public class MISMandate implements Serializable{ } } - /** - * @return the isFullMandateIncluded - */ - public boolean isFullMandateIncluded() { - return isFullMandateIncluded; - } - /** - * @param isFullMandateIncluded the isFullMandateIncluded to set - */ - public void setFullMandateIncluded(boolean isFullMandateIncluded) { - this.isFullMandateIncluded = isFullMandateIncluded; - } +// /** +// * @return the isFullMandateIncluded +// */ +// public boolean isFullMandateIncluded() { +// return isFullMandateIncluded; +// } +// /** +// * @param isFullMandateIncluded the isFullMandateIncluded to set +// */ +// public void setFullMandateIncluded(boolean isFullMandateIncluded) { +// this.isFullMandateIncluded = isFullMandateIncluded; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java new file mode 100644 index 000000000..78e8be452 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java @@ -0,0 +1,51 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.data; + +public class Trible { + private final P1 first; + private final P2 second; + private final P3 third; + + private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) { + this.first = newFirst; + this.second = newSecond; + this.third = newThird; + } + + public P1 getFirst() { + return this.first; + } + + public P2 getSecond() { + return this.second; + } + + public P3 getThird() { + return this.third; + } + + public static Trible newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) { + return new Trible(newFirst, newSecond, newThird); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 21ef38732..f065bbc56 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -72,7 +72,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ITransactionStorage; @@ -100,7 +100,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired private MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; @Autowired private SingleLogOutBuilder sloBuilder; - @Autowired private SAMLVerificationEngine samlVerificationEngine; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index e05bedac8..aec5ad124 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -48,7 +48,10 @@ public abstract class RequestImpl implements IRequest, Serializable{ public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; - public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; + public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; + + public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; private static final long serialVersionUID = 1L; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java index 7cbdeca66..0e6dc1838 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java @@ -26,7 +26,6 @@ import java.text.DateFormat; import java.text.SimpleDateFormat; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java index 0437cd687..69f0c3088 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java index 27d3845ff..ca66700a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -26,10 +26,7 @@ import java.io.IOException; import javax.xml.transform.TransformerException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -48,7 +45,7 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder if (authData.isUseMandate()) { //only provide full mandate if it is included. //In case of federation only a short mandate could be include - if (authData.getMandate() != null && authData.getMISMandate().isFullMandateIncluded()) { + if (authData.getMandate() != null) { String fullMandate; try { fullMandate = DOMUtils.serializeNode(authData diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 8948f1227..55c864335 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -46,7 +46,7 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib IAttributeGenerator g) throws AttributeException { if (authData.isUseMandate()) { //get PVP attribute directly, if exists - String givenName = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class); + String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); if (MiscUtil.isEmpty(givenName)) { Element mandate = authData.getMandate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 042eeeed8..142810d45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -44,23 +45,28 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.FederatedAuthenticatenContainer; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -72,7 +78,7 @@ public class AttributQueryAction implements IAction { @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private AuthenticationDataBuilder authDataBuilder; @Autowired private IDPCredentialProvider pvpCredentials; - @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthConfiguration authConfig; private final static List DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -98,34 +104,44 @@ public class AttributQueryAction implements IAction { //set time reference DateTime date = new DateTime(); - //get Single Sign-On information for the Service-Provider - // which sends the Attribute-Query request - AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - if (moaSession == null) { - Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND."); - throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()}); - } - - InterfederationSessionStore nextIDPInformation = - authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID()); - - AttributeQuery attrQuery = - (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest(); + try { + //get Single Sign-On information for the Service-Provider + // which sends the Attribute-Query request + AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + if (moaSession == null) { + Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND."); + throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()}); + } - //generate authData for AttributQueryRequest - authData = authDataBuilder.buildAuthenticationDataForAttributQuery(pendingReq, moaSession, attrQuery.getAttributes(), nextIDPInformation); - + InterfederationSessionStore nextIDPInformation = + authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID()); - //add default attributes in case of mandates or STORK is in use - List attrList = addDefaultAttributes(attrQuery, authData); + AttributeQuery attrQuery = + (AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest(); + + //build PVP 2.1 response-attribute information for this AttributQueryRequest + Trible, Date, String> responseInfo = + buildResponseInformationForAttributQuery(pendingReq, moaSession, attrQuery.getAttributes(), nextIDPInformation); - //build PVP 2.1 assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(req, attrQuery, attrList, authData, date, authData.getSessionIndex()); - - //build PVP 2.1 response - Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion); - - try { + Logger.debug("AttributQuery return " + responseInfo.getFirst().size() + + " attributes with QAA-Level:" + responseInfo.getThird() + + " validTo:" + responseInfo.getSecond().toString()); + + //build PVP 2.1 assertion + + String issuerEntityID = pendingReq.getAuthURL(); + if (issuerEntityID.endsWith("/")) + issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + + Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, + attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), + responseInfo.getThird(), authData.getSessionIndex()); + + //build PVP 2.1 response + Response authResponse = AuthResponseBuilder.buildResponse( + MOAMetadataProvider.getInstance(), issuerEntityID, attrQuery, date, + assertion, authConfig.isPVP2AssertionEncryptionActive()); + SoapBinding decoder = new SoapBinding(); decoder.encodeRespone(httpReq, httpResp, authResponse, null, null, pvpCredentials.getIDPAssertionSigningCredential()); @@ -139,6 +155,11 @@ public class AttributQueryAction implements IAction { Logger.error("Security exception", e); throw new MOAIDException("pvp2.01", null, e); + } catch (MOADatabaseException e) { + Logger.error("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + + " is not found in Database", e); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + } } else { @@ -164,32 +185,143 @@ public class AttributQueryAction implements IAction { public String getDefaultActionName() { return PVP2XProtocol.ATTRIBUTEQUERY; } + + private Trible, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, + AuthenticationSession session, List reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException { + try { + //mark AttributeQuery as used if it exists + OASessionStore activeOA = authenticationSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + if (activeOA != null) { + //mark + if ( pendingReq instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && + ((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) { + try { + activeOA.setAttributeQueryUsed(true); + MOASessionDBUtils.saveOrUpdate(activeOA); + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + } + } + + //build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration + IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes); + + //search federated IDP information for this MOASession + if (nextIDPInformation != null) { + Logger.info("Find active federated IDP information." + + ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() + + " for authentication information."); + + //load configuration of next IDP + OAAuthParameter idp = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix()); + if (idp == null) { + Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() + + "is not loadable."); + throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()}); + + } + + //check if next IDP config allows inbound messages + if (!idp.isInboundSSOInterfederationAllowed()) { + Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() + + "disallow inbound authentication messages."); + throw new MOAIDException("auth.33", new Object[]{nextIDPInformation.getIdpurlprefix()}); + + } + + //check next IDP service area policy. BusinessService IDPs can only request wbPKs + if (!spConfig.getBusinessService() && !idp.isIDPPublicService()) { + Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() + + " has a BusinessService-IDP but requests PublicService attributes."); + throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()}); + + } + + //validation complete --> start AttributeQuery Request + AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, + nextIDPInformation.getUserNameID(), idp); + + try { + //mark attribute request as used + if (nextIDPInformation.isStoreSSOInformation()) { + nextIDPInformation.setAttributesRequested(true); + MOASessionDBUtils.saveOrUpdate(nextIDPInformation); - private List addDefaultAttributes(AttributeQuery query, IAuthData authData) { + //delete federated IDP from Session + } else { + MOASessionDBUtils.delete(nextIDPInformation); + + } + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + + return Trible.newInstance( + extractor.getAllResponseAttributesFromFirstAttributeStatement(), + extractor.getAssertionNotOnOrAfter(), + extractor.getQAALevel()); + + } else { + Logger.debug("Build authData for AttributQuery from local MOASession."); + IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig); + + //add default attributes in case of mandates or STORK is in use + List attrList = addDefaultAttributes(reqAttributes, authData); + + //build Set of response attributes + List respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList); + + return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel()); + + } + + } catch (MOAIDException e) { + throw e; + } + } + + /** + * Add additional PVP Attribute-Names in respect to current MOASession. + *

+ * 
As example: if current MOASession includes mandates but mandate attributes are not requested, 
+	 * this method a a minimum set of mandate attribute-names
+ * + * @param reqAttr From Service Provider requested attributes + * @param authData AuthenticationData + * @return List of PVP attribute-names + */ + private List addDefaultAttributes(List reqAttr, IAuthData authData) { - List reqAttributs = new ArrayList(); + List reqAttributeNames = new ArrayList(); - for (Attribute attr : query.getAttributes()) { - reqAttributs.add(attr.getName()); + for (Attribute attr : reqAttr) { + reqAttributeNames.add(attr.getName()); } //add default STORK attributes if it is a STORK authentication - if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) { + if (authData.isForeigner() && !reqAttributeNames.containsAll(DEFAULTSTORKATTRIBUTES)) { for (String el : DEFAULTSTORKATTRIBUTES) { - if (!reqAttributs.contains(el)) - reqAttributs.add(el); + if (!reqAttributeNames.contains(el)) + reqAttributeNames.add(el); } } //add default mandate attributes if it is a authentication with mandates - if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) { + if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) { for (String el : DEFAULTMANDATEATTRIBUTES) { - if (!reqAttributs.contains(el)) - reqAttributs.add(el); + if (!reqAttributeNames.contains(el)) + reqAttributeNames.add(el); } } - return reqAttributs; + return reqAttributeNames; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 2882f20e1..a214dad9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -38,6 +38,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; @@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -57,6 +59,7 @@ import at.gv.egovernment.moa.logging.Logger; @Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { @Autowired IDPCredentialProvider pvpCredentials; + @Autowired AuthConfiguration authConfig; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -77,12 +80,18 @@ public class AuthenticationAction implements IAction { SLOInformationImpl sloInformation = new SLOInformationImpl(); - + //change to entity value from entity name to IDP EntityID (URL) + String issuerEntityID = pvpRequest.getAuthURL(); + if (issuerEntityID.endsWith("/")) + issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1); + //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(pvpRequest, authnRequest, authData, + Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, peerEntity, date, consumerService, sloInformation); - Response authResponse = AuthResponseBuilder.buildResponse(pvpRequest.getAuthURL(), authnRequest, date, assertion); + Response authResponse = AuthResponseBuilder.buildResponse( + MOAMetadataProvider.getInstance(), issuerEntityID, authnRequest, + date, assertion, authConfig.isPVP2AssertionEncryptionActive()); IEncoder binding = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 4dbc35041..8065af1a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,20 +57,18 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; @@ -92,7 +90,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -105,7 +103,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2XProtocol extends AbstractAuthProtocolModulController { @Autowired IDPCredentialProvider pvpCredentials; - @Autowired SAMLVerificationEngine samlVerificationEngine; + @Autowired SAMLVerificationEngineSP samlVerificationEngine; public static final String NAME = PVP2XProtocol.class.getName(); public static final String PATH = "id_pvp2x"; @@ -193,9 +191,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new PostBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); + InboundMessage msg = (InboundMessage) new PostBinding().decode( + req, resp, MOAMetadataProvider.getInstance(), false, + new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); pendingReq.setRequest(msg); - + //preProcess Message preProcess(req, resp, pendingReq); @@ -241,7 +241,9 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new RedirectBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); + InboundMessage msg = (InboundMessage) new RedirectBinding().decode( + req, resp, MOAMetadataProvider.getInstance(), false, + new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); pendingReq.setRequest(msg); //preProcess Message @@ -290,7 +292,9 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { req.getRemoteAddr()); //get POST-Binding decoder implementation - InboundMessage msg = (InboundMessage) new SoapBinding().decode(req, resp, MOAMetadataProvider.getInstance(), false); + InboundMessage msg = (InboundMessage) new SoapBinding().decode( + req, resp, MOAMetadataProvider.getInstance(), false, + new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL()))); pendingReq.setRequest(msg); //preProcess Message diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java index 86b31f1eb..71c5a46a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; @@ -34,7 +35,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface public interface IDecoder { public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException, PVP2Exception; public boolean handleDecode(String action, HttpServletRequest req); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 6d376faa0..46381fcc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; @@ -49,17 +50,14 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -146,26 +144,21 @@ public class PostBinding implements IDecoder, IEncoder { } public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException { HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - try { - //set metadata descriptor type - if (isSPEndPoint) { - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); - - } else { - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req)))); - } - - } catch (ConfigurationException e) { - throw new SecurityException(e); + //set metadata descriptor type + if (isSPEndPoint) { + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + + } else { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); } messageContext.setMetadataProvider(metadataProvider); @@ -173,7 +166,7 @@ public class PostBinding implements IDecoder, IEncoder { //set security policy context BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add( - new MOAPVPSignedRequestPolicyRule( + new MOAPVPSignedRequestPolicyRule(metadataProvider, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider), messageContext.getPeerEntityRole())); SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 683a72e67..1d13cbd07 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; @@ -50,17 +51,14 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -134,7 +132,7 @@ public class RedirectBinding implements IDecoder, IEncoder { } public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( @@ -144,20 +142,14 @@ public class RedirectBinding implements IDecoder, IEncoder { messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - try { - //set metadata descriptor type - if (isSPEndPoint) { - messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); - - } else { - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req)))); - } - - } catch (ConfigurationException e) { - throw new SecurityException(e); + //set metadata descriptor type + if (isSPEndPoint) { + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); + } else { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + decode.setURIComparator(comparator); } messageContext.setMetadataProvider(metadataProvider); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 12b571ed1..25b22f0ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; import org.opensaml.saml2.core.RequestAbstractType; @@ -64,7 +65,7 @@ public class SoapBinding implements IDecoder, IEncoder { @Autowired private IDPCredentialProvider credentialProvider; public InboundMessageInterface decode(HttpServletRequest req, - HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint) throws MessageDecodingException, + HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException, SecurityException, PVP2Exception { HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); BasicSAMLMessageContext messageContext = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java index 24c2626e3..aea3c2ee7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.util.ArrayList; -import java.util.Date; import java.util.List; import org.joda.time.DateTime; @@ -38,6 +37,7 @@ import org.opensaml.saml2.core.Response; import org.opensaml.saml2.encryption.Encrypter; import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.security.MetadataCriteria; import org.opensaml.xml.encryption.EncryptionException; @@ -52,11 +52,8 @@ import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -66,15 +63,12 @@ import at.gv.egovernment.moa.logging.Logger; */ public class AuthResponseBuilder { - public static Response buildResponse(String authURL, RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { + public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - //change to entity value from entity name to IDP EntityID (URL) - if (authURL.endsWith("/")) - authURL = authURL.substring(0, authURL.length()-1); - nissuer.setValue(authURL); + nissuer.setValue(issuerEntityID); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(req.getID()); @@ -91,7 +85,7 @@ public class AuthResponseBuilder { //check, if metadata includes an encryption key MetadataCredentialResolver mdCredResolver = - new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); + new MetadataCredentialResolver(metadataProvider); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) ); @@ -107,9 +101,8 @@ public class AuthResponseBuilder { throw new InvalidAssertionEncryptionException(); } - - boolean isEncryptionActive = AuthConfigurationProviderFactory.getInstance().isPVP2AssertionEncryptionActive(); - if (encryptionCredentials != null && isEncryptionActive) { + + if (encryptionCredentials != null && enableEncryption) { //encrypt SAML2 assertion try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 164583f77..c48caed29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder; import java.util.ArrayList; +import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -155,4 +156,52 @@ public class PVPAttributeBuilder { return attribute; } + /** + * Build a set of PVP Response-Attributes + *

+ * INFO: If a specific attribute can not be build, a info is logged, but no execpetion is thrown. + * Therefore, the return List must not include all requested attributes. + * + * @param authData AuthenticationData IAuthData which is used to build the attribute values, but never null + * @param reqAttributenName List of PVP attribute names which are requested, but never null + * @return List of PVP attributes, but never null + */ + public static List buildSetOfResponseAttributes(IAuthData authData, + Collection reqAttributenName) { + List attrList = new ArrayList(); + if (reqAttributenName != null) { + Iterator it = reqAttributenName.iterator(); + while (it.hasNext()) { + String reqAttributName = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttributName, null, authData); + if (attr == null) { + Logger.info( + "Attribute generation failed! for " + + reqAttributName); + + } else { + attrList.add(attr); + + } + + } catch (PVP2Exception e) { + Logger.info( + "Attribute generation failed! for " + + reqAttributName); + + } catch (Exception e) { + Logger.warn( + "General Attribute generation failed! for " + + reqAttributName, e); + + } + } + } + + return attrList; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index 0a0be2a2c..d5d84dd51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -108,8 +108,16 @@ public class PVPAuthnRequestBuilder { //set basic AuthnRequest information - SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); - authReq.setID(gen.generateIdentifier()); + String reqID = config.getRequestID(); + if (MiscUtil.isNotEmpty(reqID)) + authReq.setID(reqID); + + else { + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + } + authReq.setIssueInstant(new DateTime()); //set isPassive flag @@ -158,6 +166,9 @@ public class PVPAuthnRequestBuilder { NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); subjectNameID.setValue(config.getSubjectNameID()); + if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier())) + subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier()); + if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat())) subjectNameID.setFormat(config.getSubjectNameIDFormat()); else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 03cfe27d7..7a7044ebf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -66,7 +66,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; @@ -86,45 +85,24 @@ import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { - public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery, - List reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { - - + /** + * Build a PVP assertion as response for a SAML2 AttributeQuery request + * + * @param issuerEntityID EnitiyID, which should be used for this IDP response + * @param attrQuery AttributeQuery request from Service-Provider + * @param attrList List of PVP response attributes + * @param now Current time + * @param validTo ValidTo time of the assertion + * @param qaaLevel QAA level of the authentication + * @param sessionIndex SAML2 SessionIndex, which should be included * + * @return PVP 2.1 Assertion + * @throws ConfigurationException + */ + public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery, + List attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException { + AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); - authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); - - List attrList = new ArrayList(); - if (reqAttributes != null) { - Iterator it = reqAttributes.iterator(); - while (it.hasNext()) { - String reqAttributName = it.next(); - try { - Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttributName, null, authData); - if (attr == null) { - Logger.error( - "Attribute generation failed! for " - + reqAttributName); - - } else { - attrList.add(attr); - - } - - } catch (PVP2Exception e) { - Logger.error( - "Attribute generation failed! for " - + reqAttributName); - - } catch (Exception e) { - Logger.error( - "General Attribute generation failed! for " - + reqAttributName, e); - - } - } - } - + authnContextClassRef.setAuthnContextClassRef(qaaLevel); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); @@ -132,17 +110,31 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = null; - return buildGenericAssertion(pendingReq.getAuthURL(), attrQuery.getIssuer().getValue(), date, + return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, - new DateTime(authData.getSsoSessionValidTo().getTime())); + validTo); } - - public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest, + + + /** + * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest + * + * @param issuerEntityID EnitiyID, which should be used for this IDP response + * @param pendingReq Current processed pendingRequest DAO + * @param authnRequest Current processed PVP AuthnRequest + * @param authData AuthenticationData of the user, which is already authenticated + * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response + * @param date TimeStamp + * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used + * @param sloInformation Single LogOut information DAO + * @return + * @throws MOAIDException + */ + public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest, IAuthData authData, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { - RequestedAuthnContext reqAuthnContext = authnRequest .getRequestedAuthnContext(); @@ -282,37 +274,74 @@ public class PVP2AssertionBuilder implements PVPConstants { } NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - + //build nameID and nameID Format from moasession //TODO: nameID generation if (authData.isUseMandate()) { - Element mandate = authData.getMandate(); - if(mandate == null) { - throw new NoMandateDataAvailableException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if(mandateObject == null) { - throw new NoMandateDataAvailableException(); - } - CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); - PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + String bpktype = null; + String bpk = null; - IdentificationType id; - if(corporation != null && corporation.getIdentification().size() > 0) - id = corporation.getIdentification().get(0); - + Element mandate = authData.getMandate(); + if(mandate != null) { + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); - else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) - id = pysicalperson.getIdentification().get(0); + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + bpktype = id.getType(); + bpk = id.getValue().getValue(); + + } else { + Logger.debug("Read mandatpr bPK|baseID from PVP attributes ... "); + bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); + bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); - else { - Logger.error("Failed to generate IdentificationType"); - throw new NoMandateDataAvailableException(); + if (MiscUtil.isEmpty(bpk)) { + //no sourcePin is included --> search for bPK + bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); + + //set bPK-Type from configuration, because it MUST be equal to service-provider type + if (oaParam.getBusinessService()) { + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + bpktype = oaParam.getIdentityLinkDomainIdentifier(); + else + bpktype = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier(); + + } else { + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + bpktype = oaParam.getTarget(); + else + bpktype = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); + + } + + } else { + //sourcePin is include --> check sourcePinType + if (MiscUtil.isEmpty(bpktype)) + bpktype = Constants.URN_PREFIX_BASEID; + + } } - - String bpktype = id.getType(); - String bpk = id.getValue().getValue(); + if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) { + throw new NoMandateDataAvailableException(); + + } if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { if (oaParam.getBusinessService()) { @@ -335,7 +364,7 @@ public class PVP2AssertionBuilder implements PVPConstants { subjectNameID.setNameQualifier(bpktype); subjectNameID.setValue(bpk); } - + } else { subjectNameID.setNameQualifier(authData.getBPKType()); subjectNameID.setValue(authData.getBPK()); @@ -414,7 +443,7 @@ public class PVP2AssertionBuilder implements PVPConstants { sloInformation.setNameIDFormat(subjectNameID.getFormat()); sloInformation.setSessionIndex(sessionIndex); - return buildGenericAssertion(pendingReq.getAuthURL(), peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); + return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter()); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java index e209d0bc5..6e1798ed1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java @@ -118,6 +118,15 @@ public interface IPVPAuthnRequestBuilderConfiguruation { */ public String getSubjectNameID(); + /** + * Define the qualifier of the SubjectNameID + *

+ * Like: 'urn:publicid:gv.at:cdid+BF' + * + * @return qualifier, or null if no qualifier should be set + */ + public String getSubjectNameIDQualifier(); + /** * Define the format of the subjectNameID, which is included in authn-request * @@ -125,5 +134,13 @@ public interface IPVPAuthnRequestBuilderConfiguruation { * @return nameIDFormat, of SAML2 'transient' if nothing is defined */ public String getSubjectNameIDFormat(); + + /** + * Define a SP specific SAMK2 requestID + * + * @return requestID, or null if the requestID should be generated automatically + */ + public String getRequestID(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index bbf395a6f..58210a72c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -28,7 +28,6 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import java.util.Map; -import java.util.Properties; import java.util.jar.Attributes; import java.util.jar.Manifest; @@ -92,18 +91,18 @@ public class PVPConfiguration { private static String moaIDVersion = null; //PVP2 generalpvpconfigdb; - Properties props; - String rootDir = null; + //Properties props; + //String rootDir = null; private PVPConfiguration() { - try { - //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); - props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); - rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - - } catch (ConfigurationException e) { - e.printStackTrace(); - } +// try { +// //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); +// //props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); +// //rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); +// +// } catch (ConfigurationException e) { +// e.printStackTrace(); +// } } public List getIDPPublicPath() throws ConfigurationException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java new file mode 100644 index 000000000..3da4dc18a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java @@ -0,0 +1,38 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; + +/** + * @author tlenz + * + */ +public interface IMOARefreshableMetadataProvider { + + /** + * Refresh a entity or load a entity in a metadata provider + * + * @param entityID + * @return true, if refresh is success, otherwise false + */ + public boolean refreshMetadataProvider(String entityID); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 6e87abb06..618346485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -59,7 +59,7 @@ import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; public class MOAMetadataProvider extends SimpleMOAMetadataProvider - implements ObservableMetadataProvider, IGarbageCollectorProcessing { + implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider { private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); @@ -118,6 +118,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider MetadataProvider internalProvider; + @Override public boolean refreshMetadataProvider(String entityID) { try { OAAuthParameter oaParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 8787df82d..106be8a09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -53,9 +54,18 @@ public class AssertionAttributeExtractor { private final List minimalAttributeNameList = Arrays.asList( PVPConstants.PRINCIPAL_NAME_NAME, - PVPConstants.GIVEN_NAME_NAME); - - + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.ENC_BPK_LIST_NAME, + PVPConstants.BPK_NAME); + + /** + * Parse the SAML2 Response element and extracts included information + *

+ * INFO: Actually, only the first SAML2 Assertion of the SAML2 Response is used! + * + * @param samlResponse SAML2 Response + * @throws AssertionAttributeExtractorExeption + */ public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption { if (samlResponse != null && samlResponse instanceof Response) { List assertions = ((Response) samlResponse).getAssertions(); @@ -96,6 +106,27 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption(); } + /** + * Get all SAML2 attributes from first SAML2 AttributeStatement element + * + * @return List of SAML2 Attributes + */ + public List getAllResponseAttributesFromFirstAttributeStatement() { + return assertion.getAttributeStatements().get(0).getAttributes(); + + } + + /** + * Get all SAML2 attributes of specific SAML2 AttributeStatement element + * + * @param attrStatementID List ID of the AttributeStatement element + * @return List of SAML2 Attributes + */ + public List getAllResponseAttributes(int attrStatementID) { + return assertion.getAttributeStatements().get(attrStatementID).getAttributes(); + + } + /** * check attributes from assertion with minimal required attribute list * @return @@ -107,7 +138,7 @@ public class AssertionAttributeExtractor { /** * check attributes from assertion with attributeNameList - * bPK or enc_bPK is always needed + * bPK or enc_bPK are always needed * * @param List of attributes which are required * @@ -116,24 +147,24 @@ public class AssertionAttributeExtractor { public boolean containsAllRequiredAttributes(Collection attributeNameList) { //first check if a bPK or an encrypted bPK is available - if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) || - (attributs.containsKey(PVPConstants.BPK_NAME))) { - boolean flag = true; - for (String attr : attributeNameList) { - if (!attributs.containsKey(attr)) { - flag = false; - Logger.debug("Assertion contains no Attribute " + attr); - - } - + boolean flag = true; + for (String attr : attributeNameList) { + if (!attributs.containsKey(attr)) { + flag = false; + Logger.debug("Assertion contains no Attribute " + attr); + } - - return flag; - + } - Logger.debug("Assertion contains no bPK or encryptedbPK."); - return false; + if (flag) + return flag; + + else { + Logger.debug("Assertion contains no bPK or encryptedbPK."); + return false; + + } } public boolean containsAttribute(String attributeName) { @@ -218,6 +249,29 @@ public class AssertionAttributeExtractor { return assertion; } + + /** + * Get the Assertion validTo period + * + * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used. + * If this is empty, this method returns value of SAML 'Conditions' element. + * + * @return Date, until this SAML2 assertion is valid + */ + public Date getAssertionNotOnOrAfter() { + if (getFullAssertion().getAuthnStatements() != null + && getFullAssertion().getAuthnStatements().size() > 0) { + for (AuthnStatement el : getFullAssertion().getAuthnStatements()) { + if (el.getSessionNotOnOrAfter() != null) + return (el.getSessionNotOnOrAfter().toDate()); + } + + } + + return getFullAssertion().getConditions().getNotOnOrAfter().toDate(); + + } + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { List authnList = assertion.getAuthnStatements(); if (authnList.size() == 0) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java index f62410656..86ca591ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java @@ -139,7 +139,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit throw new SecurityPolicyException("Signature validation FAILED."); } - Logger.debug("PVP AuthnRequest signature valid."); + Logger.debug("PVP message signature valid."); } catch (org.opensaml.xml.security.SecurityException e) { Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage()); @@ -148,7 +148,7 @@ public abstract class AbstractRequestSignedSecurityPolicyRule implements Securit } } else { - throw new SecurityPolicyException("Request is not signed."); + throw new SecurityPolicyException("PVP Message is not signed."); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java index 932f3b818..7b3f890e9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java @@ -25,10 +25,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.validation; import javax.xml.namespace.QName; import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.xml.XMLObject; import org.opensaml.xml.signature.SignatureTrustEngine; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; +import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -37,13 +39,19 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; public class MOAPVPSignedRequestPolicyRule extends AbstractRequestSignedSecurityPolicyRule { + private IMOARefreshableMetadataProvider metadataProvider = null; + /** + * @param metadataProvider * @param trustEngine * @param peerEntityRole */ - public MOAPVPSignedRequestPolicyRule(SignatureTrustEngine trustEngine, + public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine, QName peerEntityRole) { super(trustEngine, peerEntityRole); + if (metadataProvider instanceof IMOARefreshableMetadataProvider) + this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider; + } /* (non-Javadoc) @@ -51,7 +59,10 @@ public class MOAPVPSignedRequestPolicyRule extends */ @Override protected boolean refreshMetadataProvider(String entityID) { - return MOAMetadataProvider.getInstance().refreshMetadataProvider(entityID); + if (metadataProvider != null) + return metadataProvider.refreshMetadataProvider(entityID); + + return false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index 5e44c9057..f384dd511 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -22,50 +22,30 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; -import java.util.ArrayList; -import java.util.List; - import javax.xml.namespace.QName; import javax.xml.transform.dom.DOMSource; import javax.xml.validation.Schema; import javax.xml.validation.Validator; -import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.common.xml.SAMLSchemaBuilder; -import org.opensaml.saml2.core.Conditions; -import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.encryption.Decrypter; -import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCriteria; import org.opensaml.security.SAMLSignatureProfileValidator; -import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; -import org.opensaml.xml.encryption.DecryptionException; -import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; -import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.validation.ValidationException; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -77,8 +57,6 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("SAMLVerificationEngine") public class SAMLVerificationEngine { - @Autowired AuthConfiguration authConfig; - public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { try { if (msg instanceof MOARequest && @@ -181,111 +159,8 @@ public class SAMLVerificationEngine { throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } - - public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption) throws AssertionValidationExeption { - try { - if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { - List saml2assertions = new ArrayList(); - - //validate destination URL - List allowedPublicURLPrefix = authConfig.getPublicURLPrefix(); - boolean isValidDestination = false; - for (String allowedPreFix : allowedPublicURLPrefix) { - if (validateDestination && samlResp.getDestination().startsWith( - allowedPreFix)) { - isValidDestination = true; - break; - - } - } - if (!isValidDestination && validateDestination) { - Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); - throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); - - } - - //check encrypted Assertion - List encryAssertionList = samlResp.getEncryptedAssertions(); - if (encryAssertionList != null && encryAssertionList.size() > 0) { - //decrypt assertions - - Logger.debug("Found encryped assertion. Start decryption ..."); - - StaticKeyInfoCredentialResolver skicr = - new StaticKeyInfoCredentialResolver(assertionDecryption); - - ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); - encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); - encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); - - Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); - - for (EncryptedAssertion encAssertion : encryAssertionList) { - saml2assertions.add(samlDecrypter.decrypt(encAssertion)); - - } - - Logger.debug("Assertion decryption finished. "); - - } else { - saml2assertions.addAll(samlResp.getAssertions()); - - } - - List validatedassertions = new ArrayList(); - for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { - - try { - performSchemaValidation(saml2assertion.getDOM()); - - Conditions conditions = saml2assertion.getConditions(); - DateTime notbefore = conditions.getNotBefore().minusMinutes(5); - DateTime notafter = conditions.getNotOnOrAfter(); - if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { - Logger.warn("PVP2 Assertion is out of Date. " - + "{ Current : " + new DateTime() - + " NotBefore: " + notbefore - + " NotAfter : " + notafter - + " }");; - - } else { - validatedassertions.add(saml2assertion); - - } - - } catch (SchemaValidationException e) { - - } - } - - if (validatedassertions.isEmpty()) { - Logger.info("No valid PVP 2.1 assertion received."); - throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); - } - - samlResp.getAssertions().clear(); - samlResp.getEncryptedAssertions().clear(); - samlResp.getAssertions().addAll(validatedassertions); - - } else { - Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " - + samlResp.getStatus().getStatusCode().getValue()); - throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " - + samlResp.getStatus().getStatusCode().getValue(), null); - } - - } catch (DecryptionException e) { - Logger.warn("Assertion decrypt FAILED.", e); - throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); - - } catch (ConfigurationException e) { - throw new AssertionValidationExeption("pvp.12", null, e); - } - } - - private void performSchemaValidation(Element source) throws SchemaValidationException { + + protected void performSchemaValidation(Element source) throws SchemaValidationException { String err = null; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java new file mode 100644 index 000000000..cd80d8c24 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java @@ -0,0 +1,161 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.ArrayList; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.encryption.Decrypter; +import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; +import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; +import org.opensaml.xml.encryption.DecryptionException; +import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; +import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("SAMLVerificationEngineSP") +public class SAMLVerificationEngineSP extends SAMLVerificationEngine { + + @Autowired AuthConfiguration authConfig; + + public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption) throws AssertionValidationExeption { + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + List saml2assertions = new ArrayList(); + + //validate destination URL + List allowedPublicURLPrefix = authConfig.getPublicURLPrefix(); + boolean isValidDestination = false; + for (String allowedPreFix : allowedPublicURLPrefix) { + if (validateDestination && samlResp.getDestination().startsWith( + allowedPreFix)) { + isValidDestination = true; + break; + + } + } + if (!isValidDestination && validateDestination) { + Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + + } + + //check encrypted Assertion + List encryAssertionList = samlResp.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + //decrypt assertions + + Logger.debug("Found encryped assertion. Start decryption ..."); + + StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(assertionDecryption); + + ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); + + Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + Logger.debug("Assertion decryption finished. "); + + } else { + saml2assertions.addAll(samlResp.getAssertions()); + + } + + List validatedassertions = new ArrayList(); + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + try { + performSchemaValidation(saml2assertion.getDOM()); + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore().minusMinutes(5); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + Logger.warn("PVP2 Assertion is out of Date. " + + "{ Current : " + new DateTime() + + " NotBefore: " + notbefore + + " NotAfter : " + notafter + + " }");; + + } else { + validatedassertions.add(saml2assertion); + + } + + } catch (SchemaValidationException e) { + + } + } + + if (validatedassertions.isEmpty()) { + Logger.info("No valid PVP 2.1 assertion received."); + throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); + } + + samlResp.getAssertions().clear(); + samlResp.getEncryptedAssertions().clear(); + samlResp.getAssertions().addAll(validatedassertions); + + } else { + Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue()); + throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue(), null); + } + + } catch (DecryptionException e) { + Logger.warn("Assertion decrypt FAILED.", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); + + } catch (ConfigurationException e) { + throw new AssertionValidationExeption("pvp.12", null, e); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 316ca2177..10594d6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -53,7 +53,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.Random; @@ -440,10 +439,6 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } - //set additional information for AttributeQuery - activeOA.setAttQueryContainerID(protocolRequest.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_ATTRQUERYCONTAINERID, String.class)); - List activeOAs = dbsession.getActiveOAsessions(); activeOAs.add(activeOA); dbsession.setActiveOAsessions(activeOAs); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index cf2e9d6d5..a53d7e920 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -105,6 +105,7 @@ builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus die builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen. builder.07=Fehlerhaftes SecurityLayer Template. +builder.08=Authentication process could NOT completed. Reason: {0} service.00=Fehler beim Aufruf des Web Service: {0} service.01=Fehler beim Aufruf des Web Service: kein Endpoint @@ -220,6 +221,8 @@ validator.70=Das einmale Tokken im signierten AuthBlock ({0}) stimmt nicht mit d validator.71=Das Signaturzertifikat ist nicht qualifiziert. validator.72=Das Signaturzertifikat ist nicht qualifiziert und es wurde keine OID f\u00FCr Test Identit\u00E4ten gefunden. +validator.73=Das MIS-Vollmachtenservice und das ELGA-Vollmachtenservice k\u00f6nnen nicht in einem Anmeldevorgang verwendet werden. + ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen stork.00=STORK SAML AuthnRequest konnte nicht signiert werden @@ -284,10 +287,11 @@ sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for fe sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata. sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding. sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found. -sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode {2}. +sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}. sp.pvp2.06=Receive invalid PVP Response from {0}. Assertion does not contain all required attributes. sp.pvp2.07=Receive invalid PVP Response from {0}. Attribute {1} is not valid. sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not valid or allowed. +sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4} oauth20.01=Fehlerhafte redirect url oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}" diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 2aed7d47d..a81540e2b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -85,6 +85,7 @@ builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus die builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. builder.06=4400 builder.07=9002 +builder.08=TODO service.00=4300 service.03=4300 @@ -109,6 +110,7 @@ sp.pvp2.05=TODO sp.pvp2.06=TODO sp.pvp2.07=TODO sp.pvp2.08=TODO +sp.pvp2.09=TODO validator.00=1102 validator.01=1102 @@ -178,6 +180,9 @@ validator.69=1106 validator.70=1106 validator.71=1105 +validator.72=TODO +validator.73=TODO + ssl.01=1107 stork.00=1200 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index bead2f593..44ae43115 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -70,10 +70,7 @@ public class OASessionStore implements Serializable{ @Column(name = "attributequeryused", unique=false, nullable=false) private boolean attributeQueryUsed = false; - - @Column(name = "attQueryContainerID", unique=false, nullable=true) - private String attQueryContainerID = null; - + @Column(name = "created", updatable=false, nullable=false) // @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -203,24 +200,5 @@ public class OASessionStore implements Serializable{ this.authURL = authURL; } - /** - * @return the attQueryContainerID - */ - public String getAttQueryContainerID() { - return attQueryContainerID; - } - - /** - * @param attQueryContainerID the attQueryContainerID to set - */ - public void setAttQueryContainerID(String attQueryContainerID) { - this.attQueryContainerID = attQueryContainerID; - } - - - - - - } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index e3afc713b..aff6b1ca6 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -54,7 +54,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { //execute default task initialization defaultTaskInitialization(req, executionContext); - boolean useMandate = moasession.getUseMandate(); + boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 54db1d8ff..b1b87f68d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; @@ -62,91 +63,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - Logger.info("BKU is selected -> Start BKU communication ..."); - defaultTaskInitialization(request, executionContext); - - boolean isLegacyRequest = false; - Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); - if (isLegacyRequestObj != null && isLegacyRequestObj instanceof Boolean) - isLegacyRequest = (boolean) isLegacyRequestObj; - - if (isLegacyRequest) { - //parse request parameter into MOASession - Logger.info("Start Authentication Module: " + pendingReq.requestedModule() - + " Action: " + pendingReq.requestedAction()); - - authInitialisationParser.parse(executionContext, request, moasession, pendingReq); - - } else { - String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); - String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE); - String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); - - if (MiscUtil.isEmpty(bkuid)) { - Logger.warn("BKU-type is empty. Maybe an old BKU-selection template is in use."); - throw new MOAIDException("auth.23", new Object[] {}); - } - - //load OA Config - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); - - else { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); - - //get Target from config or from request in case of SAML 1 - String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getGenericData("target", String.class)) && - pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) - target = pendingReq.getGenericData("target", String.class); - else - target = oaParam.getTarget(); - - String bkuURL = oaParam.getBKUURL(bkuid); - if (MiscUtil.isEmpty(bkuURL)) { - Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = authConfig.getDefaultBKUURL(bkuid); - } - - //search for OA specific template - String templateURL = null; - List oaTemplateURLList = oaParam.getTemplateURL(); - if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 - && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) { - templateURL = oaTemplateURLList.get(0); - - } else { - templateURL = authConfig.getSLRequestTemplates(bkuid); - } - - //make url absolut if it is a local url - if (MiscUtil.isNotEmpty(templateURL)) - templateURL = FileUtils.makeAbsoluteURL(templateURL, - authConfig.getRootConfigFileDir()); - - if (oaParam.isOnlyMandateAllowed()) - useMandate = "true"; - - if (!oaParam.isShowMandateCheckBox()) - useMandate = "false"; - - //parse all OA parameters i - authInitialisationParser.parse( moasession, - target, - pendingReq.getOAURL(), - bkuURL, - templateURL, - useMandate, - ccc, - request, - pendingReq); - } - } - - executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate()); + // + internalInitializeWithoutPersist(executionContext, request, response); // make sure MOASession and Pending-Request has been persisted before running the process try { @@ -171,5 +89,97 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } } + + protected void internalInitializeWithoutPersist(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException { + + Logger.info("BKU is selected -> Start BKU communication ..."); + defaultTaskInitialization(request, executionContext); + + boolean isLegacyRequest = false; + Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); + if (isLegacyRequestObj != null && isLegacyRequestObj instanceof Boolean) + isLegacyRequest = (boolean) isLegacyRequestObj; + + if (isLegacyRequest) { + //parse request parameter into MOASession + Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + + " Action: " + pendingReq.requestedAction()); + + authInitialisationParser.parse(executionContext, request, moasession, pendingReq); + + } else { + String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); + String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE); + String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + + if (MiscUtil.isEmpty(bkuid)) { + Logger.warn("BKU-type is empty. Maybe an old BKU-selection template is in use."); + throw new MOAIDException("auth.23", new Object[] {}); + } + + //load OA Config + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + + else { + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + + //get Target from config or from request in case of SAML 1 + String target = null; + if (MiscUtil.isNotEmpty(pendingReq.getGenericData("target", String.class)) && + pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) + target = pendingReq.getGenericData("target", String.class); + else + target = oaParam.getTarget(); + + String bkuURL = oaParam.getBKUURL(bkuid); + if (MiscUtil.isEmpty(bkuURL)) { + Logger.info("No OA specific BKU defined. Use BKU from default configuration"); + bkuURL = authConfig.getDefaultBKUURL(bkuid); + } + + //search for OA specific template + String templateURL = null; + List oaTemplateURLList = oaParam.getTemplateURL(); + if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 + && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) { + templateURL = oaTemplateURLList.get(0); + + } else { + templateURL = authConfig.getSLRequestTemplates(bkuid); + } + + //make url absolut if it is a local url + if (MiscUtil.isNotEmpty(templateURL)) + templateURL = FileUtils.makeAbsoluteURL(templateURL, + authConfig.getRootConfigFileDir()); + + if (oaParam.isOnlyMandateAllowed()) + useMandate = "true"; + + if (!oaParam.isShowMandateCheckBox()) + useMandate = "false"; + + //parse all OA parameters i + authInitialisationParser.parse( moasession, + target, + pendingReq.getOAURL(), + bkuURL, + templateURL, + useMandate, + ccc, + request, + pendingReq); + } + } + + executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.isMandateUsed()); + executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, moasession.isMandateUsed()); + + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 464c1f3a1..cd444f7c8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -89,7 +89,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.14", null); } - if (moasession.getUseMandate()) { + if (moasession.isMandateUsed()) { // verify certificate for OrganWalter authServer.verifyCertificate(moasession, cert, pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index e346c8bee..7b5a7b9c0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -56,7 +56,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.httpclient.HostConfiguration; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.methods.StringRequestEntity; @@ -148,7 +147,6 @@ public class MISSimpleClient { //misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate))); misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes())); - misMandate.setFullMandateIncluded(true); foundMandates.add(misMandate); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 74792ed72..afa3fe2ad 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -38,7 +38,7 @@ - + diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 909b29fab..8471439e2 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -79,6 +79,4 @@ public class Constants { public static final int eIDAS_REVERSIONSLOG_SP_AUTHREQUEST= 3403; public static final int eIDAS_REVERSIONSLOG_SP_AUTHRESPONSE= 3404; - public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country"; - } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index dea9e675e..9858d6004 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeLis import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EIDASAuthnResponse; @@ -72,6 +73,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); + //set issuer nation as PVP attribute into MOASession + moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + //store MOA-session to database authenticatedSessionStorage.storeSession(moasession); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 4caa6700a..1e3b0f507 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -153,7 +154,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { // - memorize country code of target country pendingReq.setGenericDataToSession( - Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry()); + RequestImpl.eIDAS_GENERIC_REQ_DATA_COUNTRY, samlReq.getCountry()); // - memorize requested attributes pendingReq.setEidasRequestedAttributes(new MOAPersonalAttributeList(samlReq.getPersonalAttributeList())); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index d75d4b1b9..5f3f89aee 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -37,7 +37,6 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; @@ -90,8 +89,9 @@ public class eIDASAuthenticationRequest implements IAction { case Constants.eIDAS_ATTR_DATEOFBIRTH: newValue = new SimpleDateFormat("YYYY-MM-dd").format(authData.getDateOfBirth()); break; case Constants.eIDAS_ATTR_CURRENTFAMILYNAME: newValue = authData.getFamilyName();break; case Constants.eIDAS_ATTR_CURRENTGIVENNAME: newValue = authData.getGivenName();break; - case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = new BPKBuilder().buildStorkeIdentifier(authData.getIdentificationType(), authData.getIdentificationValue(), - eidasRequest.getGenericData(Constants.eIDAS_GENERIC_REQ_DATA_COUNTRY, String.class)); break; + + //TODO: change bPK builder !!!!!! + case Constants.eIDAS_ATTR_PERSONALIDENTIFIER: newValue = authData.getBPK(); break; } if("".equals(newValue)) diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index b521116d3..320c4fdc6 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -42,6 +42,8 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest private EntityDescriptor idpEntity; private Credential signCred; private String subjectNameID; + private String subjectNameIDQualifier; + private String requestID; /* (non-Javadoc) @@ -73,7 +75,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest */ @Override public String getNameIDPolicyFormat() { - return NameID.TRANSIENT; + return NameID.PERSISTENT; } /* (non-Javadoc) @@ -81,7 +83,7 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest */ @Override public boolean getNameIDPolicyAllowCreation() { - return true; + return false; } /* (non-Javadoc) @@ -143,6 +145,15 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest this.subjectNameID = subjectNameID; } + + + /** + * @param requestID the requestID to set + */ + public void setRequestID(String requestID) { + this.requestID = requestID; + } + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() */ @@ -183,5 +194,30 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest return NameID.PERSISTENT; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.requestID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return this.subjectNameIDQualifier; + } + + /** + * @param subjectNameIDQualifier the subjectNameIDQualifier to set + */ + public void setSubjectNameIDQualifier(String subjectNameIDQualifier) { + this.subjectNameIDQualifier = subjectNameIDQualifier; + } + + + } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java new file mode 100644 index 000000000..50bac3eab --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java @@ -0,0 +1,107 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("ELGAInitializeBKUAuthenticationTask") +public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask { + + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + //perform Default-BKU authentication initialization + internalInitializeWithoutPersist(executionContext, request, response); + + //perform ELGA Mandate-Service specific parts + Logger.debug("Perfom ELGA-Mandate specific parts of initialisation."); + Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE); + + boolean elgaMandateUsed = false; + Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE); + if (elgaMandateUsedObj == null || + !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) { + Logger.error("Use ELGA-MandateService flag has a wrong type."); + throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"}); + + } else { + if (elgaMandateUsedObj instanceof String) + elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj); + else + elgaMandateUsed = (boolean) elgaMandateUsedObj; + + } + + + //check if both mandate Services are requested + if ( (misMandateUsed != null && misMandateUsed) && + elgaMandateUsed ) { + Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince"); + throw new MOAIDException("validator.73", null); + + } + + //remove MIS-Mandate flag and set useMandate flag to MOASession + if (elgaMandateUsed) { + Logger.debug("Authentication process select ELGA-MandateService."); + executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE); + moasession.setUseMandates(elgaMandateUsed); + } + + //disable SSO if it is requested + if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) { + Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request."); + pendingReq.setNeedSingleSignOnFunctionality(false); + + + } + + //store MOASession and pendingRequest + requestStoreage.storePendingRequest(pendingReq); + authenticatedSessionStorage.storeSession(moasession); + + } catch (MOADatabaseException | MOAIDException e) { + Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 13e17e03e..a5e316f10 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,6 +37,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -46,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCred import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; @@ -55,7 +57,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -67,7 +69,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Component("ReceiveElgaMandateResponseTask") public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { - @Autowired SAMLVerificationEngine samlVerificationEngine; + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired ELGAMandatesCredentialProvider credentialProvider; @Autowired ELGAMandateServiceMetadataProvider metadataProvider; @@ -81,13 +83,18 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { try { IDecoder decoder = null; + MOAURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); + comperator = new MOAURICompare(pendingReq.getAuthURL() + + ELGAMandatesAuthConstants.ENDPOINT_POST); Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); + comperator = new MOAURICompare(pendingReq.getAuthURL() + + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT); Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding."); } else { @@ -99,7 +106,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } //decode PVP response object - msg = (InboundMessage) decoder.decode(request, response, metadataProvider, true); + msg = (InboundMessage) decoder.decode(request, response, metadataProvider, true, + comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { throw new InvalidProtocolRequestException("sp.pvp2.04", @@ -138,7 +146,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //validate receive mandate reference-value String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); if (!moasession.getMandateReferenceValue().equals(responseRefValue)) { - Logger.warn("PVP Response from ELGA mandate-service contains not all requested attributes."); + Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue."); throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME}); @@ -157,30 +165,35 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //store MOASession authenticatedSessionStorage.storeSession(moasession); - //TODO write log entries - //revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); + //write revisions log entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED); Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); } catch (MessageDecodingException | SecurityException e) { String samlRequest = request.getParameter("SAMLRequest"); Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e); } catch (IOException | MarshallingException | TransformerException e) { Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e); } catch (CredentialsNotAvailableException e) { Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e); } catch (AssertionValidationExeption | AuthnResponseValidationException e) { - Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); + Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); } catch (Exception e) { - Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage()); + Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e); } @@ -210,12 +223,36 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { return msg; } else { - Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() - + " from federated IDP."); - throw new AuthnResponseValidationException("sp.pvp2.04", - new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, - samlResp.getIssuer().getValue(), - samlResp.getStatus().getStatusCode().getValue()}); + String errorMsg = "No error message"; + StatusCode firstCode = samlResp.getStatus().getStatusCode(); + + //get errormessage from response + if (samlResp.getStatus().getStatusMessage() != null && + MiscUtil.isNotEmpty(samlResp.getStatus().getStatusMessage().getMessage())) + errorMsg = samlResp.getStatus().getStatusMessage().getMessage(); + + //extract response status-codes + if (firstCode.getStatusCode() == null) { + Logger.info("Receive StatusCode:" + firstCode.getValue() + " | Msg:" + errorMsg + + " from federated IDP."); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + firstCode.getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } else { + StatusCode secondCode = firstCode.getStatusCode(); + Logger.info("Receive StatusCode:" + firstCode.getValue() + " -> StatusCode:" + secondCode.getValue() + + " | Msg:" + errorMsg + " from federated IDP."); + throw new AuthnResponseValidationException("sp.pvp2.09", + new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + firstCode.getValue(), + secondCode.getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index bcd8076bc..2a3e72640 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -34,6 +34,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -92,7 +93,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { authnReqConfig.setPassive(false); authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_METADATA); - + //set bPK of representative String representativeBPK = null; @@ -129,15 +130,19 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { } } - - //TODO: check subjectNameID: as per PVP S-Profile specification, - // subjectNameID starts with target postfix (like. GH:xxxxxxxxxxxxx) + + //set bPK of representative as SAML2 subjectNameID authnReqConfig.setSubjectNameID(representativeBPK ); + authnReqConfig.setSubjectNameIDQualifier(configTarget); + + //set MandateReferenceValue as RequestID + authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); //build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); - //TODO: TODO: add revisionslog entries + //write revisions log entry + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue()); } catch (MetadataProviderException e) { throw new TaskExecutionException(pendingReq, "ELGA Mandate-Service metadata problem", new ELGAMetadataException("service.10", diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 6deb8eb2b..49f131983 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -197,13 +197,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING); - metadataProvider.setRequireValidMetadata(true); - - if (metadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider."); } + + metadataProvider.setRequireValidMetadata(true); } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index b648e4d27..8cd08d226 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -5,7 +5,7 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - + @@ -25,9 +25,9 @@ - + - + @@ -43,7 +43,7 @@ - + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml index 6e567a42c..c1abe78df 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml @@ -27,6 +27,10 @@ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/> + + diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 030cd32a0..4684c8032 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -78,12 +78,6 @@ guava 19.0 - - diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 17e88e381..103a03063 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -89,21 +89,12 @@ public class SSOTransferAuthenticationData implements IAuthData { return true; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isInterfederatedSSOSession() - */ - @Override - public boolean isInterfederatedSSOSession() { - // TODO Auto-generated method stub - return false; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#isUseMandate() */ @Override public boolean isUseMandate() { - return this.authSession.getUseMandate(); + return this.authSession.isMandateUsed(); } /* (non-Javadoc) @@ -167,15 +158,6 @@ public class SSOTransferAuthenticationData implements IAuthData { return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getInterfederatedIDP() - */ - @Override - public String getInterfederatedIDP() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationValue() */ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 4d41ff652..dea538f75 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -105,7 +105,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -139,7 +139,7 @@ public class SSOContainerUtils { } @Autowired IDPCredentialProvider credentials; - @Autowired SAMLVerificationEngine samlVerificationEngine; + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired AuthConfiguration authConfig; public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 1beab574a..57f4d11ad 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -22,17 +22,6 @@ */ package at.gv.egiz.tests; -import java.io.IOException; - -import org.hibernate.mapping.Map; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - /** * @author tlenz * @@ -65,10 +54,10 @@ public class Tests { - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java index 4ae162f5a..19eae06d7 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java @@ -171,7 +171,22 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque */ @Override public String getSubjectNameIDFormat() { - // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { return null; } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index a07a87c2b..d5c5354c0 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -32,12 +32,9 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; import org.opensaml.saml2.core.Attribute; -import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusCode; import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; @@ -45,8 +42,11 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -55,12 +55,12 @@ import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCr import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.FederatedAuthenticatenContainer; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -73,11 +73,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -88,11 +86,12 @@ import at.gv.egovernment.moa.util.MiscUtil; @Component("ReceiveFederatedAuthnResponseTask") public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { - @Autowired private SAMLVerificationEngine samlVerificationEngine; + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; @Autowired private FederatedAuthCredentialProvider credentialProvider; @Autowired private SSOManager ssoManager; @Autowired private AttributQueryBuilder attributQueryBuilder; - @Autowired private ITransactionStorage transactionStorage; + @Autowired private AuthenticationDataBuilder authDataBuilder; + /* (non-Javadoc) @@ -106,13 +105,16 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { IDecoder decoder = null; + MOAURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); + comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); + comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding."); } else { @@ -123,7 +125,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //decode PVP response object - msg = (InboundMessage) decoder.decode(request, response, MOAMetadataProvider.getInstance(), true); + msg = (InboundMessage) decoder.decode( + request, response, MOAMetadataProvider.getInstance(), true, + comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); @@ -179,8 +183,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } else { //SP is real Service-Provider --> check attributes in response // and start Attribute-Query if required - - //get authenticationData and store it into MOASession + getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), idpConfig); @@ -197,7 +200,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //store valid assertion into pending-request pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - + pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -245,55 +249,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); Collection requestedAttr = pendingReq.getRequestedAttributes(); - + //check if SAML2 Assertion contains a minimal set of attributes if (!extractor.containsAllRequiredAttributes()) { - Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); - //collect attributes by using BackChannel communication - String endpoint = idpConfig.getIDPAttributQueryServiceURL(); - if (MiscUtil.isEmpty(endpoint)) { - Logger.error("No AttributeQueryURL for interfederationIDP " + idpConfig.getPublicURLPrefix()); - throw new ConfigurationException("config.26", new Object[]{idpConfig.getPublicURLPrefix()}); - - } - + Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); + //build attributQuery request List attributs = attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); - AttributeQuery query = - attributQueryBuilder.buildAttributQueryRequest(extractor.getNameID(), endpoint, attributs); - - //build SOAP request - List xmlObjects = MOASAMLSOAPClient.send(endpoint, query); - if (xmlObjects.size() == 0) { - Logger.error("Receive emptry AttributeQuery response-body."); - throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null); - - } - - if (xmlObjects.get(0) instanceof Response) { - Response intfResp = (Response) xmlObjects.get(0); - - //validate PVP 2.1 response - try { - samlVerificationEngine.verifyIDPResponse(intfResp, - TrustEngineFactory.getSignatureKnownKeysTrustEngine( - MOAMetadataProvider.getInstance())); - - //create assertion attribute extractor from AttributeQuery response - extractor = new AssertionAttributeExtractor(intfResp); - - } catch (Exception e) { - Logger.warn("PVP 2.1 assertion validation FAILED.", e); - throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e); - } - - } else { - Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); - throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null); - - } + //request IDP to get additional attributes + extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), idpConfig); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); @@ -314,14 +280,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); - } - - } catch (SOAPException e) { - throw new BuildException("builder.06", null, e); - - } catch (SecurityException e) { - throw new BuildException("builder.06", null, e); + } + //set validTo from this federated IDP response + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, + extractor.getAssertionNotOnOrAfter()); + } catch (AttributQueryException e) { throw new BuildException("builder.06", null, e); @@ -334,6 +299,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionAttributeExtractorExeption e) { throw new BuildException("builder.06", null, e); + } catch (MOAIDException e) { + throw new BuildException("builder.06", null, e); + } } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 5eb39880e..9d0dac0f8 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -26,9 +26,12 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.List; import java.util.Vector; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.namespace.QName; import javax.xml.parsers.ParserConfigurationException; @@ -40,7 +43,10 @@ import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; @@ -48,7 +54,6 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -61,7 +66,9 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -262,15 +269,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer { person.getIdentification().add(id ); Value value = new Value(); id.setValue(value ); - - id.setType(authData.getIdentificationType()); - //add baseID if it is requested and available - if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) && - saml1parameter.isProvideIdentityLink() ) + + if ( MiscUtil.isNotEmpty(authData.getIdentificationValue()) && + saml1parameter.isProvideIdentityLink() && !authData.isBusinessService()) { + //add baseID if it is requested and available and SP is publicService value.setValue(authData.getIdentificationValue()); - else - value.setValue(""); - + id.setType(authData.getIdentificationType()); + + } else { + //otherwise add bPK + value.setValue(authData.getBPK()); + id.setType(authData.getBPKType()); + + } + familyName.setValue(authData.getFamilyName()); familyName.setPrimary("undefined"); name.getGivenName().add(authData.getGivenName()); @@ -310,14 +322,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - String samlAssertion; + String samlAssertion; + + //add mandate info's if (authData.isUseMandate()) { List oaAttributes = authData.getExtendedSAMLAttributesOA(); - //only provide full mandate if it is included. - //In case of federation only a short mandate could be include + //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() - && authData.getMISMandate().isFullMandateIncluded()) { + && authData.getMISMandate() != null) { try { @@ -442,33 +455,36 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - IdentityLink tempIdentityLink = null; - + Element prPerson = null; + String identificationType = ""; + String identificationValue = ""; + Element mandate = authData.getMandate(); + if (mandate == null) { + //no full-mandate include + Logger.info("AuthData contains no full-mandate. Starting 'mandateDate' generation from PVP attributes ..."); + mandate = generateMandateDateFromPVPMandateAttributes(authData); + + } - if (authData.isUseMandate()) { - tempIdentityLink = new IdentityLink(); + if (mandate != null) { Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; - Element prPerson = null; String familyName = ""; String givenName = ""; - String identificationType = ""; - String identificationValue = ""; if (mandator != null) { boolean physical = ParepUtils.isPhysicalPerson(mandator); if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { familyName = ParepUtils.extractMandatorFullName(mandator); + } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); + + identificationType = ParepUtils.getIdentification(mandator, "Type"); identificationValue = ParepUtils.extractMandatorWbpk(mandator); prPerson = ParepUtils.extractPrPersonOfMandate(mandate); @@ -495,33 +511,19 @@ public class SAML1AuthenticationServer extends AuthenticationServer { ParepUtils .HideStammZahlen(prPerson, true, null, null, true); } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(authData.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - } - + } - - Element mandatePerson = tempIdentityLink.getPrPerson(); - - String mandateData = null; - try { + + if (prPerson == null) { + Logger.warn("Mandates are enabled, but no mandate-information is found in authData."); + throw new AuthenticationException("auth.16", new Object[] { "Mandates are enabled, but no mandate information is included" }); + } + + try { boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); - - String oatargetType; - + String oatargetType; if(oaParam.getBusinessService()) { if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) oatargetType = oaParam.getIdentityLinkDomainIdentifier(); @@ -530,64 +532,166 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } else { oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); + Element prIdentification = (Element) prPerson. + getElementsByTagNameNS(Constants.PD_NS_URI,"Identification").item(0); - if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); + if (!oatargetType.equals(identificationType)) { + String isPrPerson = prPerson.getAttribute("xsi:type"); if (!StringUtils.isEmpty(isPrPerson)) { if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, oaParam.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); + + String baseid = getBaseId(prPerson); + Element identificationBpK; + if (MiscUtil.isNotEmpty(baseid)) { + identificationBpK = createIdentificationBPK(prPerson, baseid, oaParam.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + prPerson.insertBefore(identificationBpK, + prIdentification); + + } else { + Logger.info("No baseID included. --> Build 'MandateDate' without baseID"); + } + + - mandatePerson.insertBefore(identificationBpK, - prIdentification); + } } } else { - -// Element identificationBpK = mandatePerson.getOwnerDocument() -// .createElementNS(Constants.PD_NS_URI, "Identification"); -// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Value"); -// -// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// tempIdentityLink.getIdentificationValue())); -// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( -// Constants.PD_NS_URI, "Type"); -// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( -// "urn:publicid:gv.at:cdid+bpk")); -// identificationBpK.appendChild(valueBpK); -// identificationBpK.appendChild(typeBpK); -// -// mandatePerson.insertBefore(identificationBpK, prIdentification); + ; } - - mandateData = DOMUtils.serializeNode(mandatePerson); + return DOMUtils.serializeNode(prPerson); } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); + throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }); } - return mandateData; } + private Element generateMandateDateFromPVPMandateAttributes(IAuthData authdata) throws BuildException { + String legalSourcePin = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class); + String legalSourceType = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class); + String legalCommonName = authdata.getGenericData(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME, String.class); + + String natSourcePin = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class); + String natSourcePinType = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class); + String natbPK = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class); + + String natGivenName = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class); + String natFamilyName = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class); + String natDateOfBirth = authdata.getGenericData(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME, String.class); + + Mandate mandateObject = new Mandate(); + Mandator mandator = new Mandator(); + mandateObject.setMandator(mandator); + + if (MiscUtil.isNotEmpty(legalCommonName) && MiscUtil.isNotEmpty(legalSourceType) + && MiscUtil.isNotEmpty(legalSourcePin)) { + Logger.debug("Build 'mandateDate' element for legal person ..."); + at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType legalperson = + new at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType(); + at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType legalID = + new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType(); + at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value idvalue = + new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value(); + + legalID.setValue(idvalue ); + legalperson.getIdentification().add(legalID ); + mandator.setCorporateBody(legalperson); + legalperson.setFullName(legalCommonName); + legalID.setType(legalSourceType); + idvalue.setValue(legalSourcePin); + + } else if (MiscUtil.isNotEmpty(natFamilyName) && MiscUtil.isNotEmpty(natGivenName) && MiscUtil.isNotEmpty(natDateOfBirth) + && (MiscUtil.isNotEmpty(natSourcePin) || MiscUtil.isNotEmpty(natbPK))){ + Logger.debug("Build 'mandateDate' element for natural person ..."); + at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType physPerson = + new at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType(); + at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType persName = + new at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType(); + at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName familyName = + new at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName(); + at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType persID = + new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType(); + at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value idValue = + new at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value(); + + physPerson.setName(persName ); + persName.getFamilyName().add(familyName ); + physPerson.getIdentification().add(persID ); + persID.setValue(idValue ); + mandator.setPhysicalPerson(physPerson); + + String[] pvp2GivenName = natGivenName.split(" "); + for(int i=0; i idserverlib - - auth moa-id-commons modules + moa-id-spring-initializer + + auth diff --git a/pom.xml b/pom.xml index a450357d8..ed1c361f8 100644 --- a/pom.xml +++ b/pom.xml @@ -421,6 +421,12 @@ 1.46 + + MOA.id.server + moa-id-spring-initializer + ${moa-id-version} + + MOA moa-common @@ -446,7 +452,7 @@ test test-jar - + MOA.id.server.modules moa-id-module-stork -- cgit v1.2.3 From 74d8c83f76074d2d0df784cb4a305c586a702d25 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 9 Mar 2016 13:41:09 +0100 Subject: move moa-common to moa-id-common, because MOA-SPSS becomes a seperate project --- .../egovernment/moa/util/ex/EgovUtilException.java | 41 - id/oa/pom.xml | 4 +- id/server/idserverlib/pom.xml | 8 +- id/server/moa-id-commons/pom.xml | 297 ++--- .../java/at/gv/egovernment/moa/logging/LogMsg.java | 67 ++ .../java/at/gv/egovernment/moa/logging/Logger.java | 252 ++++ .../gv/egovernment/moa/logging/LoggingContext.java | 70 ++ .../moa/logging/LoggingContextManager.java | 80 ++ .../at/gv/egovernment/moa/util/Base64Utils.java | 153 +++ .../java/at/gv/egovernment/moa/util/BoolUtils.java | 48 + .../gv/egovernment/moa/util/CollectionUtils.java | 60 + .../java/at/gv/egovernment/moa/util/Constants.java | 514 ++++++++ .../java/at/gv/egovernment/moa/util/DOMUtils.java | 1172 +++++++++++++++++++ .../at/gv/egovernment/moa/util/DateTimeUtils.java | 515 ++++++++ .../java/at/gv/egovernment/moa/util/Empty.java | 31 + .../egovernment/moa/util/EntityResolverChain.java | 76 ++ .../java/at/gv/egovernment/moa/util/FileUtils.java | 179 +++ .../at/gv/egovernment/moa/util/KeyStoreUtils.java | 223 ++++ .../gv/egovernment/moa/util/MOADefaultHandler.java | 106 ++ .../gv/egovernment/moa/util/MOAEntityResolver.java | 129 ++ .../gv/egovernment/moa/util/MOAErrorHandler.java | 115 ++ .../java/at/gv/egovernment/moa/util/MOATimer.java | 134 +++ .../gv/egovernment/moa/util/MessageProvider.java | 87 ++ .../java/at/gv/egovernment/moa/util/Messages.java | 141 +++ .../java/at/gv/egovernment/moa/util/MiscUtil.java | 315 +++++ .../egovernment/moa/util/NodeIteratorAdapter.java | 111 ++ .../gv/egovernment/moa/util/NodeListAdapter.java | 68 ++ .../at/gv/egovernment/moa/util/OutputXML2File.java | 102 ++ .../egovernment/moa/util/ResourceBundleChain.java | 90 ++ .../java/at/gv/egovernment/moa/util/SSLUtils.java | 244 ++++ .../egovernment/moa/util/StreamEntityResolver.java | 88 ++ .../at/gv/egovernment/moa/util/StreamUtils.java | 197 ++++ .../at/gv/egovernment/moa/util/StringUtils.java | 178 +++ .../at/gv/egovernment/moa/util/URLDecoder.java | 84 ++ .../at/gv/egovernment/moa/util/URLEncoder.java | 89 ++ .../at/gv/egovernment/moa/util/XPathException.java | 86 ++ .../at/gv/egovernment/moa/util/XPathUtils.java | 557 +++++++++ .../egovernment/moa/util/ex/EgovUtilException.java | 41 + .../properties/common_messages_de.properties | 17 + .../main/resources/resources/schemas/Core-1.2.xsd | 881 ++++++++++++++ .../resources/resources/schemas/Core.20020225.xsd | 399 +++++++ .../resources/resources/schemas/Core.20020831.xsd | 153 +++ .../resources/schemas/ECDSAKeyValue.ancient.xsd | 122 ++ .../resources/schemas/ECDSAKeyValue.wrong.xsd | 122 ++ .../resources/resources/schemas/ECDSAKeyValue.xsd | 122 ++ .../resources/schemas/MOA-ID-Configuration-1.2.xsd | 350 ++++++ .../resources/schemas/MOA-ID-Configuration-1.3.xsd | 424 +++++++ .../schemas/MOA-ID-Configuration-1.4.2.xsd | 616 ++++++++++ .../schemas/MOA-ID-Configuration-1.4.3.xsd | 612 ++++++++++ .../schemas/MOA-ID-Configuration-1.4.7.xsd | 625 ++++++++++ .../resources/schemas/MOA-ID-Configuration-1.4.xsd | 505 ++++++++ .../schemas/MOA-ID-Configuration-1.5.0.xsd | 665 +++++++++++ .../schemas/MOA-ID-Configuration-1.5.1.xsd | 659 +++++++++++ .../schemas/MOA-ID-Configuration-1.5.2.xsd | 757 ++++++++++++ .../resources/resources/schemas/MOA-SPSS-1.3.xsd | 469 ++++++++ .../resources/resources/schemas/MOA-SPSS-1.4.7.xsd | 471 ++++++++ .../resources/resources/schemas/MOA-SPSS-2.0.0.xsd | 572 +++++++++ .../resources/schemas/MOA-SPSS-config-1.3.xsd | 253 ++++ .../resources/schemas/MOA-SPSS-config-1.4.3.xsd | 312 +++++ .../resources/schemas/MOA-SPSS-config-1.4.5.xsd | 268 +++++ .../resources/schemas/MOA-SPSS-config-1.4.7.xsd | 268 +++++ .../resources/schemas/MOA-SPSS-config-1.5.1.xsd | 282 +++++ .../resources/schemas/MOA-SPSS-config-2.0.0.xsd | 353 ++++++ .../resources/resources/schemas/MOAIdentities.xsd | 51 + .../resources/resources/schemas/PersonData.xsd | 426 +++++++ .../resources/schemas/PersonData_20_en_moaWID.xsd | 1229 ++++++++++++++++++++ .../resources/resources/schemas/PersonName-1_2.xsd | 115 ++ .../resources/schemas/PostalAddress-1_2.xsd | 95 ++ .../resources/schemas/TelcomNumber-1_0.xsd | 89 ++ .../resources/resources/schemas/XAdES-1.1.1.xsd | 545 +++++++++ .../resources/resources/schemas/XAdES-1.2.2.xsd | 551 +++++++++ .../resources/resources/schemas/XAdES-1.3.2.xsd | 466 ++++++++ .../resources/resources/schemas/XAdES-1.4.1.xsd | 15 + .../resources/schemas/XMLSchema-instance.xsd | 37 + .../main/resources/resources/schemas/XMLSchema.dtd | 402 +++++++ .../schemas/cs-sstc-schema-assertion-01.xsd | 194 +++ .../schemas/cs-sstc-schema-protocol-01.xsd | 127 ++ .../main/resources/resources/schemas/datatypes.dtd | 203 ++++ .../schemas/exclusive-canonicalization.xsd | 22 + .../schemas/saml-schema-assertion-2.0.xsd | 290 +++++ .../resources/schemas/saml-schema-metadata-2.0.xsd | 323 +++++ .../resources/schemas/saml-schema-protocol-2.0.xsd | 306 +++++ .../schemas/stork-schema-assertion-1.0.xsd | 80 ++ .../schemas/stork-schema-protocol-1.0.xsd | 73 ++ .../ts_102231v030102_additionaltypes_xsd.xsd | 35 + .../resources/schemas/ts_102231v030102_sie_xsd.xsd | 81 ++ .../resources/schemas/ts_102231v030102_xsd.xsd | 331 ++++++ .../ts_119612v010201_additionaltypes_xsd.xsd | 35 + .../resources/schemas/ts_119612v010201_sie_xsd.xsd | 81 ++ .../resources/schemas/ts_119612v010201_xsd.xsd | 337 ++++++ .../resources/resources/schemas/xenc-schema.xsd | 150 +++ .../src/main/resources/resources/schemas/xml.xsd | 83 ++ .../resources/schemas/xmldsig-core-schema.xsd | 264 +++++ .../resources/schemas/xmldsig-filter2.xsd | 38 + .../java/test/at/gv/egovernment/moa/AllTests.java | 62 + .../test/at/gv/egovernment/moa/MOATestCase.java | 99 ++ .../at/gv/egovernment/moa/util/DOMUtilsTest.java | 161 +++ .../gv/egovernment/moa/util/DateTimeUtilsTest.java | 129 ++ .../gv/egovernment/moa/util/KeyStoreUtilsTest.java | 114 ++ .../at/gv/egovernment/moa/util/SSLUtilsTest.java | 181 +++ .../at/gv/egovernment/moa/util/URLDecoderTest.java | 53 + .../at/gv/egovernment/moa/util/URLEncoderTest.java | 67 ++ .../moa/util/XMLGrammarBuilderTest.java | 123 ++ .../at/gv/egovernment/moa/util/XPathUtilsTest.java | 75 ++ .../pom.xml | 4 +- id/server/modules/moa-id-modules-saml1/pom.xml | 4 +- pom.xml | 36 +- spss/pom.xml | 4 +- 108 files changed, 24963 insertions(+), 252 deletions(-) delete mode 100644 common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Empty.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOATimer.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Messages.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StringUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/URLDecoder.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java create mode 100644 id/server/moa-id-commons/src/main/resources/resources/properties/common_messages_de.properties create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/Core-1.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020225.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020831.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/MOAIdentities.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/PersonName-1_2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/PostalAddress-1_2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.1.1.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.2.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema-instance.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema.dtd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/datatypes.dtd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/exclusive-canonicalization.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/xenc-schema.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/xml.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-core-schema.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-filter2.xsd create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java create mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java b/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java deleted file mode 100644 index 733a2a845..000000000 --- a/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2011 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egovernment.moa.util.ex; - -public class EgovUtilException extends Exception { - - /** - * - */ - private static final long serialVersionUID = 1L; - - public EgovUtilException() { - } - - public EgovUtilException(String message) { - super(message); - } - - public EgovUtilException(Throwable cause) { - super(cause); - } - - public EgovUtilException(String message, Throwable cause) { - super(message, cause); - } - -} diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 191eb2be6..981443ef6 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -122,11 +122,11 @@ 0.7.1 - + diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 8cf2603e1..445de36ee 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -98,7 +98,7 @@ --> - + MOA.spss.server moa-spss-lib @@ -289,12 +289,12 @@ unitils-core test - + commons-logging commons-logging diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index d242147f1..90b391b42 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -61,6 +61,47 @@ 0.2 + + iaik.prod + iaik_jce_full + + + iaik.prod + iaik_moa + + + + iaik.prod + iaik_X509TrustManager + + + + joda-time + joda-time + ${jodatime.version} + + + org.slf4j + slf4j-api + + + org.slf4j + jcl-over-slf4j + + + org.slf4j + jul-to-slf4j + + + org.slf4j + slf4j-log4j12 + + + log4j + log4j + + + org.hibernate hibernate-core @@ -78,34 +119,44 @@ - org.apache.commons - commons-lang3 + jaxen + jaxen - - commons-httpclient - commons-httpclient - - - MOA - moa-common - jar + saxpath + saxpath - - - iaik.prod - iaik_X509TrustManager + org.apache.commons + commons-lang3 + + + commons-httpclient + commons-httpclient @@ -125,38 +176,6 @@ jaxb2-basics-runtime 0.11.0 - - mysql @@ -188,11 +207,13 @@ - junit - junit - test + junit + junit + 3.8.2 + test + org.springframework @@ -228,60 +249,8 @@ - install - - - - - - - - - - - - + + install org.apache.maven.plugins maven-compiler-plugin @@ -310,26 +279,6 @@ - true maven-compiler-plugin @@ -375,69 +324,49 @@ - - - - + + + maven-enforcer-plugin + 1.1.1 + + + enforce-banned-dependencies + + enforce + + + + + true + + + org.slf4j:1.5* + org.slf4j:1.6* + + + + + true + + + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java new file mode 100644 index 000000000..51667f010 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.logging; + +/** + * A unified message type to log messages from inside the MOA subsystem. + * + * @author Patrick Peck + * @version $Id$ + */ +public class LogMsg { + /** The message to log. */ + private Object message; + + /** + * Create a LogMsg object. + * + * @param message The actual message to log. May be null. + */ + public LogMsg(Object message) { + this.message = message; + } + + /** + * Convert this log message to a String. + * + * @return The String representation of this log message. + */ + public String toString() { + StringBuffer msg = new StringBuffer(); + LoggingContext ctx = + LoggingContextManager.getInstance().getLoggingContext(); + String tid = ctx != null ? ctx.getTransactionID() : null; + String nodeId = ctx != null ? ctx.getNodeID() : null; + + msg.append("TID="); + msg.append(tid != null ? tid : ""); + msg.append(" NID="); + msg.append(nodeId != null ? nodeId : ""); + msg.append(" MSG="); + msg.append(message != null ? message.toString() : ""); + + return msg.toString(); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java new file mode 100644 index 000000000..3730b36ce --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/Logger.java @@ -0,0 +1,252 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.logging; + +import java.util.HashMap; +import java.util.Map; + +/** + * A utility class acting as a facade to the logging subsystem. + * + * Configure the logging defaultHierarchy that the Logger uses by + * calling setHierarchy once before calling any of the logging + * output functions. + * + * @author Patrick Peck + * @version $Id$ + */ +public class Logger { + + /** + * Set the default hierarchy to which the Logger should send its + * logging output. + * @param hierarchy The logging defaultHierarchy. + */ + public static void setHierarchy(String hierarchy) { + // there is no need for that anymore + } + + + /** The Constant instances. */ + private static final Map instances = new HashMap(); + + /** + * Gets the logger. + * + * @return the logger + */ + private static synchronized org.slf4j.Logger getLogger() { + StackTraceElement[] stacktrace = Thread.currentThread().getStackTrace(); + + int i; + for(i = 2; i < stacktrace.length; i++) + if(!stacktrace[i].getClassName().equals(Logger.class.getName())) + break; + + String className = stacktrace[i].getClassName(); + + org.slf4j.Logger logger = instances.get(className); + if (logger != null) { + return logger; + } + + logger = org.slf4j.LoggerFactory.getLogger(className); + instances.put(className, logger); + + return logger; + } + + /** + * Prepare the message for printing it as string. + *

Mainly introduce because the message might be null. + * + * @param message the message + * @return the string + */ + private static String prepareMessage(Object message) { + if(null == message) + return "no message given"; + return message.toString(); + } + + /** + * Test, if the trace log level is enabled. + * + * @return boolean true, if tracing output is enabled + * false otherwise. + */ + public static boolean isTraceEnabled() { + org.slf4j.Logger logger = getLogger(); + return logger.isTraceEnabled(); + } + + /** + * Test, if the trace log level is enabled for a given hierarchy. + * + * @param hierarchy requested log hierarchy + * @return boolean true, if tracing output is enabled + * false otherwise. + */ + public static boolean isTraceEnabled(String hierarchy) { + org.slf4j.Logger logger = getLogger(); + return logger.isTraceEnabled(); + } + + /** + * Trace a message. + * + * @param message The message to trace. + */ + public static void trace(Object message) { + org.slf4j.Logger logger = getLogger(); + logger.trace(prepareMessage(message)); + } + + /** + * Test, if the debug log level is enabled. + * + * @return boolean true, if debug output is enabled + * false otherwise. + */ + public static boolean isDebugEnabled() { + org.slf4j.Logger logger = getLogger(); + return logger.isDebugEnabled(); + } + + /** + * Test, if the debug log level is enabled for a given hierarchy. + * + * @param hierarchy requested log hierarchy + * @return boolean true, if debug output is enabled + * false otherwise. + */ + public static boolean isDebugEnabled(String hierarchy) { + org.slf4j.Logger logger = getLogger(); + return logger.isDebugEnabled(); + } + + /** + * Log a debug message. + * + * @param message The message to log. + */ + public static void debug(Object message) { + org.slf4j.Logger logger = getLogger(); + logger.debug(prepareMessage(message)); + } + +/** + * Log an info message. + * + * @param message The message to log. + */ + public static void info(Object message) { + org.slf4j.Logger logger = getLogger(); + logger.info(prepareMessage(message)); + } + + /** + * Info. + * + * @param string the string + * @param args the objects + */ + public static void info(String message, Object[] args) { + org.slf4j.Logger logger = getLogger(); + logger.info(prepareMessage(message), args); + } + + /** + * Log a warning message. + * + * @param message The message to log. + */ + public static void warn(Object message) { + org.slf4j.Logger logger = getLogger(); + logger.warn(prepareMessage(message)); + } + + /** + * Log a warning message. + * + * @param message The message to log. + * @param t An exception that may be the cause of the warning. + */ + public static void warn(Object message, Throwable t) { + org.slf4j.Logger logger = getLogger(); + logger.warn(prepareMessage(message), t); + } + + /** + * Log an error message. + * + * @param message The message to log. + */ + public static void error(Object message) { + org.slf4j.Logger logger = getLogger(); + logger.error(prepareMessage(message)); + } + + /** + * Log an error message. + * + * @param message The message to log. + * @param t An exception that may be the cause of the error. + */ + public static void error(Object message, Throwable t) { + org.slf4j.Logger logger = getLogger(); + logger.error(prepareMessage(message), t); + } + + /** + * Log an error message with additional information. + * + * @param message The message to log. + * @param variables The values to substitute {} of the logmessage with. + */ + public static void error(Object message, Object[] variables) { + org.slf4j.Logger logger = getLogger(); + logger.error(prepareMessage(message), variables); + } + + /** + * Log a fatal error message. + * + * @param message The message to log. + */ + public static void fatal(Object message) { + error(message); + } + + /** + * Log a fatal error message. + * + * @param message The message to log. + * @param t An exception that may be the cause of the error. + */ + public static void fatal(Object message, Throwable t) { + error(message, t); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java new file mode 100644 index 000000000..db4b93a0b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java @@ -0,0 +1,70 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.logging; + +/** + * Encapsulates contextual information (i.e. per request information) for + * logging purposes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class LoggingContext { + /** The name of the node ID system property. */ + public static final String NODE_ID_PROPERTY = "moa.node-id"; + + /** The current transaction ID. */ + private String transactionID; + /** The node ID. */ + private String nodeID; + + /** + * Create a new LoggingContext. + * + * @param transactionID The transaction ID. May be null. + */ + public LoggingContext(String transactionID) { + this.transactionID = transactionID; + this.nodeID = System.getProperty(NODE_ID_PROPERTY); + } + + /** + * Return the transaction ID. + * + * @return The transaction ID. + */ + public String getTransactionID() { + return transactionID; + } + + /** + * Return the node ID. + * + * @return The node ID. + */ + public String getNodeID() { + return nodeID; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java new file mode 100644 index 000000000..f0d7b4c07 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java @@ -0,0 +1,80 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.logging; + +/** + * Provides each thread with a single instance of LoggingContext. + * + * @author Patrick Peck + * @version $Id$ + */ +public class LoggingContextManager { + /** The single instance of this class. */ + private static LoggingContextManager instance = null; + + /** The LoggingContext for each thread. */ + private ThreadLocal context; + + /** + * Get the single instance of the LoggingContextManager class. + * + * @return LoggingContextManager The single instance. + */ + public static synchronized LoggingContextManager getInstance() { + if (instance == null) { + instance = new LoggingContextManager(); + } + return instance; + } + + /** + * Creates a new LoggingContextManager. + * + * Protected to disallow direct instantiation. + */ + protected LoggingContextManager() { + context = new ThreadLocal(); + } + + /** + * Set the LoggingContext context for the current thread. + * + * @param ctx The LoggingContext for the current thread. + */ + public void setLoggingContext(LoggingContext ctx) { + context.set(ctx); + } + + /** + * Return the LoggingContext for the current thread. + * + * @return LoggingContext The LoggingContext for the current + * thread, or null if none has been set. + */ + public LoggingContext getLoggingContext() { + return (LoggingContext) context.get(); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java new file mode 100644 index 000000000..66bf50316 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Base64Utils.java @@ -0,0 +1,153 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; + +import iaik.utils.Base64InputStream; +import iaik.utils.Base64OutputStream; + +/** + * Utitility functions for encoding/decoding Base64 strings. + * + * @author Patrick Peck + * @version $Id$ + */ +public class Base64Utils { + + /** + * Read the bytes encoded in a Base64 encoded String. + * + * @param base64String The String containing the Base64 encoded + * bytes. + * @param ignoreInvalidChars Whether to ignore invalid Base64 characters. + * @return byte[] The raw bytes contained in the base64String. + * @throws IOException Failed to read the Base64 data. + */ + public static byte[] decode(String base64String, boolean ignoreInvalidChars, String encoding) + throws IOException { + + Base64InputStream in = + new Base64InputStream( + new ByteArrayInputStream(base64String.getBytes(encoding)), + ignoreInvalidChars); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + byte[] bytes = new byte[256]; + int bytesRead; + + while ((bytesRead = in.read(bytes)) > 0) { + out.write(bytes, 0, bytesRead); + } + in.close(); + + return out.toByteArray(); + } + + public static byte[] decode(String base64String, boolean ignoreInvalidChars) throws IOException { + return decode(base64String, ignoreInvalidChars, "UTF-8"); + } + + /** + * Read the bytes encoded in a Base64 encoded String and provide + * them via an InputStream. + * + * @param base64String The String containing the Base64 encoded + * bytes. + * @param ignoreInvalidChars Whether to ignore invalid Base64 characters. + * @return The InputStream from which the binary content of the + * base64String can be read. + */ + public static InputStream decodeToStream( + String base64String, + boolean ignoreInvalidChars, + String encoding) { + + try { + ByteArrayInputStream bin = + new ByteArrayInputStream(base64String.getBytes(encoding)); + Base64InputStream in = new Base64InputStream(bin, ignoreInvalidChars); + + return in; + } catch (UnsupportedEncodingException e) { + // cannot occur, since UTF-8 is required to be supported by every JRE + return null; + } + } + + public static InputStream decodeToStream( + String base64String, + boolean ignoreInvalidChars) { + return decodeToStream(base64String, ignoreInvalidChars, "UTF-8"); + + } + + /** + * Convert a byte array to a Base64 encoded String. + * + * @param bytes The bytes to encode. + * @return String The Base64 encoded representation of the bytes. + * @throws IOException Failed to write the bytes as Base64 data. + */ + public static String encode(byte[] bytes) throws IOException { + return encode(new ByteArrayInputStream(bytes), "UTF-8"); + } + + public static String encode(byte[] bytes, String encoding) throws IOException { + return encode(new ByteArrayInputStream(bytes), encoding); + } + + public static String encode(InputStream inputStream) throws IOException { + return encode(inputStream, "UTF-8"); + } + /** + * Convert the data contained in the given stream to a Base64 encoded + * String. + * + * @param inputStream The stream containing the data to encode. + * @return The Base64 encoded data of inputStream, as a + * String. + * @throws IOException Failed to convert the data in the stream. + */ + public static String encode(InputStream inputStream, String encoding) throws IOException { + ByteArrayOutputStream byteStream = new ByteArrayOutputStream(); + Base64OutputStream base64Stream = new Base64OutputStream(byteStream, "\n".getBytes()); + byte[] bytes = new byte[256]; + int bytesRead; + + while ((bytesRead = inputStream.read(bytes)) > 0) { + base64Stream.write(bytes, 0, bytesRead); + } + base64Stream.flush(); + base64Stream.close(); + inputStream.close(); + + return byteStream.toString(encoding); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java new file mode 100644 index 000000000..492aca994 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/BoolUtils.java @@ -0,0 +1,48 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +/** + * Utility class for parsing XML schema boolean values. + * + * @author Patrick Peck + * @version $Id$ + */ +public class BoolUtils { + + /** + * Return the boolean value of an xsd:boolean type of DOM + * element/attribute. + * + * @param boolStr The value of the xsd:boolean element/attribute. + * @return true, if boolStr equals + * "true" or "1;". Otherwise, + * false is returned. + */ + public static boolean valueOf(String boolStr) { + return "true".equals(boolStr) || "1".equals(boolStr); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java new file mode 100644 index 000000000..8597e1eec --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/CollectionUtils.java @@ -0,0 +1,60 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.Iterator; +import java.util.List; + +/** + * Various utility methods for dealing with java.util.Collection + * classes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CollectionUtils { + + /** + * Convert a List of Number objects to an + * int array. + * + * @param nums The List containing the numbers whose integer + * value to put into the result. + * @return The int values of the Numbers contained + * in nums. + */ + public static int[] toIntArray(List nums) { + int[] result = new int[nums.size()]; + Iterator iter; + int i; + + for (i = 0, iter = nums.iterator(); iter.hasNext(); i++) { + Number num = (Number) iter.next(); + result[i] = num.intValue(); + } + + return result; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java new file mode 100644 index 000000000..5a5f4edac --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -0,0 +1,514 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.HashMap; + +/** + * Contains various constants used throughout the system. + * + * @author Patrick Peck + * @version $Id$ + */ +public interface Constants { + /** Root location of the schema files. */ + public static final String SCHEMA_ROOT = "/resources/schemas/"; + + /** URI of the Widerrufregister XML namespace. */ + public static final String WRR_NS_URI = + "http://reference.e-government.gv.at/namespace/moavv/20041223"; + + /** Prefix used for the Widerrufregister XML namespace */ + public static final String WRR_PREFIX = "wrr"; + + /** URI of the StandardTextBlock XML namespace. */ + public static final String STB_NS_URI = + "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#"; + + /** Prefix used for the standard text block XML namespace */ + public static final String STB_PREFIX = "stb"; + + /** URI of the MOA XML namespace. */ + public static final String MOA_NS_URI = + "http://reference.e-government.gv.at/namespace/moa/20020822#"; + + /** Name of the mandates infobox */ + public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates"; + + /** Prefix used for the Mandate XML namespace */ + public static final String MD_PREFIX = "md"; + + /** URI of the Mandate XML namespace. */ + public static final String MD_NS_URI = + "http://reference.e-government.gv.at/namespace/mandates/20040701#"; + + /** Prefix used for the Mandate XML namespace */ + public static final String MVV_PREFIX = "mvv"; + + /** URI of the Mandate XML namespace. */ + public static final String MVV_NS_URI = + "http://reference.e-government.gv.at/namespace/moavv/app2mvv/20041125"; + + /** Prefix used for the MandateCheckProfile XML namespace */ + public static final String MDP_PREFIX = "mdp"; + + /** URI of the Mandate XML namespace. */ + public static final String MDP_NS_URI = + "http://reference.e-government.gv.at/namespace/mandateprofile/20041105#"; + + /** Prefix used for the MOA XML namespace */ + public static final String MOA_PREFIX = "moa"; + + /** Local location of the MOA XML schema definition. */ + public static final String MOA_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-SPSS-2.0.0.xsd"; + + /** URI of the MOA configuration XML namespace. */ + public static final String MOA_CONFIG_NS_URI = + "http://reference.e-government.gv.at/namespace/moaconfig/20021122#"; + + /** URI of the MOA ID configuration XML namespace. */ + public static final String MOA_ID_CONFIG_NS_URI = + "http://www.buergerkarte.at/namespaces/moaconfig#"; + + /** Prefix used for the MOA configuration XML namespace */ + public static final String MOA_CONFIG_PREFIX = "conf"; + + /** Prefix used for the MOA configuration XML namespace */ + public static final String MOA_ID_CONFIG_PREFIX = "confID"; + + /** Local location of the MOA configuration XML schema definition. */ + public static final String MOA_CONFIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-SPSS-config-2.0.0.xsd"; + + /** Local location of the MOA ID configuration XML schema definition. */ + public static final String MOA_ID_CONFIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOA-ID-Configuration-1.5.2.xsd"; + + /** URI of the Security Layer 1.0 namespace. */ + public static final String SL10_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/20020225#"; + + /** Prefix used for the Security Layer 1.0 XML namespace */ + public static final String SL10_PREFIX = "sl10"; + + /** Local location of the Security Layer 1.0 XML schema definition */ + public static final String SL10_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core.20020225.xsd"; + + /** URI of the Security Layer 1.1 XML namespace */ + public static final String SL11_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/20020831#"; + + /** Prefix used for the Security Layer 1.1 XML namespace */ + public static final String SL11_PREFIX = "sl11"; + + /** Local location of the Security Layer 1.1 XML schema definition */ + public static final String SL11_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core.20020831.xsd"; + + /** URI of the Security Layer 1.2 XML namespace */ + public static final String SL12_NS_URI = + "http://www.buergerkarte.at/namespaces/securitylayer/1.2#"; + + /** Prefix used for the Security Layer 1.2 XML namespace */ + public static final String SL12_PREFIX = "sl"; + + /** Local location of the Security Layer 1.2 XML schema definition */ + public static final String SL12_SCHEMA_LOCATION = + SCHEMA_ROOT + "Core-1.2.xsd"; + + /** URI of the ECDSA XML namespace */ + public static final String ECDSA_NS_URI = + "http://www.w3.org/2001/04/xmldsig-more#"; + + /** Prefix used for ECDSA namespace */ + public static final String ECDSA_PREFIX = "ecdsa"; + + /** Local location of ECDSA XML schema definition */ + public static final String ECDSA_SCHEMA_LOCATION = + SCHEMA_ROOT + "ECDSAKeyValue.xsd"; + + /** URI of the PersonData XML namespace. */ + public static final String PD_NS_URI = + "http://reference.e-government.gv.at/namespace/persondata/20020228#"; + + /** Prefix used for the PersonData XML namespace */ + public static final String PD_PREFIX = "pr"; + +// /** Local location of the PersonData XML schema definition */ +// public static final String PD_SCHEMA_LOCATION = +// SCHEMA_ROOT + "PersonData.xsd"; + + /** Local location of the PersonData XML schema definition */ + public static final String PD_SCHEMA_LOCATION = + SCHEMA_ROOT + "PersonData_20_en_moaWID.xsd"; + + /** URI of the SAML namespace. */ + public static final String SAML_NS_URI = + "urn:oasis:names:tc:SAML:1.0:assertion"; + + /** Prefix used for the SAML XML namespace */ + public static final String SAML_PREFIX = "saml"; + + /** Local location of the SAML XML schema definition. */ + public static final String SAML_SCHEMA_LOCATION = + SCHEMA_ROOT + "cs-sstc-schema-assertion-01.xsd"; + + /** URI of the SAML request-response protocol namespace. */ + public static final String SAMLP_NS_URI = + "urn:oasis:names:tc:SAML:1.0:protocol"; + + /** Prefix used for the SAML request-response protocol namespace */ + public static final String SAMLP_PREFIX = "samlp"; + + /** Local location of the SAML request-response protocol schema definition. */ + public static final String SAMLP_SCHEMA_LOCATION = + SCHEMA_ROOT + "cs-sstc-schema-protocol-01.xsd"; + + /** URI of the XML namespace. */ + public static final String XML_NS_URI = + "http://www.w3.org/XML/1998/namespace"; + + /** Prefix used for the XML namespace */ + public static final String XML_PREFIX = "xml"; + + /** Local location of the XML schema definition. */ + public static final String XML_SCHEMA_LOCATION = SCHEMA_ROOT + "xml.xsd"; + + /** URI of the XMLNS namespace */ + public static final String XMLNS_NS_URI = "http://www.w3.org/2000/xmlns/"; + + /** Prefix used for the XSI namespace */ + public static final String XSI_PREFIX = "xsi"; + + /** Local location of the XSI schema definition. */ + public static final String XSI_SCHEMA_LOCATION = + SCHEMA_ROOT + "XMLSchema-instance.xsd"; + + /** URI of the XSI XMLNS namespace */ + public static final String XSI_NS_URI = + "http://www.w3.org/2001/XMLSchema-instance"; + + /** URI of the XSLT XML namespace */ + public static final String XSLT_NS_URI = + "http://www.w3.org/1999/XSL/Transform"; + + /** Prefix used for the XSLT XML namespace */ + public static final String XSLT_PREFIX = "xsl"; + + /** URI of the XMLDSig XML namespace. */ + public static final String DSIG_NS_URI = "http://www.w3.org/2000/09/xmldsig#"; + + /** Prefix used for the XMLDSig XML namespace */ + public static final String DSIG_PREFIX = "dsig"; + + /** Local location of the XMLDSig XML schema. */ + public static final String DSIG_SCHEMA_LOCATION = + SCHEMA_ROOT + "xmldsig-core-schema.xsd"; + + /** URI of the XMLDSig XPath Filter XML namespace. */ + public static final String DSIG_FILTER2_NS_URI = + "http://www.w3.org/2002/06/xmldsig-filter2"; + + /** Prefix used for the XMLDSig XPath Filter XML namespace */ + public static final String DSIG_FILTER2_PREFIX = "dsig-filter2"; + + /** Local location of the XMLDSig XPath Filter XML schema definition. */ + public static final String DSIG_FILTER2_SCHEMA_LOCATION = + SCHEMA_ROOT + "xmldsig-filter2.xsd"; + + /** URI of the Exclusive Canonicalization XML namespace */ + public static final String DSIG_EC_NS_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#"; + + /** Prefix used for the Exclusive Canonicalization XML namespace */ + public static final String DSIG_EC_PREFIX = "ec"; + + /** Local location of the Exclusive Canonicalizaion XML schema definition */ + public static final String DSIG_EC_SCHEMA_LOCATION = + SCHEMA_ROOT + "exclusive-canonicalization.xsd"; + + /** URI of the XMLLoginParameterResolver Configuration XML namespace */ + public static final String XMLLPR_NS_URI="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814"; + + /** Local location of the XMLLoginParameterResolver Configuration XML schema definition */ + public static final String XMLLPR_SCHEMA_LOCATION = + SCHEMA_ROOT + "MOAIdentities.xsd"; + + /** Local location of the XAdES v1.1.1 schema definition */ + public static final String XADES_1_1_1_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.1.1.xsd"; + + /** URI of the XAdES v1.1.1 namespace */ + public static final String XADES_1_1_1_NS_URI = "http://uri.etsi.org/01903/v1.1.1#"; + + public static final String XADES_1_1_1_NS_PREFIX = "xades111"; + + /** Local location of the XAdES v1.2.2 schema definition */ + public static final String XADES_1_2_2_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.2.2.xsd"; + + /** URI of the XAdES v1.2.2 namespace */ + public static final String XADES_1_2_2_NS_URI = "http://uri.etsi.org/01903/v1.2.2#"; + + public static final String XADES_1_2_2_NS_PREFIX = "xades122"; + + /** Local location of the XAdES v1.1.1 schema definition */ + public static final String XADES_1_3_2_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.3.2.xsd"; + + /** URI of the XAdES v1.3.2 namespace */ + public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#"; + + public static final String XADES_1_3_2_NS_PREFIX = "xades132"; + + /** Local location of the XAdES v1.4.1 schema definition */ + public static final String XADES_1_4_1_SCHEMA_LOCATION = + SCHEMA_ROOT + "XAdES-1.4.1.xsd"; + + /** URI of the XAdES v1.4.1 namespace */ + public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; + + public static final String XADES_1_4_1_NS_PREFIX = "xades141"; + /** URI of the SAML 2.0 namespace. */ + public static final String SAML2_NS_URI = + "urn:oasis:names:tc:SAML:2.0:assertion"; + + /** Prefix used for the SAML 2.0 XML namespace */ + public static final String SAML2_PREFIX = "saml2"; + + /** Local location of the SAML 2.0 XML schema definition. */ + public static final String SAML2_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-assertion-2.0.xsd"; + + /** URI of the SAML 2.0 protocol namespace. */ + public static final String SAML2P_NS_URI = + "urn:oasis:names:tc:SAML:2.0:protocol"; + + /** Prefix used for the SAML 2.0 protocol XML namespace */ + public static final String SAML2P_PREFIX = "saml2p"; + + /** Local location of the SAML 2.0 protocol XML schema definition. */ + public static final String SAML2P_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-protocol-2.0.xsd"; + + /** URI of the STORK namespace. */ + public static final String STORK_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:assertion"; + + /** Prefix used for the STORK XML namespace */ + public static final String STORK_PREFIX = "stork"; + + /** Local location of the STORK XML schema definition. */ + public static final String STORK_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-assertion-1.0.xsd"; + + /** URI of the STORK protocol namespace. */ + public static final String STORKP_NS_URI = + "urn:eu:stork:names:tc:STORK:1.0:protocol"; + + /** Prefix used for the STORK protocol XML namespace */ + public static final String STORKP_PREFIX = "storkp"; + + /** Local location of the STORK protocol XML schema definition. */ + public static final String STORKP_SCHEMA_LOCATION = + SCHEMA_ROOT + "stork-schema-protocol-1.0.xsd"; + + /** URI of the TSL namespace. */ + public static final String TSL_NS_URI = + "http://uri.etsi.org/02231/v2#"; + + /** Prefix used for the TSL namespace */ + public static final String TSL_PREFIX = "tsl1"; + + /** Local location of the TSL schema definition. */ + public static final String TSL_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_119612v010201_xsd.xsd"; + + /** URI of the TSL SIE namespace. */ + public static final String TSL_SIE_NS_URI = + "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#"; + + /** Prefix used for the TSL SIE namespace */ + public static final String TSL_SIE_PREFIX = "tslsie"; + + /** Local location of the TSL SIE schema definition. */ + public static final String TSL_SIE_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_119612v010201_sie_xsd.xsd"; + + /** URI of the TSL additional types namespace. */ + public static final String TSL_ADDTYPES_NS_URI = + "http://uri.etsi.org/02231/v2/additionaltypes#"; + + /** Prefix used for the TSL additional types namespace */ + public static final String TSL_ADDTYPES_PREFIX = "tsltype"; + + /** Local location of the TSL additional types schema definition. */ + public static final String TSL_ADDTYPES_SCHEMA_LOCATION = + SCHEMA_ROOT + "ts_ts_119612v010201_additionaltypes_xsd.xsd"; + + /** URI of the XML Encryption namespace. */ + public static final String XENC_NS_URI = + "http://www.w3.org/2001/04/xmlenc#"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String XENC_PREFIX = "xenc"; + + /** Local location of the XML Encryption XML schema definition. */ + public static final String XENC_SCHEMA_LOCATION = + SCHEMA_ROOT + "xenc-schema.xsd"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String SAML2_METADATA_PREFIX = "md"; + + /** Prefix used for the XML Encryption XML namespace */ + public static final String SAML2_METADATA_URI = "urn:oasis:names:tc:SAML:2.0:metadata"; + + /** Local location of the XML Encryption XML schema definition. */ + public static final String SAML2_METADATA_SCHEMA_LOCATION = + SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd"; + + /** + * Contains all namespaces and local schema locations for XML schema + * definitions relevant for MOA. For use in validating XML parsers. + */ + public static final String ALL_SCHEMA_LOCATIONS = + (MOA_NS_URI + " " + MOA_SCHEMA_LOCATION + " ") + + (MOA_CONFIG_NS_URI + " " + MOA_CONFIG_SCHEMA_LOCATION + " ") + + (MOA_ID_CONFIG_NS_URI + " " + MOA_ID_CONFIG_SCHEMA_LOCATION + " ") + + (SL10_NS_URI + " " + SL10_SCHEMA_LOCATION + " ") + + (SL11_NS_URI + " " + SL11_SCHEMA_LOCATION + " ") + + (SL12_NS_URI + " " + SL12_SCHEMA_LOCATION + " ") + + (ECDSA_NS_URI + " " + ECDSA_SCHEMA_LOCATION + " ") + + (PD_NS_URI + " " + PD_SCHEMA_LOCATION + " ") + + (SAML_NS_URI + " " + SAML_SCHEMA_LOCATION + " ") + + (SAMLP_NS_URI + " " + SAMLP_SCHEMA_LOCATION + " ") + + (XML_NS_URI + " " + XML_SCHEMA_LOCATION + " ") + + (XSI_NS_URI + " " + XSI_SCHEMA_LOCATION + " ") + + (DSIG_NS_URI + " " + DSIG_SCHEMA_LOCATION + " ") + + (DSIG_FILTER2_NS_URI + " " + DSIG_FILTER2_SCHEMA_LOCATION + " ") + + (DSIG_EC_NS_URI + " " + DSIG_EC_SCHEMA_LOCATION + " ") + + (XMLLPR_NS_URI + " " + XMLLPR_SCHEMA_LOCATION + " ") + + (XADES_1_1_1_NS_URI + " " + XADES_1_1_1_SCHEMA_LOCATION + " ") + + (XADES_1_2_2_NS_URI + " " + XADES_1_2_2_SCHEMA_LOCATION + " ") + + (XADES_1_3_2_NS_URI + " " + XADES_1_3_2_SCHEMA_LOCATION + " ") + + (XADES_1_4_1_NS_URI + " " + XADES_1_4_1_SCHEMA_LOCATION + " ") + + (TSL_NS_URI + " " + TSL_SCHEMA_LOCATION + " ") + + (TSL_SIE_NS_URI + " " + TSL_SIE_SCHEMA_LOCATION + " ") + + (TSL_ADDTYPES_NS_URI + " " + TSL_ADDTYPES_SCHEMA_LOCATION + " ") + + (SAML2_NS_URI + " " + SAML2_SCHEMA_LOCATION + " ") + + (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ") + + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ") + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION); + + /** URN prefix for bPK and wbPK. */ + public static final String URN_PREFIX = "urn:publicid:gv.at"; + + /** URN prefix for context dependent id. */ + public static final String URN_PREFIX_CDID = URN_PREFIX + ":cdid"; + + /** URN prefix for context dependent id (bPK). */ + public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "+bpk"; + + /** URN prefix for context dependent id (HPI). */ + public static final String URN_PREFIX_HPI = URN_PREFIX_CDID + "+EHSP"; + + /** URN prefix for context dependent id (wbPK). */ + public static final String URN_PREFIX_WBPK = URN_PREFIX + ":wbpk"; + + /** URN prefix for context dependent id (stork). */ + public static final String URN_PREFIX_STORK = URN_PREFIX + ":storkid"; + + //TODO: update to eIDAS prefix + /** URN prefix for context dependent id (eIDAS). */ + public static final String URN_PREFIX_EIDAS = URN_PREFIX + ":storkid"; + + /** URN prefix for context dependent id. */ + public static final String URN_PREFIX_BASEID = URN_PREFIX + ":baseid"; + + /** Security Layer manifest type URI. */ + public static final String SL_MANIFEST_TYPE_URI = + "http://www.buergerkarte.at/specifications/Security-Layer/20020225#SignatureManifest"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA1_URI = + "http://www.w3.org/2000/09/xmldsig#sha1"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA256_URI = + "http://www.w3.org/2000/09/xmldsig#sha256"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA384_URI = + "http://www.w3.org/2000/09/xmldsig#sha384"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA512_URI = + "http://www.w3.org/2000/09/xmldsig#sha512"; + + /** URI of the Canonical XML algorithm */ + public static final String C14N_URI = + "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; + + /** URI of the Canoncial XML with comments algorithm */ + public static final String C14N_WITH_COMMENTS_URI = + "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; + + /** URI of the Exclusive Canonical XML algorithm */ + public static final String EXC_C14N_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#"; + + /** URI of the Exclusive Canonical XML with commments algorithm */ + public static final String EXC_C14N_WITH_COMMENTS_URI = + "http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; + + // + // Local names for elements of the MOA SPSS schema + // + + /** + * Local name of request for creating an XML signature. + */ + public static final String MOA_SPSS_CREATE_XML_REQUEST = "CreateXMLSignatureRequest"; + + /** + * Local name of request for creating a CMS signature. + */ + public static final String MOA_SPSS_CREATE_CMS_REQUEST = "CreateCMSSignatureRequest"; + + /** + * Local name of request for verifying an XML signature. + */ + public static final String MOA_SPSS_VERIFY_XML_REQUEST = "VerifiyXMLSignatureRequest"; + + /** + * A map used to map namespace prefixes to namespace URIs + */ + public static HashMap nSMap = new HashMap(5); + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java new file mode 100644 index 000000000..0a07fc4a7 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -0,0 +1,1172 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.Vector; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.xerces.parsers.DOMParser; +import org.apache.xerces.parsers.SAXParser; +import org.apache.xerces.parsers.XMLGrammarPreparser; +import org.apache.xerces.util.SymbolTable; +import org.apache.xerces.util.XMLGrammarPoolImpl; +import org.apache.xerces.xni.grammars.XMLGrammarDescription; +import org.apache.xerces.xni.grammars.XMLGrammarPool; +import org.apache.xerces.xni.parser.XMLInputSource; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.EntityResolver; +import org.xml.sax.ErrorHandler; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * Various utility functions for handling XML DOM trees. + * + * The parsing methods in this class make use of some features internal to the + * Xerces DOM parser, mainly for performance reasons. As soon as JAXP + * (currently at version 1.2) is better at schema handling, it should be used as + * the parser interface. + * + * @author Patrick Peck + * @version $Id$ + */ +public class DOMUtils { + + /** Feature URI for namespace aware parsing. */ + private static final String NAMESPACES_FEATURE = + "http://xml.org/sax/features/namespaces"; + /** Feature URI for validating parsing. */ + private static final String VALIDATION_FEATURE = + "http://xml.org/sax/features/validation"; + /** Feature URI for schema validating parsing. */ + private static final String SCHEMA_VALIDATION_FEATURE = + "http://apache.org/xml/features/validation/schema"; + /** Feature URI for normalization of element/attribute values. */ + private static final String NORMALIZED_VALUE_FEATURE = + "http://apache.org/xml/features/validation/schema/normalized-value"; + /** Feature URI for parsing ignorable whitespace. */ + private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE = + "http://apache.org/xml/features/dom/include-ignorable-whitespace"; + /** Feature URI for creating EntityReference nodes in the DOM tree. */ + private static final String CREATE_ENTITY_REF_NODES_FEATURE = + "http://apache.org/xml/features/dom/create-entity-ref-nodes"; + /** Property URI for providing external schema locations. */ + private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY = + "http://apache.org/xml/properties/schema/external-schemaLocation"; + /** Property URI for providing the external schema location for elements + * without a namespace. */ + private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY = + "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation"; + + private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-general-entities"; + + private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-parameter-entities"; + + private static final String DISALLOW_DOCTYPE_FEATURE = + "http://apache.org/xml/features/disallow-doctype-decl"; + + + + /** Property URI for the Xerces grammar pool. */ + private static final String GRAMMAR_POOL = + org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX + + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY; + /** A prime number for initializing the symbol table. */ + private static final int BIG_PRIME = 2039; + /** Symbol table for the grammar pool. */ + private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME); + /** Xerces schema grammar pool. */ + private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl(); + /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple + * entries of same grammars to the pool */ + private static Set grammarNamespaces; + + static { + grammarPool.lockPool(); + grammarNamespaces = new HashSet(); + } + + /** + * Preparse a schema and add it to the schema pool. + * The method only adds the schema to the pool if a schema having the same + * systemId (namespace URI) is not already present in the pool. + * + * @param inputStream An InputStream providing the contents of + * the schema. + * @param systemId The systemId (namespace URI) to use for the schema. + * @throws IOException An error occurred reading the schema. + */ + public static void addSchemaToPool(InputStream inputStream, String systemId) + throws IOException { + XMLGrammarPreparser preparser; + + if (!grammarNamespaces.contains(systemId)) { + + grammarNamespaces.add(systemId); + + // unlock the pool so that we can add another grammar + grammarPool.unlockPool(); + + // prepare the preparser + preparser = new XMLGrammarPreparser(symbolTable); + preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null); + preparser.setProperty(GRAMMAR_POOL, grammarPool); + preparser.setFeature(NAMESPACES_FEATURE, true); + preparser.setFeature(VALIDATION_FEATURE, true); + + // add the grammar to the pool + preparser.preparseGrammar( + XMLGrammarDescription.XML_SCHEMA, + new XMLInputSource(null, systemId, null, inputStream, null)); + + // lock the pool again so that schemas are not added automatically + grammarPool.lockPool(); + } + } + + /** + * Parse an XML document from an InputStream. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @param entityResolver An EntityResolver to resolve external + * entities (schemas and DTDs). If null, it will not be set. + * @param errorHandler An ErrorHandler to decide what to do + * with parsing errors. If null, it will not be set. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + InputStream inputStream, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + EntityResolver entityResolver, + ErrorHandler errorHandler) + throws SAXException, IOException, ParserConfigurationException { + + DOMParser parser; + +// class MyEntityResolver implements EntityResolver { +// +// public InputSource resolveEntity(String publicId, String systemId) +// throws SAXException, IOException { +// return new InputSource(new ByteArrayInputStream(new byte[0])); +// } +// } + + + //if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException + byte buffer [] = null; + ByteArrayInputStream baStream = null; + if(true == Logger.isDebugEnabled()) { + int len = inputStream.available(); + buffer = new byte[len]; + inputStream.read(buffer); + baStream = new ByteArrayInputStream(buffer); + } + + // create the DOM parser + if (symbolTable != null) { + parser = new DOMParser(symbolTable, grammarPool); + } else { + parser = new DOMParser(); + } + + // set parser features and properties + try { + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, validating); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating); + parser.setFeature(NORMALIZED_VALUE_FEATURE, false); + parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); + parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + + //fix XXE problem + parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + + + if (validating) { + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + externalNoNamespaceSchemaLocation); + } + } + + // set entity resolver and error handler + if (entityResolver != null) { + parser.setEntityResolver(entityResolver); + } + if (errorHandler != null) { + parser.setErrorHandler(errorHandler); + } + + // parse the document and return it + // if debug is enabled: use copy of strem (baStream) else use orig stream + if(null != baStream) + parser.parse(new InputSource(baStream)); + else + parser.parse(new InputSource(inputStream)); + } catch(SAXException e) { + if(true == Logger.isDebugEnabled() && null != buffer) { + String xmlContent = new String(buffer); + Logger.debug("SAXException in:\n" + xmlContent); + } + throw(e); + } + + return parser.getDocument(); + } + + /** + * Parse an XML document from an InputStream. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @param entityResolver An EntityResolver to resolve external + * entities (schemas and DTDs). If null, it will not be set. + * @param errorHandler An ErrorHandler to decide what to do + * with parsing errors. If null, it will not be set. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocumentSimple(InputStream inputStream) + throws SAXException, IOException, ParserConfigurationException { + + DOMParser parser; + + parser = new DOMParser(); + // set parser features and properties + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, false); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, false); + parser.setFeature(NORMALIZED_VALUE_FEATURE, false); + parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); + parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); + + parser.parse(new InputSource(inputStream)); + + return parser.getDocument(); + } + + + /** + * Parse an XML document from an InputStream. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param inputStream The InputStream containing the XML + * document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + InputStream inputStream, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws SAXException, IOException, ParserConfigurationException { + + + + return parseDocument( + inputStream, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + new MOAEntityResolver(), + new MOAErrorHandler()); + } + + /** + * Parse an XML document from a String. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param xmlString The String containing the XML document. + * @param encoding The encoding of the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + String encoding, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws SAXException, IOException, ParserConfigurationException { + + InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); + return parseDocument( + in, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation); + } + + /** + * Parse an UTF-8 encoded XML document from a String. + * + * @param xmlString The String containing the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws SAXException, IOException, ParserConfigurationException { + + return parseDocument( + xmlString, + "UTF-8", + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation); + } + + /** + * A convenience method to parse an XML document validating. + * + * @param inputStream The InputStream containing the XML + * document. + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlValidating(InputStream inputStream) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .getDocumentElement(); + } + + /** + * A convenience method to parse an XML document non validating. + * + * @param inputStream The InputStream containing the XML + * document. + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlNonValidating(InputStream inputStream) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null) + .getDocumentElement(); + } + + /** + * Schema validate a given DOM element. + * + * @param element The element to validate. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return true, if the element validates against + * the schemas declared in it. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document from its + * serialized representation. + * @throws ParserConfigurationException An error occurred configuring the XML + * @throws TransformerException An error occurred serializing the element. + */ + public static boolean validateElement( + Element element, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation) + throws + ParserConfigurationException, + IOException, + SAXException, + TransformerException { + + byte[] docBytes; + SAXParser parser; + + // create the SAX parser + if (symbolTable != null) { + parser = new SAXParser(symbolTable, grammarPool); + } else { + parser = new SAXParser(); + } + + // serialize the document + docBytes = serializeNode(element, "UTF-8"); + + // set up parser features and attributes + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, true); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true); + + + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + "externalNoNamespaceSchemaLocation"); + } + + // set up entity resolver and error handler + parser.setEntityResolver(new MOAEntityResolver()); + parser.setErrorHandler(new MOAErrorHandler()); + + // parse validating + parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); + return true; + } + + + /** + * Schema validate a given DOM element. + * + * @param element The element to validate. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return true, if the element validates against + * the schemas declared in it. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document from its + * serialized representation. + * @throws ParserConfigurationException An error occurred configuring the XML + * @throws TransformerException An error occurred serializing the element. + */ + public static boolean validateElement( + Element element, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + EntityResolver entityResolver) + throws + ParserConfigurationException, + IOException, + SAXException, + TransformerException { + + byte[] docBytes; + SAXParser parser; + + // create the SAX parser + if (symbolTable != null) { + parser = new SAXParser(symbolTable, grammarPool); + } else { + parser = new SAXParser(); + } + + // serialize the document + docBytes = serializeNode(element, "UTF-8"); + + // set up parser features and attributes + parser.setFeature(NAMESPACES_FEATURE, true); + parser.setFeature(VALIDATION_FEATURE, true); + parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + + if (externalSchemaLocations != null) { + parser.setProperty( + EXTERNAL_SCHEMA_LOCATION_PROPERTY, + externalSchemaLocations); + } + if (externalNoNamespaceSchemaLocation != null) { + parser.setProperty( + EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY, + "externalNoNamespaceSchemaLocation"); + } + + // set up entity resolver and error handler + parser.setEntityResolver(entityResolver); + parser.setErrorHandler(new MOAErrorHandler()); + + // parse validating + parser.parse(new InputSource(new ByteArrayInputStream(docBytes))); + return true; + } + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", false), "UTF-8"); + } + + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node, boolean omitXmlDeclaration) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8"); + } + + /** + * Serialize the given DOM node. + * + * The node will be serialized using the UTF-8 encoding. + * + * @param node The node to serialize. + * @param omitXmlDeclaration The boolean value for omitting the XML Declaration. + * @param lineSeperator Sets the line seperator String of the parser + * @return String The String representation of the given DOM + * node. + * @throws TransformerException An error occurred transforming the + * node to a String. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator) + throws TransformerException, IOException { + return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8"); + } + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding) + throws TransformerException, IOException { + return serializeNode(node, xmlEncoding, false); + } + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @param omitDeclaration The boolean value for omitting the XML Declaration. + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration) + throws TransformerException, IOException { + return serializeNode(node, xmlEncoding, omitDeclaration, null); + } + + + /** + * Serialize the given DOM node to a byte array. + * + * @param node The node to serialize. + * @param xmlEncoding The XML encoding to use. + * @param omitDeclaration The boolean value for omitting the XML Declaration. + * @param lineSeperator Sets the line seperator String of the parser + * @return The serialized node, as a byte array. Using a compatible encoding + * this can easily be converted into a String. + * @throws TransformerException An error occurred transforming the node to a + * byte array. + * @throws IOException An IO error occurred writing the node to a byte array. + */ + public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator) + throws TransformerException, IOException { + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + ByteArrayOutputStream bos = new ByteArrayOutputStream(16384); + + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding); + String omit = omitDeclaration ? "yes" : "no"; + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit); + if (null!=lineSeperator) { + transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1 + } + transformer.transform(new DOMSource(node), new StreamResult(bos)); + + bos.flush(); + bos.close(); + + return bos.toByteArray(); + } + + /** + * Return the text that a node contains. + * + * This routine: + *

    + *
  • Ignores comments and processing instructions.
    • + *
  • Concatenates TEXT nodes, CDATA nodes, and the results recursively + * processing EntityRef nodes.
    • + *
  • Ignores any element nodes in the sublist. (Other possible options are + * to recurse into element sublists or throw an exception.)
    • + *
+ * + * @param node A DOM node from which to extract text. + * @return A String representing its contents. + */ + public static String getText(Node node) { + if (!node.hasChildNodes()) { + return ""; + } + + StringBuffer result = new StringBuffer(); + NodeList list = node.getChildNodes(); + + for (int i = 0; i < list.getLength(); i++) { + Node subnode = list.item(i); + if (subnode.getNodeType() == Node.TEXT_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) { + result.append(subnode.getNodeValue()); + } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) { + // Recurse into the subtree for text + // (and ignore comments) + result.append(getText(subnode)); + } + } + return result.toString(); + } + + /** + * Build the namespace prefix to namespace URL mapping in effect for a given + * node. + * + * @param node The context node for which build the map. + * @return The namespace prefix to namespace URL mapping ( + * a String value to String value mapping). + */ + public static Map getNamespaceDeclarations(Node node) { + Map nsDecls = new HashMap(); + int i; + + do { + if (node.hasAttributes()) { + NamedNodeMap attrs = node.getAttributes(); + + for (i = 0; i < attrs.getLength(); i++) { + Attr attr = (Attr) attrs.item(i); + + // add prefix mapping if none exists + if ("xmlns".equals(attr.getPrefix()) + || "xmlns".equals(attr.getName())) { + + String nsPrefix = + attr.getPrefix() != null ? attr.getLocalName() : ""; + + if (nsDecls.get(nsPrefix) == null) { + nsDecls.put(nsPrefix, attr.getValue()); + } + } + } + } + } while ((node = node.getParentNode()) != null); + + return nsDecls; + } + + /** + * Add all namespace declarations declared in the parent(s) of a given + * element and used in the subtree of the given element to the given element. + * + * @param context The element to which to add the namespaces. + */ + public static void localizeNamespaceDeclarations(Element context) { + Node parent = context.getParentNode(); + + if (parent != null) { + Map namespaces = getNamespaceDeclarations(context.getParentNode()); + Set nsUris = collectNamespaceURIs(context); + Iterator iter; + + for (iter = namespaces.entrySet().iterator(); iter.hasNext();) { + Map.Entry e = (Map.Entry) iter.next(); + + if (nsUris.contains(e.getValue())) { + String prefix = (String) e.getKey(); + String nsUri = (String) e.getValue(); + String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix; + + context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri); + } + } + } + } + + /** + * Collect all the namespace URIs used in the subtree of a given element. + * + * @param context The element that should be searched for namespace URIs. + * @return All namespace URIs used in the subtree of context, + * including the ones used in context itself. + */ + public static Set collectNamespaceURIs(Element context) { + Set result = new HashSet(); + + collectNamespaceURIsImpl(context, result); + return result; + } + + /** + * A recursive method to do the work of collectNamespaceURIs. + * + * @param context The context element to evaluate. + * @param result The result, passed as a parameter to avoid unnecessary + * instantiations of Set. + */ + private static void collectNamespaceURIsImpl(Element context, Set result) { + NamedNodeMap attrs = context.getAttributes(); + NodeList childNodes = context.getChildNodes(); + String nsUri; + int i; + + // add the namespace of the context element + nsUri = context.getNamespaceURI(); + if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) { + result.add(nsUri); + } + + // add all namespace URIs from attributes + for (i = 0; i < attrs.getLength(); i++) { + nsUri = attrs.item(i).getNamespaceURI(); + if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) { + result.add(nsUri); + } + } + + // add all namespaces from subelements + for (i = 0; i < childNodes.getLength(); i++) { + Node node = childNodes.item(i); + + if (node.getNodeType() == Node.ELEMENT_NODE) { + collectNamespaceURIsImpl((Element) node, result); + } + } + } + + /** + * Check, that each attribute node in the given NodeList has its + * parent in the NodeList as well. + * + * @param nodes The NodeList to check. + * @return true, if each attribute node in nodes + * has its parent in nodes as well. + */ + public static boolean checkAttributeParentsInNodeList(NodeList nodes) { + Set nodeSet = new HashSet(); + int i; + + // put the nodes into the nodeSet + for (i = 0; i < nodes.getLength(); i++) { + nodeSet.add(nodes.item(i)); + } + + // check that each attribute node's parent is in the node list + for (i = 0; i < nodes.getLength(); i++) { + Node n = nodes.item(i); + + if (n.getNodeType() == Node.ATTRIBUTE_NODE) { + Attr attr = (Attr) n; + Element owner = attr.getOwnerElement(); + + if (owner == null) { + if (!isNamespaceDeclaration(attr)) { + return false; + } + } + + if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) { + return false; + } + } + } + + return true; + } + + /** + * Convert an unstructured NodeList into a + * DocumentFragment. + * + * @param nodeList Contains the node list to be converted into a DOM + * DocumentFragment. + * @return the resulting DocumentFragment. The DocumentFragment will be + * backed by a new DOM Document, i.e. all noded of the node list will be + * cloned. + * @throws ParserConfigurationException An error occurred creating the + * DocumentFragment. + * @precondition The nodes in the node list appear in document order + * @precondition for each Attr node in the node list, the owning Element is + * in the node list as well. + * @precondition each Element or Attr node in the node list is namespace + * aware. + */ + public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList) + throws ParserConfigurationException { + + DocumentBuilder builder = + DocumentBuilderFactory.newInstance().newDocumentBuilder(); + Document doc = builder.newDocument(); + DocumentFragment result = doc.createDocumentFragment(); + + if (null == nodeList || nodeList.getLength() == 0) { + return result; + } + + int currPos = 0; + currPos = + nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; + + while (currPos < nodeList.getLength()) { + currPos = + nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1; + } + return result; + } + + /** + * Helper method for the nodeList2DocumentFragment. + * + * @param nodeList The NodeList to convert. + * @param currPos The current position in the nodeList. + * @param result The resulting DocumentFragment. + * @param currOrgElem The current original element. + * @param currClonedElem The current cloned element. + * @return The current position. + */ + private static int nodeList2DocumentFragment( + NodeList nodeList, + int currPos, + DocumentFragment result, + Element currOrgElem, + Element currClonedElem) { + + while (currPos < nodeList.getLength()) { + Node currentNode = nodeList.item(currPos); + switch (currentNode.getNodeType()) { + case Node.COMMENT_NODE : + case Node.PROCESSING_INSTRUCTION_NODE : + case Node.TEXT_NODE : + { + // Append current node either to resulting DocumentFragment or to + // current cloned Element + if (null == currClonedElem) { + result.appendChild( + result.getOwnerDocument().importNode(currentNode, false)); + } else { + // Stop processing if current Node is not a descendant of + // current Element + if (!isAncestor(currOrgElem, currentNode)) { + return --currPos; + } + + currClonedElem.appendChild( + result.getOwnerDocument().importNode(currentNode, false)); + } + break; + } + + case Node.ELEMENT_NODE : + { + Element nextCurrOrgElem = (Element) currentNode; + Element nextCurrClonedElem = + result.getOwnerDocument().createElementNS( + nextCurrOrgElem.getNamespaceURI(), + nextCurrOrgElem.getNodeName()); + + // Append current Node either to resulting DocumentFragment or to + // current cloned Element + if (null == currClonedElem) { + result.appendChild(nextCurrClonedElem); + currOrgElem = nextCurrOrgElem; + currClonedElem = nextCurrClonedElem; + } else { + // Stop processing if current Node is not a descendant of + // current Element + if (!isAncestor(currOrgElem, currentNode)) { + return --currPos; + } + + currClonedElem.appendChild(nextCurrClonedElem); + } + + // Process current Node (of type Element) recursively + currPos = + nodeList2DocumentFragment( + nodeList, + ++currPos, + result, + nextCurrOrgElem, + nextCurrClonedElem); + + break; + } + + case Node.ATTRIBUTE_NODE : + { + Attr currAttr = (Attr) currentNode; + + // GK 20030411: Hack to overcome problems with IAIK IXSIL + if (currAttr.getOwnerElement() == null) + break; + if (currClonedElem == null) + break; + + // currClonedElem must be the owner Element of currAttr if + // preconditions are met + currClonedElem.setAttributeNS( + currAttr.getNamespaceURI(), + currAttr.getNodeName(), + currAttr.getValue()); + break; + } + + default : + { + // All other nodes will be ignored + } + } + + currPos++; + } + + return currPos; + } + + /** + * Check, if the given attribute is a namespace declaration. + * + * @param attr The attribute to check. + * @return true, if the attribute is a namespace declaration, + * false otherwise. + */ + private static boolean isNamespaceDeclaration(Attr attr) { + return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI()); + } + + /** + * Check, if a given DOM element is an ancestor of a given node. + * + * @param candAnc The DOM element to check for being the ancestor. + * @param cand The node to check for being the child. + * @return true, if candAnc is an (indirect) + * ancestor of cand; false otherwise. + */ + public static boolean isAncestor(Element candAnc, Node cand) { + Node currPar = cand.getParentNode(); + + while (currPar != null) { + if (candAnc == currPar) + return true; + currPar = currPar.getParentNode(); + } + return false; + } + + /** + * Selects the (first) element from a node list and returns it. + * + * @param nl The NodeList to get the element from. + * @return The (first) element included in the node list or null + * if the node list is null or empty or no element is + * included in the list. + */ + public static Element getElementFromNodeList (NodeList nl) { + if ((nl == null) || (nl.getLength() == 0)) { + return null; + } + for (int i=0; idateTime, + * according to ISO 8601. + * + * @author Patrick Peck + * @version $Id$ + * @see http://www.w3.org/2001/XMLSchema-datatypes" + */ +public class DateTimeUtils { + /** Error messages. */ + private static MessageProvider msg = MessageProvider.getInstance(); + +// /** +// * Builds a dateTime value from a Calendar value. +// * @param cal the Calendar value +// * @return the dateTime value +// */ +// public static String buildDateTime(Calendar cal, boolean useUTC) { +// +// if (useUTC) +// return buildDateTimeUTC(cal); +// else { +// StringWriter out = new StringWriter(); +// out.write("" + cal.get(Calendar.YEAR)); +// out.write("-"); +// out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); +// out.write("-"); +// out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); +// out.write("T"); +// out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); +// out.write(":"); +// out.write(to2DigitString(cal.get(Calendar.MINUTE))); +// out.write(":"); +// out.write(to2DigitString(cal.get(Calendar.SECOND))); +// int tzOffsetMilliseconds = +// cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); +// if (tzOffsetMilliseconds != 0) { +// int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60); +// int tzOffsetHours = tzOffsetMinutes / 60; +// tzOffsetMinutes -= tzOffsetHours * 60; +// if (tzOffsetMilliseconds > 0) { +// out.write("+"); +// out.write(to2DigitString(tzOffsetHours)); +// out.write(":"); +// out.write(to2DigitString(tzOffsetMinutes)); +// } else { +// out.write("-"); +// out.write(to2DigitString(-tzOffsetHours)); +// out.write(":"); +// out.write(to2DigitString(-tzOffsetMinutes)); +// } +// } +// return out.toString(); +// } +// } + + /** + * Builds a dateTime value in UTC from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildDateTimeUTC(Calendar cal) { + + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + + return f.format(cal.getTime()); + } + + /** + * Builds a dateTime value in UTC from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildDateTimeUTC(Date cal) { + + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + + return f.format(cal); + + } + + /** + * Builds a dateTime value from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildDate(Calendar cal) { + StringWriter out = new StringWriter(); + out.write("" + cal.get(Calendar.YEAR)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); + out.write("-"); + out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); + return out.toString(); + } + + /** + * Builds a dateTime value from a Calendar value. + * @param cal the Calendar value + * @return the dateTime value + */ + public static String buildTime(Calendar cal) { + StringWriter out = new StringWriter(); + out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.MINUTE))); + out.write(":"); + out.write(to2DigitString(cal.get(Calendar.SECOND))); + + return out.toString(); + } + + /** + * Converts month, day, hour, minute, or second value + * to a 2 digit String. + * @param number the month, day, hour, minute, or second value + * @return 2 digit String + */ + private static String to2DigitString(int number) { + if (number < 10) + return "0" + number; + else + return "" + number; + } + + /** + * Parse a String containing a date and time instant, given in + * ISO 8601 format. + * + * @param dateTime The String to parse. + * @return The Date representation of the contents of + * dateTime. + * @throws ParseException Parsing the dateTime failed. + */ + public static Date parseDateTime(String dateTime) throws ParseException { + GregorianCalendar calendar; + long time; + int yearSign = 1, year, month, day; + int hour, minute, second; + double fraction = 0.0; + int tzSign = 1, tzHour = 0, tzMinute = 0; + int curPos = 0; + String fractStr; + boolean localTime = false; + char c; + + // parse year sign + ensureChars(dateTime, curPos, 1); + c = dateTime.charAt(curPos); + if (c == '+' || c == '-') { + yearSign = c == '+' ? 1 : -1; + curPos++; + } + + // parse year + year = parseInt(dateTime, curPos, 4); + curPos += 4; + + // parse '-' + ensureChar(dateTime, curPos, '-'); + curPos++; + + // parse month + month = parseInt(dateTime, curPos, 2); + ensureValue(month, 1, 12, curPos); + curPos += 2; + + // parse '-' + ensureChar(dateTime, curPos, '-'); + curPos++; + + // parse day + day = parseInt(dateTime, curPos, 2); + ensureValue(day, 1, 31, curPos); + curPos += 2; + + // parse 'T' + ensureChar(dateTime, curPos, 'T'); + curPos++; + + // parse hour + hour = parseInt(dateTime, curPos, 2); + ensureValue(hour, 0, 23, curPos); + curPos += 2; + + // parse ':' + ensureChar(dateTime, curPos, ':'); + curPos++; + + // parse minute + minute = parseInt(dateTime, curPos, 2); + ensureValue(minute, 0, 59, curPos); + curPos += 2; + + // parse ':' + ensureChar(dateTime, curPos, ':'); + curPos++; + + // parse second + second = parseInt(dateTime, curPos, 2); + ensureValue(second, 0, 59, curPos); + curPos += 2; + + // parse a fraction + if (dateTime.length() > curPos && dateTime.charAt(curPos) == '.') { + curPos++; + ensureDigits(dateTime, curPos, 1); + fractStr = "0."; + fractStr + += dateTime.substring(curPos, curPos + countDigits(dateTime, curPos)); + fraction = Double.parseDouble(fractStr); + curPos += countDigits(dateTime, curPos); + } + + // parse a time zone + if (dateTime.length() > curPos) { + c = dateTime.charAt(curPos); + if (c == 'Z') { + curPos++; + } else if (c == '+' || c == '-') { + // parse time zone sign + tzSign = c == '+' ? 1 : -1; + curPos++; + + // parse time zone hour + tzHour = parseInt(dateTime, curPos, 2); + ensureValue(tzHour, 0, 14, curPos); + curPos += 2; + + // parse ':' + ensureChar(dateTime, curPos, ':'); + curPos++; + + // parse time zone minute + tzMinute = parseInt(dateTime, curPos, 2); + ensureValue(tzMinute, 0, 59, curPos); + curPos += 2; + } + } else { + localTime = true; + } + + // if we have characters left, it's an error + if (dateTime.length() != curPos) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + + // build the Date object + year = year * yearSign; + try { + calendar = new GregorianCalendar(TimeZone.getTimeZone("GMT")); + calendar.set(year, month - 1, day, hour, minute, second); + calendar.set(Calendar.MILLISECOND, 0); + time = calendar.getTime().getTime(); + time += (long) (fraction * 1000.0); + time -= tzSign * ((tzHour * 60) + tzMinute) * 60 * 1000; + if (localTime) { + time -= TimeZone.getDefault().getRawOffset(); + } + return new Date(time); + } catch (IllegalArgumentException e) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + + } + + /** + * Parse an integer value. + * + * @param str The String containing the digits. + * @param curPos The starting position. + * @param digits The number of digist making up the integer value. + * @return int The integer representation of the digits contained in + * str. + * @throws ParseException Parsing the integer value failed. + */ + private static int parseInt(String str, int curPos, int digits) + throws ParseException { + + ensureDigits(str, curPos, digits); + return Integer.parseInt(str.substring(curPos, curPos + digits)); + } + + /** + * Count the number of digits following curPos. + * + * @param str The String in which to count digits. + * @param curPos The starting position. + * @return int The number of digits. + */ + private static int countDigits(String str, int curPos) { + int i; + + for (i = curPos; i < str.length() && Character.isDigit(str.charAt(i)); i++); + return i - curPos; + } + + /** + * Ensure that a value falls in a given min/max range. + * + * @param value The value to check. + * @param min The minimum allowed value. + * @param max The maximum allowed value. + * @param curPos To indicate the parsing position in the + * ParseException. + * @throws ParseException Thrown, if value < min || value > + * max + */ + private static void ensureValue(int value, int min, int max, int curPos) + throws ParseException { + + if (value < min || value > max) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + } + + /** + * Ensure that the given String has a number of characters left. + * + * @param str The String to check for its length. + * @param curPos The starting position. + * @param count The minimum number of characters that str must + * contain, starting at from curPos. + * @throws ParseException Thrown, if + * curPos + count > str.length(). + */ + private static void ensureChars(String str, int curPos, int count) + throws ParseException { + if (curPos + count > str.length()) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + } + + /** + * Ensure that a given String contains a certain character at a + * certain position. + * + * @param str The String in which to look up the character. + * @param curPos The position in str that must contain the + * character. + * @param c The character value that must be contained at position + * curPos. + * @throws ParseException Thrown, if the characters do not match or + * curPos is out of range. + */ + private static void ensureChar(String str, int curPos, char c) + throws ParseException { + + ensureChars(str, curPos, 1); + if (str.charAt(curPos) != c) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + } + + /** + * Ensure that a given String contains a number of digits, + * starting at a given position. + * + * @param str The String to scan for digits. + * @param curPos The starting postion. + * @param count The number of digits that must be contained in + * str, starting at curPos. + * @throws ParseException Thrown, if str is not long enough, or + * one of the characters following curPos in str is + * not a digit. + */ + private static void ensureDigits(String str, int curPos, int count) + throws ParseException { + + ensureChars(str, curPos, count); + for (int i = curPos; i < curPos + count; i++) { + if (!Character.isDigit(str.charAt(i))) { + throw new ParseException(msg.getMessage("datetime.00", null), curPos); + } + } + } + + /** + * Calculates the age if date of birth is given (for a calendar time stamp) + * @param dateOfBirth Date of Birth + * @param now Calendar time stamp at which the age needs to be calculated for + * @return Age of a person + */ + public static int calcAge(Calendar dateOfBirth, Calendar now) { + int age = now.get(Calendar.YEAR) - dateOfBirth.get(Calendar.YEAR); + + int nowM = now.get(Calendar.MONTH); + int dobM = dateOfBirth.get(Calendar.MONTH); + int nowDOM = now.get(Calendar.DAY_OF_MONTH); + int dobDOM = dateOfBirth.get(Calendar.DAY_OF_MONTH); + + if ((nowM < dobM) || ((nowM == dobM) && (nowDOM < dobDOM))) { + age--; + } + + if (age < 0) { + throw new IllegalArgumentException("Calculated age results in negative value."); + } + return age; + } + + /** + * Calculates the age if date of birth is given as Calendar object + * @param dateOfBirth Date of Birth as Calendar object + * @return Age of a person + */ + public static int calcAge(Calendar dateOfBirth) { + return calcAge(dateOfBirth, Calendar.getInstance()); + } + + /** + * Calculates the age if date of birth is given (for a date time stamp) + * @param dateOfBirth Date of Birth + * @param now Date time stamp at which the age needs to be calculated for + * @return Age of a person + */ + public static int calcAge(Date dateOfBirth, Date now) { + Calendar dob = Calendar.getInstance(); + dob.setTime(dateOfBirth); + Calendar nowCal = Calendar.getInstance(); + nowCal.setTime(now); + return calcAge(dob, nowCal); + } + + /** + * Calculates the age if date of birth is given as Date object + * @param dateOfBirth Date of Birth as Date object + * @return Age of a person + */ + public static int calcAge(Date dateOfBirth) { + return calcAge(dateOfBirth, new Date()); + } + + public static String formatPEPSDateToMOADate(String pepsDate) { + + if (StringUtils.isEmpty(pepsDate)) { + return null; + } + + DateTimeFormatter fmt = null; + + switch (pepsDate.length()) { + case 4: + fmt = DateTimeFormat.forPattern("yyyy"); + break; + case 6: + fmt = DateTimeFormat.forPattern("yyyyMM"); + break; + case 8: + fmt = DateTimeFormat.forPattern("yyyyMMdd"); + break; + default: + fmt = DateTimeFormat.forPattern("yyyy-MM-dd"); + break; + } + + DateTime dt = fmt.parseDateTime(pepsDate); + DateTimeFormatter fmt2 = DateTimeFormat.forPattern("yyyy-MM-dd"); + return fmt2.print(dt); + + } + + /** + * Returns a date as String using a provided format + * @param format Format the date/time should be returned + * @return Date/Time as String formatted according the provided format + */ + public static String getDateTimeWithFormat(String format) { + DateFormat dateFormat = new SimpleDateFormat(format); + Date date = new Date(); + return dateFormat.format(date); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Empty.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Empty.java new file mode 100644 index 000000000..533b39b6b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Empty.java @@ -0,0 +1,31 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util; + +/** + * @author Thomas Knall + */ +public interface Empty { + + /** + * Returns {@code true} if underlying object is empty. + * + * @return {@code true} if empty, {@code false} if not empty. + */ + boolean isEmpty(); + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java new file mode 100644 index 000000000..7213d036b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/EntityResolverChain.java @@ -0,0 +1,76 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * Implementation of the org.xml.sax.EntityResolver, + * for use by a org.apache.xerces.parsers.DOMParser. + * + * @author Patrick Peck + * @version $Id$ + */ +public class EntityResolverChain implements EntityResolver { + /** The EntityResolvers in the chain. */ + private List resolvers = new ArrayList(); + + /** + * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String) + */ + public InputSource resolveEntity(String publicId, String systemId) + throws SAXException, IOException { + + Iterator iter; + + for (iter = resolvers.iterator(); iter.hasNext(); ) { + EntityResolver resolver = (EntityResolver) iter.next(); + InputSource is = resolver.resolveEntity(publicId, systemId); + + if (is != null) { + return is; + } + } + + return null; + } + + /** + * Add an EntityResolver to the chain. + * + * @param entityResolver The EntityResolver to add. + */ + public void addEntityResolver(EntityResolver entityResolver) { + resolvers.add(entityResolver); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java new file mode 100644 index 000000000..a70d62e1e --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -0,0 +1,179 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URL; + +/** + * Utility for accessing files on the file system, and for reading from input streams. + * @author Paul Ivancsics + * @version $Id$ + */ +public class FileUtils { + + /** + * Reads a file, given by URL, into a byte array. + * @param urlString file URL + * @return file content + * @throws IOException on any exception thrown + */ + public static byte[] readURL(String urlString) throws IOException { + URL url = new URL(urlString); + InputStream in = new BufferedInputStream(url.openStream()); + byte[] content = StreamUtils.readStream(in); + in.close(); + return content; + } + /** + * Reads a file, given by URL, into a String. + * @param urlString file URL + * @param encoding character encoding + * @return file content + * @throws IOException on any exception thrown + */ + public static String readURL(String urlString, String encoding) throws IOException { + byte[] content = readURL(urlString); + return new String(content, encoding); + } + /** + * Reads a file, given by filename, into a byte array. + * @param filename filename + * @return file content + * @throws IOException on any exception thrown + */ + public static byte[] readFile(String filename) throws IOException { + BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename)); + byte[] content = StreamUtils.readStream(in); + in.close(); + return content; + } + /** + * Reads a file, given by filename, into a String. + * @param filename filename + * @param encoding character encoding + * @return file content + * @throws IOException on any exception thrown + */ + public static String readFile(String filename, String encoding) throws IOException { + byte[] content = readFile(filename); + return new String(content, encoding); + } + /** + * Reads a file from a resource. + * @param name resource name + * @return file content as a byte array + * @throws IOException on any exception thrown + */ + public static byte[] readResource(String name) throws IOException { + ClassLoader cl = FileUtils.class.getClassLoader(); + BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name)); + byte[] content = StreamUtils.readStream(in); + in.close(); + return content; + } + /** + * Reads a file from a resource. + * @param name filename + * @param encoding character encoding + * @return file content + * @throws IOException on any exception thrown + */ + public static String readResource(String name, String encoding) throws IOException { + byte[] content = readResource(name); + return new String(content, encoding); + } + + /** + * Returns the absolute URL of a given url which is relative to the parameter root + * @param url + * @param root + * @return String + */ + public static String makeAbsoluteURL(String url, String root) { + //if url is relative to rootConfigFileDirName make it absolute + + File keyFile; + String newURL = url; + + if(null == url) return null; + + if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) { + return url; + } else { + // check if absolute - if not make it absolute + keyFile = new File(url); + if (!keyFile.isAbsolute()) { + keyFile = new File(root, url); + + if (keyFile.toString().startsWith("file:")) + newURL = keyFile.toString(); + + else + newURL = keyFile.toURI().toString(); + + } + return newURL; + } + } + + + private static void copy( InputStream fis, OutputStream fos ) + { + try + { + byte[] buffer = new byte[ 0xFFFF ]; + for ( int len; (len = fis.read(buffer)) != -1; ) + fos.write( buffer, 0, len ); + } + catch( IOException e ) { + System.err.println( e ); + } + finally { + if ( fis != null ) + try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); } + if ( fos != null ) + try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); } + } + } + + public static void copyFile(File src, File dest) + { + try + { + copy( new FileInputStream( src ), new FileOutputStream( dest ) ); + } + catch( IOException e ) { + e.printStackTrace(); + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java new file mode 100644 index 000000000..3d28f4f2b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java @@ -0,0 +1,223 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import iaik.x509.X509Certificate; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.Certificate; + +/** + * Utility for creating and loading key stores. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class KeyStoreUtils { + + /** + * JAVA KeyStore + */ + private static final String KEYSTORE_TYPE_JKS = "JKS"; + + /** + * PKCS12 KeyStore + */ + private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; + + + + /** + * Loads a key store from file. + * + * @param keystoreType key store type + * @param urlString URL of key store + * @param password password protecting the key store + * @return key store loaded + * @throws IOException thrown while reading the key store from file + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore loadKeyStore( + String keystoreType, + String urlString, + String password) + throws IOException, GeneralSecurityException { + + URL keystoreURL = new URL(urlString); + InputStream in = keystoreURL.openStream(); + return loadKeyStore(keystoreType, in, password); + } + /** + * Loads a key store from an InputStream, and + * closes the InputStream. + * + * @param keystoreType key store type + * @param in input stream + * @param password password protecting the key store + * @return key store loaded + * @throws IOException thrown while reading the key store from the stream + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore loadKeyStore( + String keystoreType, + InputStream in, + String password) + throws IOException, GeneralSecurityException { + + char[] chPassword = null; + if (password != null) + chPassword = password.toCharArray(); + KeyStore ks = KeyStore.getInstance(keystoreType); + ks.load(in, chPassword); + in.close(); + return ks; + } + /** + * Creates a key store from X509 certificate files, aliasing them with + * the index in the String[], starting with "0". + * + * @param keyStoreType key store type + * @param certFilenames certificate filenames + * @return key store created + * @throws IOException thrown while reading the certificates from file + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore createKeyStore( + String keyStoreType, + String[] certFilenames) + throws IOException, GeneralSecurityException { + + KeyStore ks = KeyStore.getInstance(keyStoreType); + ks.load(null, null); + for (int i = 0; i < certFilenames.length; i++) { + Certificate cert = loadCertificate(certFilenames[i]); + ks.setCertificateEntry("" + i, cert); + } + return ks; + } + /** + * Creates a key store from a directory containg X509 certificate files, + * aliasing them with the index in the String[], starting with "0". + * All the files in the directory are considered to be certificates. + * + * @param keyStoreType key store type + * @param certDirURLString file URL of directory containing certificate filenames + * @return key store created + * @throws IOException thrown while reading the certificates from file + * @throws GeneralSecurityException thrown while creating the key store + */ + public static KeyStore createKeyStoreFromCertificateDirectory( + String keyStoreType, + String certDirURLString) + throws IOException, GeneralSecurityException { + + URL certDirURL = new URL(certDirURLString); + String certDirname = certDirURL.getFile(); + File certDir = new File(certDirname); + String[] certFilenames = certDir.list(); + String separator = + (certDirname.endsWith(File.separator) ? "" : File.separator); + for (int i = 0; i < certFilenames.length; i++) { + certFilenames[i] = certDirname + separator + certFilenames[i]; + } + return createKeyStore(keyStoreType, certFilenames); + } + + /** + * Loads an X509 certificate from file. + * @param certFilename filename + * @return the certificate loaded + * @throws IOException thrown while reading the certificate from file + * @throws GeneralSecurityException thrown while creating the certificate + */ + private static Certificate loadCertificate(String certFilename) + throws IOException, GeneralSecurityException { + + FileInputStream in = new FileInputStream(certFilename); + Certificate cert = new X509Certificate(in); + in.close(); + return cert; + } + + + /** + * Loads a keyStore without knowing the keyStore type + * @param keyStorePath URL to the keyStore + * @param password Password protecting the keyStore + * @return keyStore loaded + * @throws KeyStoreException thrown if keyStore cannot be loaded + * @throws FileNotFoundException + * @throws IOException + */ + public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{ + + //InputStream is = new FileInputStream(keyStorePath); + URL keystoreURL = new URL(keyStorePath); + InputStream in = keystoreURL.openStream(); + InputStream isBuffered = new BufferedInputStream(in); + return loadKeyStore(isBuffered, password); + + } + + /** + * Loads a keyStore without knowing the keyStore type + * @param in input stream + * @param password Password protecting the keyStore + * @return keyStore loaded + * @throws KeyStoreException thrown if keyStore cannot be loaded + * @throws FileNotFoundException + * @throws IOException + */ +public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{ + is.mark(1024*1024); + KeyStore ks = null; + try { + try { + ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); + } catch (IOException e2) { + is.reset(); + ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); + } + } catch(Exception e) { + e.printStackTrace(); + //throw new KeyStoreException(e); + } + return ks; + + } + + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java new file mode 100644 index 000000000..7a79bd9e5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java @@ -0,0 +1,106 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.IOException; + +import org.xml.sax.EntityResolver; +import org.xml.sax.ErrorHandler; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; +import org.xml.sax.helpers.DefaultHandler; + +/** + * A DefaultHandler that uses a MOAEntityResolver and + * a MOAErrorHandler. + * + * @author Patrick Peck + * @version $Id$ + */ +public class MOADefaultHandler extends DefaultHandler { + /** The EntityResolver to use. */ + private EntityResolver entityResolver; + /** The ErrorHandler to use. */ + private ErrorHandler errorHandler; + + /** + * Create a new MOADefaultHandler. + */ + public MOADefaultHandler() { + entityResolver = new MOAEntityResolver(); + errorHandler = new MOAErrorHandler(); + } + + /** + * Create a new MOADefaultHandler. + * + * @param entityResolver The EntityResolver to use for resolving + * external entities. + * @param errorHandler The ErrorHandler to use for reporting + * parsing errors. + */ + public MOADefaultHandler( + EntityResolver entityResolver, + ErrorHandler errorHandler) { + + this.entityResolver = entityResolver; + this.errorHandler = errorHandler; + } + + /** + * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String) + */ + public InputSource resolveEntity(String publicId, String systemId) + throws SAXException { + try { + return entityResolver.resolveEntity(publicId, systemId); + } catch (IOException e) { + return null; + } + } + + /** + * @see org.xml.sax.ErrorHandler#warning(org.xml.sax.SAXParseException) + */ + public void warning(SAXParseException exception) throws SAXException { + errorHandler.warning(exception); + } + + /** + * @see org.xml.sax.ErrorHandler#error(org.xml.sax.SAXParseException) + */ + public void error(SAXParseException exception) throws SAXException { + errorHandler.error(exception); + } + + /** + * @see org.xml.sax.ErrorHandler#fatalError(org.xml.sax.SAXParseException) + */ + public void fatalError(SAXParseException exception) throws SAXException { + errorHandler.fatalError(exception); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java new file mode 100644 index 000000000..8f3ffd4c6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java @@ -0,0 +1,129 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.InputStream; + +import org.apache.xerces.util.URI; +import org.apache.xerces.util.URI.MalformedURIException; +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; + +/** + * An EntityResolver that looks up entities stored as + * local resources. + * + *

The following DTDs are mapped to local resources: + *

    + *
  • The XMLSchema.dtd
    • + *
  • The datatypes.dtd
    • + *
+ *

+ *

For all other resources, an attempt is made to resolve them as resources, + * either absolute or relative to Constants.SCHEMA_ROOT. + * + * @author Patrick Peck + * @author Sven Aigner + */ +public class MOAEntityResolver implements EntityResolver { + + /** + * Resolve an entity. + * + * The systemId parameter is used to perform the lookup of the + * entity as a resource, either by interpreting the systemId as + * an absolute resource path, or by appending the last path component of + * systemId to Constants.SCHEMA_ROOT. + * + * @param publicId The public ID of the resource. + * @param systemId The system ID of the resource. + * @return An InputSource from which the entity can be read, or + * null, if the entity could not be found. + * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String) + */ + public InputSource resolveEntity(String publicId, String systemId) { + InputStream stream; + int slashPos; + + if (Logger.isDebugEnabled()) { + Logger.debug( + new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); + } + + if (publicId != null) { + // check if we can resolve some standard dtd's + if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) { + return new InputSource( + getClass().getResourceAsStream( + Constants.SCHEMA_ROOT + "XMLSchema.dtd")); + } else if (publicId.equalsIgnoreCase("datatypes")) { + return new InputSource( + getClass().getResourceAsStream( + Constants.SCHEMA_ROOT + "datatypes.dtd")); + } + } else if (systemId != null) { + // get the URI path + try { + URI uri = new URI(systemId); + systemId = uri.getPath(); + + if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) { + return null; + } + + } catch (MalformedURIException e) { + return null; + } + + // try to get the resource from the full path + stream = getClass().getResourceAsStream(systemId); + if (stream != null) { + InputSource source = new InputSource(stream); + + source.setSystemId(systemId); + return source; + } + + // try to get the resource from the last path component + slashPos = systemId.lastIndexOf('/'); + if (slashPos >= 0 && systemId.length() > slashPos) { + systemId = systemId.substring(slashPos + 1, systemId.length()); + stream = + getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId); + if (stream != null) { + InputSource source = new InputSource(stream); + + source.setSystemId(systemId); + return source; + } + } + } + + return null; // nothing found - let the parser handle the entity + } +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java new file mode 100644 index 000000000..3769b264d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java @@ -0,0 +1,115 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import org.apache.xml.utils.DefaultErrorHandler; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; + +/** + * An ErrorHandler that logs a message and throws a + * SAXException upon error and fatal + * parsing errors. + * + * @author Patrick Peck + * @author Sven Aigner + */ +public class MOAErrorHandler extends DefaultErrorHandler { + + + /** + * Logs a warning message. + * + * @see org.xml.sax.ErrorHandler#warning(SAXParseException) + */ + public void warning(SAXParseException exception) throws SAXException { + warn("parser.00", messageParams(exception), null); + } + + /** + * Logs a warning and rethrows the exception. + * + * @see org.xml.sax.ErrorHandler#error(SAXParseException) + */ + public void error(SAXParseException exception) throws SAXException { + warn("parser.01", messageParams(exception), null); + + // if Target attribute is missing in QualifyingProperties - don't throw exception (bug fix for old MOCCA signatures) + if (exception.getMessage().startsWith("cvc-complex-type.4: Attribute 'Target' must appear on element")) + warn("parser.04", new Object[] {"Attribute 'Target' must appear on element 'QualifyingProperties' - ignored for compatibility reasons."}, null); + else + throw exception; + } + + /** + * Logs a warning and rethrows the exception. + * + * @see org.xml.sax.ErrorHandler#fatalError(SAXParseException) + */ + public void fatalError(SAXParseException exception) throws SAXException { + warn("parser.02", messageParams(exception), null); + throw exception; + } + + /** + * Log a warning message. + * + * @param messageId The message ID to log. + * @param parameters Additional message parameters. + * @param t The Throwable to log; usually the cause of this + * warning. + */ + private static void warn( + String messageId, + Object[] parameters, + Throwable t) { + + MessageProvider msg = MessageProvider.getInstance(); + Logger.warn(new LogMsg(msg.getMessage(messageId, parameters)), t); + } + + /** + * Put the system id, line and column number information from the exception + * into an Object array, to provide it as a + * MessageFormat parameter. + * + * @param e The SAXParseException containing the + * source system id and line/column numbers. + * @return An array containing the system id (a String) as well + * as line/column numbers (2 Integer objects) from the + * SAXParseException. + */ + private static Object[] messageParams(SAXParseException e) { + return new Object[] { + e.getMessage(), + e.getSystemId(), + new Integer(e.getLineNumber()), + new Integer(e.getColumnNumber())}; + } + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOATimer.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOATimer.java new file mode 100644 index 000000000..acc380d1d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOATimer.java @@ -0,0 +1,134 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.Map; +import java.util.WeakHashMap; + +/** + * A timer utility for named timers. + * + * @author Sven Aigner + */ +public class MOATimer { + + /** The single instance of this class. */ + private static MOATimer instance = null; + /** The starting points of single timings. */ + private static Map timemapstart = new WeakHashMap(); + /** The end points of single timings. */ + private static Map timemapend = new WeakHashMap(); + + /** + * Return the single instance of this class. + * + * @return The single instance of this class. + */ + public static MOATimer getInstance() { + if (instance == null) { + instance = new MOATimer(); + } + return instance; + } + + /** + * Create a new MOATimer. + * + * Protected to disallow multiple instances. + */ + protected MOATimer() { + super(); + } + + /** + * Start timing a certain action. + * + * The timing belonging to the action ID is garbage collected as soon as there + * exists no other reference to the action ID. + * + * @param id The action ID. + */ + public void startTiming(Object id) { + timemapstart.put(id, new Long(System.currentTimeMillis())); + } + + /** + * Stop timing an action. + * + * @param id The action ID. + */ + public void stopTiming(Object id) { + timemapend.put(id, new Long(System.currentTimeMillis())); + } + + /** + * Get the duration of an action. + * + * @param id The action ID for which to compute the duration. + * @return long The duration in milliseconds between calls to + * startTiming() and stopTiming(). If + * only startTiming() has been called for the action, then + * current difference to the system time is returned. If no timing exists for + * the action, - 1 is returned. + */ + public long duration(Object id) { + if (timemapstart.containsKey(id)) { + long start = ((Long) timemapstart.get(id)).longValue(); + if (timemapend.containsKey(id)) { + long end = ((Long) timemapend.get(id)).longValue(); + return end - start; + } else { + return System.currentTimeMillis() - start; + } + } else + return -1; + } + + /** + * Get the duration of an action, as a nicely formatted String. + * + * @param id The action ID. + * @return String The duration() as a String. + */ + public String durationAsString(Object id) { + long dur = duration(id); + long second = dur / 1000; + long mil = (dur) - (second * 1000); + return "Duration: " + second + "." + mil + " seconds"; + } + + /** + * Remove a timing. + * + * @param id The action ID. + */ + public void clearTiming(String id) { + if (timemapstart.containsKey(id)) + timemapstart.remove(id); + if (timemapend.containsKey(id)) + timemapend.remove(id); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java new file mode 100644 index 000000000..1623ff1b3 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MessageProvider.java @@ -0,0 +1,87 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.Locale; + +/** + * A singleton wrapper around a Message object. + * + * Provides the messages used in the common project. + * + * @author Patrick Peck + * @version $Id$ + */ +public class MessageProvider { + /** The location of the default message resources. */ + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/common_messages" }; + /** The locale of the default message resources. */ + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + /** The single instance of this class. */ + private static MessageProvider instance; + + /** The messages provided by this MessageProvider. */ + private Messages messages; + + /** + * Return the single instance of the MessageProvider. + * + * Intialilizes the MessageProvider with the default message + * locations: /resources/properties/common_messages. + * + * @return The single MessageProvider. + */ + public static synchronized MessageProvider getInstance() { + if (instance == null) { + instance = + new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + } + return instance; + } + + /** + * Create a MessageProvider. + * + * @param resourceNames The names of the resources containing the messages. + * @param locales The corresponding locales. + */ + protected MessageProvider(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters) { + return messages.getMessage(messageId, parameters); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Messages.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Messages.java new file mode 100644 index 000000000..20de46b43 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Messages.java @@ -0,0 +1,141 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.text.MessageFormat; +import java.util.Locale; +import java.util.MissingResourceException; +import java.util.PropertyResourceBundle; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * Provides access to the system messages resource used for exception handling + * and logging messages. + * + * Messages must be provided as a resource bundle at the path. + * + * @author Patrick Peck + * @version $Id$ + */ +public class Messages { + /** Error message indicating that no messages are avaiable. */ + private static final String ERROR_MESSAGES_UNAVAILABLE = + "Fehler in der Server-Konfiguration. " + + "Die Fehlertexte konnten nicht geladen werden."; + /** Error message indicating that the message is not available. */ + private static final String ERROR_NO_MESSAGE = + "No errormesseage for error with number.={0}"; + + /** The names of the resources containing the messages. */ + private String[] resourceNames; + /** The corresponding Locales of the resources. */ + private Locale[] locales; + /** The ResourceBundles containing the messages. */ + private ResourceBundleChain messages; + + /** + * Create a new Message object containing the messages + * in the given resources. + * + * @param resourceNames The names of the resources containing the messages. + * @param locales The corresponding locales. + */ + public Messages(String[] resourceNames, Locale[] locales) { + this.resourceNames = resourceNames; + this.locales = locales; + this.messages = null; + } + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters) { + // initialize messages + if (messages == null) { + initMessages(); + } + + // create the message + if (messages == null) { + return ERROR_MESSAGES_UNAVAILABLE; + } else { + try { + String rawMessage = messages.getString(messageId); + return MessageFormat.format(rawMessage, parameters); + } catch (MissingResourceException e2) { + // couldn't find any message -> set to default error message + return MessageFormat.format( + ERROR_NO_MESSAGE, + new Object[] { messageId }); + } + } + } + + /** + * Return the names of the resources containing the messages. + * + * @return String[] The names of the resource bundles containing the messages. + */ + private String[] getResourceNames() { + return resourceNames; + } + + /** + * Return the Locales of the resources containing the messages. + * + * @return Locale[] The Locales of the resource bundles + * containing the messages. + */ + private Locale[] getLocales() { + return locales; + } + + /** + * Initialize the messages ResourceBundle containing + * the MOA error messages. + */ + private void initMessages() { + messages = new ResourceBundleChain(); + int i; + + // initialize the message resources + for (i = 0; i < resourceNames.length; i++) { + try { + messages.addResourceBundle( + PropertyResourceBundle.getBundle( + getResourceNames()[i], + getLocales()[i])); + } catch (MissingResourceException e) { + Logger.error(ERROR_MESSAGES_UNAVAILABLE, e); + } + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java new file mode 100644 index 000000000..246b0eb31 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java @@ -0,0 +1,315 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util; + +import iaik.logging.Log; +import iaik.logging.LogFactory; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.InvocationTargetException; +import java.nio.channels.Channels; +import java.nio.channels.ReadableByteChannel; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Collection; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Iterator; +import java.util.Properties; + +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Document; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.ex.EgovUtilException; + + + +/** + * Class providing several utility methods. + * + * @author Arne Tauber + * + */ +public class MiscUtil { + + public static final String DEFAULT_SLASH = "/"; + + private static final int IO_BUFFER_SIZE = 4 * 1024; + + public static void copyStream(InputStream is, OutputStream os) throws IOException { + byte[] b = new byte[IO_BUFFER_SIZE]; + int read; + while ((read = is.read(b)) != -1) { + os.write(b, 0, read); + } + } + + public static void assertNotNull(Object param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + } + + public static boolean areAllNull(Object... objects) { + for (Object o : objects) { + if (o != null) { + return false; + } + } + return true; + } + + public static String extractContentType(String contentTypeString) { + if (contentTypeString == null) { + return ""; + } + if (contentTypeString.indexOf(";") != -1) { + return contentTypeString.substring(0, contentTypeString.indexOf(";")); + } + return contentTypeString; + } + + public static XMLGregorianCalendar getXMLGregorianCalendar(Date date) + throws DatatypeConfigurationException { + GregorianCalendar cal = (GregorianCalendar) GregorianCalendar.getInstance(); + cal.setTime(date); + return DatatypeFactory.newInstance().newXMLGregorianCalendar(cal); + } + + public static XMLGregorianCalendar getXMLGregorianCalendar(String str) + throws DatatypeConfigurationException { + return DatatypeFactory.newInstance().newXMLGregorianCalendar(str); + } + + public static X509Certificate readCertificate(InputStream certStream) + throws CertificateException { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + return (X509Certificate) cf.generateCertificate(certStream); + } + + public static boolean isEmpty(String str) { + return str == null || "".equals(str); + } + + public static boolean isNotEmpty(String str) { + return str != null && !"".equals(str); + } + + public static byte[] sourceToByteArray(Source result) + throws TransformerException { + TransformerFactory factory = TransformerFactory.newInstance(); + Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + +// public static Document parseDocument(InputStream inputStream) +// throws IOException { +// try { +// DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory +// .newInstance(); +// docBuilderFactory.setNamespaceAware(true); +// DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); +// return docBuilder.parse(inputStream); +// } catch (ParserConfigurationException e) { +// throw new IOException(e); +// } catch (SAXException e) { +// throw new IOException(e); +// } +// } + + public static String removePrecedingSlash(String path, String slash) { + assertNotEmpty(slash, "Shash"); + if (!isEmpty(path)) { + while (path.startsWith(slash)) { + path = path.substring(slash.length(), path.length()); + } + } + return path; + } + + public static String removePrecedingSlash(String path) { + return removePrecedingSlash(path, DEFAULT_SLASH); + } + + public static void assertNotEmpty(String param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length() == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + @SuppressWarnings("rawtypes") + public static boolean isEmpty(Properties props) { + if (props == null || props.isEmpty()) { + return true; + } + Iterator it = props.values().iterator(); + while (it.hasNext()) { + if (MiscUtil.isNotEmpty((String) it.next())) { + return false; + } + } + return true; + } + + public static boolean isEmpty(Empty empty) { + return empty == null || empty.isEmpty(); + } + + public static boolean isNotEmpty(Empty empty) { + return !isEmpty(empty); + } + + public static boolean isEmpty(byte[] data) { + return data == null || data.length == 0; + } + + public static boolean isNotEmpty(byte[] data) { + return !isEmpty(data); + } + + public static boolean isEmpty(Collection c) { + return c == null || c.isEmpty(); + } + + public static boolean isNotEmpty(Collection c) { + return !isEmpty(c); + } + + public static boolean areAllEmpty(String... strings) { + for (String s : strings) { + if (s != null && s.trim().length() != 0) { + return false; + } + } + return true; + } + + public static boolean areAllEmpty(Empty... empties) { + if (empties != null) { + for (Empty e : empties) { + if (e != null && !e.isEmpty()) { + return false; + } + } + } + return true; + } + + public static void assertNotEmpty(T[] param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static void assertNotEmpty(Empty empty, String name) { + if (empty == null) { + throw new NullPointerException(name + " must not be null."); + } + if (empty.isEmpty()) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static void assertNotEmpty(byte[] param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static Date parseXMLDate(String xmlDate) throws EgovUtilException { + if (xmlDate == null) { + return null; + } + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); + try { + return sdf.parse(xmlDate); + } catch (ParseException e) { + throw new EgovUtilException(e); + } + } + + public static boolean isEmpty(T[] array) { + return array == null || array.length == 0; + } + + public static boolean isNotEmpty(T[] array) { + return !isEmpty(array); + } + + public static String convertDateFromStandardToXML(String dateString) { + MiscUtil.assertNotNull(dateString, "dateString"); + Date date = parseDate(dateString); + return formatDate(date, "yyyy-MM-dd"); + } + + public static Date parseDate(String dateString) { + return parseDate(dateString, "dd.MM.yyyy"); + } + + public static Date parseDate(String dateString, String pattern) { + MiscUtil.assertNotNull(dateString, "dateString"); + MiscUtil.assertNotNull(pattern, "pattern"); + SimpleDateFormat sdf = new SimpleDateFormat(pattern); + try { + return sdf.parse(dateString); + } catch (ParseException e) { + Logger.warn("Error parsing date.", e); + return null; + } + } + + public static String formatDate(Date date, String format) { + SimpleDateFormat sdf = new SimpleDateFormat(format); + return sdf.format(date); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java new file mode 100644 index 000000000..fdc823229 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java @@ -0,0 +1,111 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.ListIterator; + +import org.w3c.dom.DOMException; +import org.w3c.dom.Node; +import org.w3c.dom.traversal.NodeFilter; +import org.w3c.dom.traversal.NodeIterator; + +/** + * A NodeIterator implementation based on a + * ListIterator. + * + * @see java.util.ListIterator + * @see org.w3c.dom.traversal.NodeIterator + * + * @author Patrick Peck + * @version $Id$ + */ +public class NodeIteratorAdapter implements NodeIterator { + + /** The ListIterator to wrap. */ + private ListIterator nodeIterator; + + /** + * Create a new NodeIteratorAdapter. + * @param nodeIterator The ListIterator to iterate over. + */ + public NodeIteratorAdapter(ListIterator nodeIterator) { + this.nodeIterator = nodeIterator; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getRoot() + */ + public Node getRoot() { + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow() + */ + public int getWhatToShow() { + return NodeFilter.SHOW_ALL; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getFilter() + */ + public NodeFilter getFilter() { + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences() + */ + public boolean getExpandEntityReferences() { + return false; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#nextNode() + */ + public Node nextNode() throws DOMException { + if (nodeIterator.hasNext()) { + return (Node) nodeIterator.next(); + } + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#previousNode() + */ + public Node previousNode() throws DOMException { + if (nodeIterator.hasPrevious()) { + return (Node) nodeIterator.previous(); + } + return null; + } + + /** + * @see org.w3c.dom.traversal.NodeIterator#detach() + */ + public void detach() { + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java new file mode 100644 index 000000000..e39cc0291 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java @@ -0,0 +1,68 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.List; + +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * A NodeList implementation based on a List. + * + * @see java.util.List + * @see org.w3c.dom.NodeList + * + * @author Patrick Peck + * @version $Id$ + */ +public class NodeListAdapter implements NodeList { + /** The List to wrap. */ + private List nodeList; + + /** + * Create a new NodeListAdapter. + * + * @param nodeList The List containing the nodes. + */ + public NodeListAdapter(List nodeList) { + this.nodeList = nodeList; + } + + /** + * @see org.w3c.dom.NodeList#item(int) + */ + public Node item(int index) { + return (Node) nodeList.get(index); + } + + /** + * @see org.w3c.dom.NodeList#getLength() + */ + public int getLength() { + return nodeList.size(); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java new file mode 100644 index 000000000..e3f8f75a1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java @@ -0,0 +1,102 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/* + * Created on 26.04.2004 + * + * @author rschamberger + * $ID$ + */ +package at.gv.egovernment.moa.util; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * utility functions to write XML data to files + * @author rschamberger + * @version $Id$ + */ +public class OutputXML2File { + + /** + * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) + * + * @param filename file name + * @param rootElem root element in DOM tree + * @param hierarchy of the Logger + */ + public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) { + if (Logger.isDebugEnabled(hierarchy)) { + outputXML2File(filename, rootElem); + } + } + + /** + * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8) + * + * @param filename file name + * @param xmlString XML string + * @param hierarchy of the Logger + */ + public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) { + if (Logger.isDebugEnabled(hierarchy)) { + outputXML2File(filename, xmlString); + } + } + + /** + * writes an XML structure to file (Encoding: UTF-8) + * + * @param filename file name + * @param rootElem root element in DOM tree + */ + public static void outputXML2File(String filename, Element rootElem) { + try { + String xmlString = new String(DOMUtils.serializeNode(rootElem)); + outputXML2File(filename, xmlString); + } catch (Exception ex) { + ex.printStackTrace(); + } + } + + /** + * writes an XML structure to file (Encoding: UTF-8) + * + * @param filename file name + * @param xmlString XML string + */ + public static void outputXML2File(String filename, String xmlString) { + try { + java.io.OutputStream fout = new java.io.FileOutputStream(filename); + byte[] xmlData = xmlString.getBytes("UTF-8"); + fout.write(xmlData); + fout.close(); + } catch (Exception ex) { + ex.printStackTrace(); + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java new file mode 100644 index 000000000..234ed89df --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ResourceBundleChain.java @@ -0,0 +1,90 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.MissingResourceException; +import java.util.ResourceBundle; + +/** + * A class to chain ResourceBundles. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ResourceBundleChain { + /** Error message indicating the resource is not available. */ + private static final String ERROR_MISSING_RESOURCE = "Missing resource"; + /** The ResourceBundles contained in this chain. */ + private List resourceBundles = new ArrayList(); + + /** + * Add a ResourceBundle to the chain. + * + * @param resourceBundle The ResourceBundle to add. + */ + public void addResourceBundle(ResourceBundle resourceBundle) { + resourceBundles.add(resourceBundle); + } + + /** + * Return the value of the resource. + * + * @param key The key to access the String resource. + * @return The resource value. All the registered ResourceBundles + * are searched in the order in which they have previously been added to this + * ResourceBundleChain. + * @throws MissingResourceException The resource coult not be found in any of + * the bundles. + */ + public String getString(String key) throws MissingResourceException { + MissingResourceException lastException = null; + Iterator iter; + + // handle case where no resource bundles have been added + if (resourceBundles.size() == 0) { + throw new MissingResourceException( + ERROR_MISSING_RESOURCE, + this.getClass().getName(), + key); + } + + // try to find the resource in one of the bundles; if it cannot be found, + // return the exception thrown by the last bundle in the list + for (iter = resourceBundles.iterator(); iter.hasNext();) { + ResourceBundle resourceBundle = (ResourceBundle) iter.next(); + try { + String value = resourceBundle.getString(key); + return value; + } catch (MissingResourceException e) { + lastException = e; + } + } + throw lastException; + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java new file mode 100644 index 000000000..c2c67ec58 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java @@ -0,0 +1,244 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.KeyStore; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; + +/** + * Utility for connecting to server applications via SSL. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** + * Creates an SSLSocketFactory which utilizes the given trust store. + * + * @param trustStoreType key store type of trust store + * @param trustStoreInputStream input stream for reading JKS trust store containing + * trusted server certificates; if null, the default + * trust store will be utilized + * @param trustStorePassword if provided, it will be used to check + * the integrity of the trust store; if omitted, it will not be checked + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading from the input stream + * @throws GeneralSecurityException thrown while creating the socket factory + */ + public static SSLSocketFactory getSSLSocketFactory( + String trustStoreType, + InputStream trustStoreInputStream, + String trustStorePassword) + throws IOException, GeneralSecurityException { + + TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(null, tms, null); + + SSLSocketFactory sf = ctx.getSocketFactory(); + return sf; + } + /** + * Creates an SSLSocketFactory which utilizes the + * given trust store and keystore. + * + * @param trustStore trust store containing trusted server certificates; + * if null, the default trust store will be utilized + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return SSLSocketFactory to be used by an HttpsURLConnection + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + */ + public static SSLSocketFactory getSSLSocketFactory( + KeyStore trustStore, + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + SSLContext ctx = getSSLContext( + trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLSocketFactory sf = ctx.getSocketFactory(); + return sf; + } + /** + * Creates an SSLContext initialized for the + * given trust store and keystore. + * + * @param trustStore trust store containing trusted server certificates; + * if null, the default trust store will be utilized + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return SSLContext to be used for creating an SSLSocketFactory + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the SSL context + */ + public static SSLContext getSSLContext( + KeyStore trustStore, + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + TrustManager[] tms = getTrustManagers(trustStore); + KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + return ctx; + } + /** + * Loads the trust store from an input stream and gets the + * TrustManagers from a default TrustManagerFactory, + * initialized from the given trust store. + * @param trustStoreType key store type of trust store + * @param trustStoreInputStream input stream for reading JKS trust store containing + * trusted server certificates; if null, the default + * trust store will be utilized + * @param trustStorePassword if provided, it will be used to check + * the integrity of the trust store; if omitted, it will not be checked + * @return TrustManagers to be used for creating an + * SSLSocketFactory utilizing the given trust store + * @throws IOException thrown while reading from the input stream + * @throws GeneralSecurityException thrown while initializing the + * default TrustManagerFactory + */ + protected static TrustManager[] getTrustManagers( + String trustStoreType, + InputStream trustStoreInputStream, + String trustStorePassword) + throws IOException, GeneralSecurityException { + + if (trustStoreInputStream == null) + return null; + + // Set up the TrustStore to use. We need to load the file into + // a KeyStore instance. + KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); + return getTrustManagers(trustStore); + } + /** + * Gets the TrustManagers from a default TrustManagerFactory, + * initialized from the given trust store. + * + * @param trustStore the trust store to use + * @return TrustManagers to be used for creating an + * SSLSocketFactory utilizing the given trust store + * @throws GeneralSecurityException thrown while initializing the + * default TrustManagerFactory + */ + protected static TrustManager[] getTrustManagers(KeyStore trustStore) + throws GeneralSecurityException { + + if (trustStore == null) + return null; + + // Initialize the default TrustManagerFactory with this KeyStore + String alg=TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); + tmFact.init(trustStore); + + // And now get the TrustManagers + TrustManager[] tms=tmFact.getTrustManagers(); + return tms; + } + /** + * Loads the client key store from file and gets the + * KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if null, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java new file mode 100644 index 000000000..b3bc8ae47 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamEntityResolver.java @@ -0,0 +1,88 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Map; + +import org.xml.sax.EntityResolver; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * An EntityResolver that maps system IDs to + * InputStreams. + * + * @author Patrick Peck + * @version $Id$ + */ +public class StreamEntityResolver implements EntityResolver { + + /** A mapping from Public ID or System ID to an InputStream + * containing the entity. */ + private Map mappedEntities; + + /** + * Create a StreamEntityResolver. + * + * @param mappedEntities A mapping from public or system IDs + * (String objects) to InputStreams. + */ + public StreamEntityResolver(Map mappedEntities) { + this.mappedEntities = mappedEntities; + } + + /** + * Resolve an entity by looking it up in the mapped entities. + * + * First, the public ID is looked up in the mapping, then the system ID. + * + * @param publicId The public ID of the entity. + * @param systemId The system ID of the entity. + * @return An InputStream containing the entity or + * null if no entity could be found. + * @throws SAXException Signalling a parsing exception. + * @throws IOException Error reading the entity. + */ + public InputSource resolveEntity(String publicId, String systemId) + throws SAXException, IOException { + + InputSource src = null; + + if (publicId != null && mappedEntities.get(publicId) != null) { + src = new InputSource((InputStream) mappedEntities.get(publicId)); + } else if (systemId != null && mappedEntities.get(systemId) != null) { + src = new InputSource((InputStream) mappedEntities.get(systemId)); + } + + if (src != null) { + src.setPublicId(publicId); + src.setSystemId(systemId); + } + + return src; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java new file mode 100644 index 000000000..e4ccd127f --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java @@ -0,0 +1,197 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintStream; + +/** + * Utility methods for streams. + * + * @author Patrick Peck + * @version $Id$ + */ +public class StreamUtils { + + /** + * Compare the contents of two InputStreams. + * + * @param is1 The 1st InputStream to compare. + * @param is2 The 2nd InputStream to compare. + * @return boolean true, if both streams contain the exactly the + * same content, false otherwise. + * @throws IOException An error occurred reading one of the streams. + */ + public static boolean compareStreams(InputStream is1, InputStream is2) + throws IOException { + + byte[] buf1 = new byte[256]; + byte[] buf2 = new byte[256]; + int length1; + int length2; + + try { + while (true) { + length1 = is1.read(buf1); + length2 = is2.read(buf2); + + if (length1 != length2) { + return false; + } + if (length1 <= 0) { + return true; + } + if (!compareBytes(buf1, buf2, length1)) { + return false; + } + } + } catch (IOException e) { + throw e; + } finally { + // close both streams + try { + is1.close(); + is2.close(); + } catch (IOException e) { + // ignore this + } + } + } + + /** + * Compare two byte arrays, up to a given maximum length. + * + * @param b1 1st byte array to compare. + * @param b2 2nd byte array to compare. + * @param length The maximum number of bytes to compare. + * @return true, if the byte arrays are equal, false + * otherwise. + */ + private static boolean compareBytes(byte[] b1, byte[] b2, int length) { + if (b1.length != b2.length) { + return false; + } + + for (int i = 0; i < b1.length && i < length; i++) { + if (b1[i] != b2[i]) { + return false; + } + } + + return true; + } + + /** + * Reads a byte array from a stream. + * @param in The InputStream to read. + * @return The bytes contained in the given InputStream. + * @throws IOException on any exception thrown + */ + public static byte[] readStream(InputStream in) throws IOException { + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + copyStream(in, out, null); + + /* + ByteArrayOutputStream out = new ByteArrayOutputStream(); + int b; + while ((b = in.read()) >= 0) + out.write(b); + + */ + in.close(); + return out.toByteArray(); + } + + /** + * Reads a String from a stream, using given encoding. + * @param in The InputStream to read. + * @param encoding The character encoding to use for converting the bytes + * of the InputStream into a String. + * @return The content of the given InputStream converted into + * a String. + * @throws IOException on any exception thrown + */ + public static String readStream(InputStream in, String encoding) throws IOException { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + copyStream(in, out, null); + + /* + ByteArrayOutputStream out = new ByteArrayOutputStream(); + int b; + while ((b = in.read()) >= 0) + out.write(b); + */ + in.close(); + return out.toString(encoding); + } + + /** + * Reads all data (until EOF is reached) from the given source to the + * destination stream. If the destination stream is null, all data is dropped. + * It uses the given buffer to read data and forward it. If the buffer is + * null, this method allocates a buffer. + * + * @param source The stream providing the data. + * @param destination The stream that takes the data. If this is null, all + * data from source will be read and discarded. + * @param buffer The buffer to use for forwarding. If it is null, the method + * allocates a buffer. + * @exception IOException If reading from the source or writing to the + * destination fails. + */ + private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException { + if (source == null) { + throw new NullPointerException("Argument \"source\" must not be null."); + } + if (buffer == null) { + buffer = new byte[8192]; + } + + if (destination != null) { + int bytesRead; + while ((bytesRead = source.read(buffer)) >= 0) { + destination.write(buffer, 0, bytesRead); + } + } else { + while (source.read(buffer) >= 0); + } + } + + /** + * Gets the stack trace of the Throwable passed in as a string. + * @param t The Throwable. + * @return a String representing the stack trace of the Throwable. + */ + public static String getStackTraceAsString(Throwable t) + { + ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream(); + t.printStackTrace(new PrintStream(stackTraceBIS)); + return new String(stackTraceBIS.toByteArray()); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StringUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StringUtils.java new file mode 100644 index 000000000..ad879d2b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StringUtils.java @@ -0,0 +1,178 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.StringTokenizer; + +/** + * Utitility functions for string manipulations. + * + * @author Harald Bratko + */ +public class StringUtils { + + /** + * Removes all blanks and tabs from the given string. + * + * @param s The string to remove all blanks and tabs from. + * @return The input string with all blanks and tabs removed from. + */ + public static String removeBlanks(String s) { + StringTokenizer st = new StringTokenizer(s); + StringBuffer sb = new StringBuffer(s.length()); + while (st.hasMoreTokens()) { + sb.append(st.nextToken()); + } + return sb.toString(); + } + + /** + * Removes all occurences of the specified token from the the given string. + * + * @param s The string to remove all occurences of the specified token from. + * @return The input string with all occurences of the specified token removed from. + */ + public static String removeToken(String s, String token) { + StringTokenizer st = new StringTokenizer(s, token); + StringBuffer sb = new StringBuffer(s.length()); + while (st.hasMoreTokens()) { + sb.append(st.nextToken()); + } + return sb.toString(); + } + + /** + * Removes all leading zeros from the input string. + * + * @param s The string remove the leading zeros from. + * @return The input string with the leading zeros removed from. + */ + public static String deleteLeadingZeros(String s) { + StringBuffer sb = new StringBuffer(s); + int l = sb.length(); + int j = 0; + for (int i=0; is that matches the given + * search string by the given replace string. + * + * @param s The string where the replacement should take place. + * @param search The pattern that should be replaced. + * @param replace The string that should replace all each search + * string within s. + * @return A string where all occurrence of search are + * replaced with replace. + */ + public static String replaceAll (String s, String search, String replace) + { + StringBuffer sb = new StringBuffer(); + int i = 0, j = 0; + int len = search.length(); + while (j > -1) + { + j = s.indexOf(search, i); + + if (j > -1) + { + sb.append(s.substring(i,j)); + sb.append(replace); + i = j + len; + } + } + + sb.append(s.substring(i, s.length())); + + return sb.toString(); + } + + /** + * Changes the SecurityLayer version in the given string. + * This method usually takes as input an XML structure represented in a string + * format and changes the SecurityLayer namespaces prefixes and URIs from + * one SecurityLayer version to another. + * e.g.: code>sl10 to sl and + * http://www.buergerkarte.at/namespaces/securitylayer/20020225# + * to + * http://www.buergerkarte.at/namespaces/securitylayer/1.2# + * + * @param s The string (usally an XML structure) where the + * SecurityLayer version should be changed. + * @param slPrefixOld The SecurityLayer namespace prefix that should be + * replaced by the new one. + * @param slPrefixNew The new SecurityLayer namespace prefix that should + * replace the old one. + * @param slNSUriOld The SecurityLayer namespace URI that should be + * replaced by the new one. + * @param slNSUriNew The new SecurityLayer namespace URI that should + * replace the old one. + * @return A string where the SecurityLayer namespace prefixes + * and URIs are replaced by new ones. + */ + public static String changeSLVersion(String s, String slPrefixOld, String slPrefixNew, String slNSUriOld, String slNSUriNew) { + String retString = replaceAll(s, slPrefixOld, slPrefixNew); + retString = replaceAll(retString, slNSUriOld, slNSUriNew); + return retString ; + } + + /** + * Removes the XML declaration from an XML expression. + * + * @param xmlString XML expression as String + * + * @return XML expression, XML declaration removed + */ + public static String removeXMLDeclaration(String xmlString) { + if (xmlString!=null && xmlString.startsWith("application/x-www-form-urlencoded string using a specific encoding scheme. + * @param s the string to decode + * @param encoding name of character encoding + * @return the newly decoded string + * @throws UnsupportedEncodingException if the encoding is not supported + */ + public static String decode(String s, String encoding) throws UnsupportedEncodingException { + StringReader in = new StringReader(s); + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + for (int b = read(in); b >= 0; b = read(in)) + bout.write(b); + return bout.toString(encoding); + } + /** + * Decodes the next byte from the string reader. + * @param in string reader + * @return the next byte decoded; + * -1 upon end of string, on erroneous data, and on any exception caught + * @todo syntax check on string + */ + private static int read(StringReader in) { + try { + int b = in.read(); + if (b == '+') + return ' '; + if (b == '%') { + char[] hex = new char[2]; + if (in.read(hex, 0, 2) >= 0) { + String hexString = new String(hex); + return Integer.valueOf(hexString, 16).intValue(); + } + else + return -1; + } + return b; + } + catch (IOException ex) { + return -1; + } + catch (NumberFormatException ex) { + return -1; + } + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java new file mode 100644 index 000000000..e6df1fd33 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java @@ -0,0 +1,89 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.ByteArrayInputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; + +/** + * Translates a string into mime format "x-www-form-urlencoded". + * Provides a function missing in JDK 1.3. + * @author Paul Ivancsics + * @version $Id$ + */ +public class URLEncoder { + + /** + * Translates a string into x-www-form-urlencoded format. + * @param s the string to be translated + * @param encoding the encoding to use + * @return the translated string + * @throws UnsupportedEncodingException when the desired encoding is not supported + */ + public static String encode(String s, String encoding) throws UnsupportedEncodingException { +// if (MiscUtil.isEmpty(s)) +// return null; + byte[] barr = s.getBytes(encoding); + ByteArrayInputStream bin = new ByteArrayInputStream(barr); + StringWriter out = new StringWriter(); + for (int b = bin.read(); b >= 0; b = bin.read()) + encode(b, out); + return out.toString(); + } + + /** + * Encode a character. + * @param ch The character to encode. + * @param out The StringWriter containing the result. + */ + private static void encode(int ch, StringWriter out) { + if ((ch >= 'a' && ch <= 'z') + || (ch >= 'A' && ch <= 'Z') + || (ch >= '0' && ch <= '9') + || ch == '.' || ch == '-' || ch == '*' || ch == '_') + out.write(ch); + else if (ch == ' ') + out.write('+'); + else + encodeHex(ch, out); + } + + /** + * Encode a character as an escaped hex value. + * @param ch The character to encode. + * @param out The StringWriter containing the result. + */ + private static void encodeHex(int ch, StringWriter out) { + out.write('%'); + String hex = Integer.toHexString(ch).toUpperCase(); + if (hex.length() < 2) + out.write('0'); + else + out.write(hex.charAt(hex.length() - 2)); + out.write(hex.charAt(hex.length() - 1)); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java new file mode 100644 index 000000000..206245a68 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java @@ -0,0 +1,86 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.io.PrintStream; +import java.io.PrintWriter; + +/** + * An exception occurred evaluating an XPath. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPathException extends RuntimeException { + /** + * + */ + private static final long serialVersionUID = 1736311265333034392L; +/** The wrapped exception. */ + private Throwable wrapped; + + /** + * Create a XPathException. + * + * @param message The exception message. + * @param wrapped The exception being the likely cause of this exception. + */ + public XPathException(String message, Throwable wrapped) { + super(message); + this.wrapped = wrapped; + } + + /** + * Return the wrapped exception. + * + * @return The wrapped exception being the likely cause of this exception. + */ + public Throwable getWrapped() { + return wrapped; + } + + /** + * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) + */ + public void printStackTrace(PrintStream s) { + super.printStackTrace(s); + if (getWrapped() != null) { + s.print("Caused by: "); + getWrapped().printStackTrace(s); + } + } + + /** + * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) + */ + public void printStackTrace(PrintWriter s) { + super.printStackTrace(s); + if (getWrapped() != null) { + s.print("Caused by: "); + getWrapped().printStackTrace(s); + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java new file mode 100644 index 000000000..89aeaf3d1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java @@ -0,0 +1,557 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.util; + +import java.util.List; +import java.util.Map; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.traversal.NodeIterator; + +import org.jaxen.JaxenException; +import org.jaxen.NamespaceContext; +import org.jaxen.Navigator; +import org.jaxen.SimpleNamespaceContext; +import org.jaxen.dom.DOMXPath; +import org.jaxen.dom.DocumentNavigator; + +/** + * Utility methods to evaluate XPath expressions on DOM nodes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPathUtils { + + /** + * The XPath expression selecting all nodes under a given root (including the + * root node itself). + */ + public static final String ALL_NODES_XPATH = + "(.//. | .//@* | .//namespace::*)"; + + /** The DocumentNavigator to use for navigating the document. */ + private static Navigator documentNavigator = + DocumentNavigator.getInstance(); + /** The default namespace prefix to namespace URI mappings. */ + private static NamespaceContext NS_CONTEXT; + + static { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI); + ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI); + ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI); + ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI); + ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI); + ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI); + ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI); + ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI); + ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI); + ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI); + ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI); + ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI); + ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI); + ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI); + ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI); + ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI); + ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI); + ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI); + ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI); + ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI); + ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI); + ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI); + ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI); + ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); + NS_CONTEXT = ctx; + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator(Node contextNode, String exp) + throws XPathException { + + return selectNodeIterator(contextNode, NS_CONTEXT, exp); + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addElementNamespaces(documentNavigator, namespaceElement); + return selectNodeIterator(contextNode, ctx, exp); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeIterator selectNodeIterator( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectNodeIterator(contextNode, ctx, exp); + } + + /** + * Return a NodeIterator over the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return An iterator over the resulting nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + private static NodeIterator selectNodeIterator( + Node contextNode, + NamespaceContext nsContext, + String exp) + throws XPathException { + + try { + DOMXPath xpath = new DOMXPath(exp); + List nodes; + + xpath.setNamespaceContext(nsContext); + nodes = xpath.selectNodes(contextNode); + return new NodeIteratorAdapter(nodes.listIterator()); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList(Node contextNode, String exp) + throws XPathException { + + return selectNodeList(contextNode, NS_CONTEXT, exp); + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + + ctx.addElementNamespaces(documentNavigator, namespaceElement); + return selectNodeList(contextNode, ctx, exp); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static NodeList selectNodeList( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectNodeList(contextNode, ctx, exp); + } + + /** + * Return a NodeList of all the nodes matching the XPath + * expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return A NodeList containing the matching nodes. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + private static NodeList selectNodeList( + Node contextNode, + NamespaceContext nsContext, + String exp) + throws XPathException { + + try { + DOMXPath xpath = new DOMXPath(exp); + List nodes; + + xpath.setNamespaceContext(nsContext); + nodes = xpath.selectNodes(contextNode); + return new NodeListAdapter(nodes); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Select the first node matching an XPath expression. + * + * All namespace URIs and prefixes declared in the Constants + * interface are used for resolving namespaces. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode(Node contextNode, String exp) + throws XPathException { + + return selectSingleNode(contextNode, NS_CONTEXT, exp); + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceElement An element from which to build the + * namespace mapping for evaluating the XPath expression + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + Element namespaceElement, + String exp) + throws XPathException { + + try { + SimpleNamespaceContext ctx = new SimpleNamespaceContext(); + ctx.addElementNamespaces(documentNavigator, namespaceElement); + + return selectSingleNode(contextNode, ctx, exp); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param namespaceMapping A namespace prefix to namespace URI mapping + * (String to String) for evaluating the XPath + * expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + Map namespaceMapping, + String exp) + throws XPathException { + + SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping); + + return selectSingleNode(contextNode, ctx, exp); + } + + /** + * Select the first node matching an XPath expression. + * + * @param contextNode The root node from which to evaluate the XPath + * expression. + * @param nsContext The NamespaceContext for resolving namespace + * prefixes to namespace URIs for evaluating the XPath expression. + * @param exp The XPath expression to evaluate. + * @return Node The first node matching the XPath expression, or + * null, if no node matched. + * @throws XPathException An error occurred evaluating the XPath expression. + */ + public static Node selectSingleNode( + Node contextNode, + NamespaceContext nsContext, + String exp) + throws XPathException { + + try { + DOMXPath xpath = new DOMXPath(exp); + xpath.setNamespaceContext(nsContext); + return (Node) xpath.selectSingleNode(contextNode); + } catch (JaxenException e) { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { exp }); + throw new XPathException(message, e); + } + } + + /** + * Return the value of a DOM element whose location is given by an XPath + * expression. + * + * @param root The root element from which to evaluate the XPath. + * @param xpath The XPath expression pointing to the element whose value + * to return. + * @param def The default value to return, if no element can be found using + * the given xpath. + * @return The element value, if it can be located using the + * xpath. Otherwise, def is returned. + */ + public static String getElementValue( + Element root, + String xpath, + String def) { + + Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); + return elem != null ? DOMUtils.getText(elem) : def; + } + + /** + * Return the value of a DOM attribute whose location is given by an XPath + * expression. + * + * @param root The root element from which to evaluate the XPath. + * @param xpath The XPath expression pointing to the attribute whose value to + * return. + * @param def The default value to return, if no attribute can be found using + * the given xpath. + * @return The element value, if it can be located using the + * xpath. Otherwise, def is returned. + */ + public static String getAttributeValue( + Element root, + String xpath, + String def) { + + Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); + return attr != null ? attr.getValue() : def; + } + + /** + * Returns the namespace prefix used within XPathUtils for referring to + * the namespace of the specified (Security Layer command) element. + * + * This namespace prefix can be used in various XPath expression evaluation methods + * within XPathUtils without explicitely binding it to the particular + * namespace. + * + * @param contextElement The (Security Layer command) element. + * + * @return the namespace prefix used within XPathUtils for referring to + * the namespace of the specified (Security Layer command) element. + * + * throws XpathException If the specified element has a namespace other than the ones + * known by this implementation as valid Security Layer namespaces (cf. + * @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI). + */ + public static String getSlPrefix (Element contextElement) throws XPathException + { + String sLNamespace = contextElement.getNamespaceURI(); + String sLPrefix = null; + + if (sLNamespace.equals(Constants.SL10_NS_URI)) + { + sLPrefix = Constants.SL10_PREFIX; + } + else if (sLNamespace.equals(Constants.SL12_NS_URI)) + { + sLPrefix = Constants.SL12_PREFIX; + } + else if (sLNamespace.equals(Constants.SL11_NS_URI)) + { + sLPrefix = Constants.SL11_PREFIX; + } + else + { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."}); + throw new XPathException(message, null); + } + + return sLPrefix; + } + + + /** + * Return the SecurityLayer namespace prefix of the context element. + * If the context element is not the element that lies within the + * SecurityLayer namespace. The Securitylayer namespace is derived from + * the xmlns:sl10, sl11 or sl + * attribute of the context element. + * + * The returned prefix is needed for evaluating XPATH expressions. + * + * @param contextElement The element to get a prefix for the Securitylayer namespace, + * that is used within the corresponding document. + * + * @return The string sl10, sl11 or sl, + * depending on the SecurityLayer namespace of the contextElement. + * + * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace + * is defined. + */ + public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException { + + String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI); + if (slPrefix == null) { + slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI); + } + if (slPrefix == null) { + slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI); + } + + return slPrefix; + + } + + /** + * Checks if the context element has an attribute xmlns:slPrefix and + * if the prefix of that attribute corresponds with a valid SecurityLayer namespace. + * + * @param contextElement The element to be checked. + * @param slPrefix The prefix which should be checked. Must be a valid SecurityLayer + * namespace prefix. + * @param slNameSpace The SecurityLayer namespace that corresponds to the specified prefix. + * + * @return The valid SecurityLayer prefix or null if this prefix is + * not used. + * @throws XPathException + */ + private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace) + throws XPathException + { + String nsAtt = "xmlns:" + slPrefix; + String nameSpace = contextElement.getAttribute(nsAtt); + if (nameSpace == "") { + return null; + } else { + // check if namespace is correct + if (nameSpace.equals(slNameSpace)) { + return slPrefix; + } else { + MessageProvider msg = MessageProvider.getInstance(); + String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."}); + throw new XPathException(message, null); + } + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java new file mode 100644 index 000000000..733a2a845 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java @@ -0,0 +1,41 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util.ex; + +public class EgovUtilException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EgovUtilException() { + } + + public EgovUtilException(String message) { + super(message); + } + + public EgovUtilException(Throwable cause) { + super(cause); + } + + public EgovUtilException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/id/server/moa-id-commons/src/main/resources/resources/properties/common_messages_de.properties b/id/server/moa-id-commons/src/main/resources/resources/properties/common_messages_de.properties new file mode 100644 index 000000000..a58d07625 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/properties/common_messages_de.properties @@ -0,0 +1,17 @@ +# This file contains exception messages in the standard Java properties +# format. The messages may contain formatting patterns as definied in the +# java.text.MessageFormat class. + + +# +# Messages private to the MOA common subsystem +# + +parser.00=Leichter Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3} +parser.01=Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3} +parser.02=Schwerer Fehler beim Parsen: {0}, SystemID={1}, Zeile={2}, Spalte={3} +parser.04=Fehler beim Parsen: {0} + +xpath.00=Fehler beim Auswerten des XPath-Ausdruckes: {0} + +datetime.00=Fehler beim Parsen der DateTime \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/Core-1.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core-1.2.xsd new file mode 100644 index 000000000..864fee6d5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core-1.2.xsd @@ -0,0 +1,881 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020225.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020225.xsd new file mode 100644 index 000000000..00b508dd7 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020225.xsd @@ -0,0 +1,399 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020831.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020831.xsd new file mode 100644 index 000000000..a533bf221 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/Core.20020831.xsd @@ -0,0 +1,153 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd new file mode 100644 index 000000000..833d327f2 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.ancient.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd new file mode 100644 index 000000000..db83c9df5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.wrong.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.xsd new file mode 100644 index 000000000..7a01b23d1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ECDSAKeyValue.xsd @@ -0,0 +1,122 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd new file mode 100644 index 000000000..43741d84a --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.2.xsd @@ -0,0 +1,350 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd new file mode 100644 index 000000000..02f750e3e --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.3.xsd @@ -0,0 +1,424 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd new file mode 100644 index 000000000..f80d6ef80 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd @@ -0,0 +1,616 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen. + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd new file mode 100644 index 000000000..03f3a24a4 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd @@ -0,0 +1,612 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd new file mode 100644 index 000000000..d2af3b932 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd @@ -0,0 +1,625 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd new file mode 100644 index 000000000..899f237ce --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.xsd @@ -0,0 +1,505 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der + Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der + Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der + Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die + Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann + für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA + (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem + Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA + SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der + AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; + wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; + wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben + werden; wird das Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der + Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des + AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des + IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per + X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + das Attribut filename verweist auf eine Datei mit globalem + Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo + werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks + inkludiert + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; + z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird + das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox + verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox + verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname + vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation + übergeben werden + + + + + + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente + betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der + TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für + die TLS-Client-Authentisierung verwendetwird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd new file mode 100644 index 000000000..f5daf09b9 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd @@ -0,0 +1,665 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + + + + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd new file mode 100644 index 000000000..fec3b6d0d --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd @@ -0,0 +1,659 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + + + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd new file mode 100644 index 000000000..933399225 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd @@ -0,0 +1,757 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter der Authentisierungs-Komponente + + + + + + + + + + enthält Konfigurationsparameter der Proxy-Komponente + + + + + + enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente + + + + + + enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter) + + + + + + + + + + + enthält Parameter für die OA + + + + + + + + + + + + + + + + + + + + + + + + + spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung + + + + + + ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden + + + + + + + + + + + + + + + + verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter für die Kommunikation mit dem Security-Layer + + + + + + + + + + enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul + + + + + + enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen + + + + + enthält Parameter für die Ãœberprüfung der Personenbindung + + + + + + + + + + enthält Parameter für die Ãœberprüfung des AUTH-Blocks + + + + + + + + + + + + + + enthält Informationen über akzeptierte Signers des IdentityLinks + + + + + + akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert + + + + + + + + enthält Defaultparameter für die Ãœberprüfung weiterer Infoboxen + + + + + + + + Verbindungsparameter zum SZR-Gateway (GetIdentityLink) + + + + + Verbindungsparameter zu den Country-PEPS (C-PEPS) + + + + + + + + + + + Verbindungsparameter zum Online-Vollmachten-Service + + + + + + + + + + das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert + + + + + + + + + + + + + das Attribut URL spezifiziert die Lage des Templates + + + + + + Verifikation zusätzlicher Infoboxen + + + + + Optionales DefaultTrustprofil für die Ãœberprüfung aller weiteren Infoboxen + + + + + + + + + + Parameter für Ãœberprüfung weiterer Infoboxen + + + + + + + Parameter zur Ãœberprüfung einzelner Infoboxen + + + + + optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet + + + + + TrustProfil, das für die Ãœberprüfung der Infobox verwendet werden soll + + + + + Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen + + + + + + Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden + + + + + + + + + + Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert. + + + + + + Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant. + + + + + Eigentlicher Konfigurationsteil für berufliche Parteienvertretung + + + + + + + + + + + + + + Spezifiziert die Lage von XML Schemas + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + enthält Parameter über die OA, die die Proxy-Komponente betreffen + + + + + + + + + + + + + + + + + + + URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate) + + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + + + + + + + Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll + + + + + + + + + + Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden + + + + + Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + + + + + Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert + + + + + + + + + Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors + + + + + + Optionale Verbindungsparameter zu speziellem (SZR-)Gateway + + + + + + OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren + + + + + + Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist + + + + + + + + Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss) + + + + + + + + Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird + + + + + + + Enthält Informationen zu einem KeyStore bzw. Key zur STORK SAML AuthnRequest Signaturerstellung + + + + + + + + + Enthält Informationen zur Verfikation von Signaturen einer STORK SAML Response + + + + + + + + Enthält Informationen zur Erstellung und Verifikation von STORK SAML Messages + + + + + + + + + + + URL zu einem KeyStore, der den privaten Schlüssel zum Erstellen einer Signatur enthält + + + + + + + + + + + + Name zum Key eines KeyStores, der den privaten Schlüssel zum Erstellen einer Signatur darstellt + + + + + + + + + + + + Enthält Informationen zu einem Citizen Country PEPS (C-PEPS) + + + + + + + + + + + + Contains STORK related information + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd new file mode 100644 index 000000000..5a58e4f87 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.3.xsd @@ -0,0 +1,469 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd new file mode 100644 index 000000000..32b4d68ef --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd new file mode 100644 index 000000000..73d145ecf --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-2.0.0.xsd @@ -0,0 +1,572 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd new file mode 100644 index 000000000..291e75a76 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.3.xsd @@ -0,0 +1,253 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd new file mode 100644 index 000000000..884b20a9b --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.3.xsd @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd new file mode 100644 index 000000000..7c3270fdd --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.5.xsd @@ -0,0 +1,268 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd new file mode 100644 index 000000000..063f0e134 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd @@ -0,0 +1,268 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd new file mode 100644 index 000000000..bfa48e9d1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.1.xsd @@ -0,0 +1,282 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd new file mode 100644 index 000000000..7270d288a --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOA-SPSS-config-2.0.0.xsd @@ -0,0 +1,353 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/MOAIdentities.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOAIdentities.xsd new file mode 100644 index 000000000..470295bec --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/MOAIdentities.xsd @@ -0,0 +1,51 @@ + + + + + + MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData.xsd new file mode 100644 index 000000000..0e3bc6b3b --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData.xsd @@ -0,0 +1,426 @@ + + + + + + + + + + + + + unique identifier + + + + + actual value of the identifier. + + + + + + + + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer') + + + + + any additional properties + + + + + + + + + + element of person type + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + element of physical person type + + + + + physical person + + + + + + + data related to the person's name + + + + + Former name, Artist name, changes of Given name ... + + + + + + + + + + + + status of a person in the cycle of life + + + + + gender + + + + + date of birth + + + + + place of birth + + + + + country of birth + + + + + nationality of Person (Staatsbürgerschaft) + + + + + confession (religion) of Person + + + + + relatives (parents, ...) + + + + + + type of the relationship + + + + + + + + + any additional properties + + + + + + + + + element of corporate body type + + + + + juridical person, organisation + + + + + + + category (eg organisation, function, sector, ...) + + + + + name of corporate body (whole name) + + + + + alternative names of corporate body (abbreviations, short name, synonyms, ...) + + + + + type of company (eg AG, OHG, ...) + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) + + + + + any additional properties + + + + + + + + + + element of signed person datastructure type + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + + + + any additional properties + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for marital status of a person + + + + + + + + + + + pattern type for enlargement of type definitions + + + + + + + + known relations (family + functional) + + + + + + + + + + + + + + + + known + any other relation + + + + + + known types of alternative names + + + + + + + + + + + + known + any other alternative name types + + + + + + + element of address type + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + element of postal address type + + + + + postal address + + + + + + + type of address - category (eg 'Wohnsitz', 'Zentrale', ...) + + + + + + any additional properties + + + + + + + + + element of telephone address type + + + + + phone numbers + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + phonenumber + + + + + any additional properties + + + + + + + + + element of internet address type + + + + + internet based communication + + + + + + + certificate for secure communication + + + + + email-Address, Web, FTP, LDAP, ... + + + + + any additional properties + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd new file mode 100644 index 000000000..885c2b765 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonData_20_en_moaWID.xsd @@ -0,0 +1,1229 @@ + + + + + + + + + This version of person deploys only global elements. All types derived from abstract types have been replaced by substitution groups + + + + + dummy abstract Peson Data element needed for bi-lingual schema (substitution groups) + + + + + element of signed person datastructure type + + + + + element of signed person datastructure type + + + + + + + + + + + + + + + + + + + element of person type, essential abstract, subsitute PhysicalPerson or CorporateBody instead or use with xsi:type="..." + + + + + + element of physical person type, dreived from Person (abstract) + + + + + element of physical person type, dreived from Person (abstract) + + + + + element of corporate body type, derived from Person + + + + + element of corporate body type, derived from Person + + + + + + data related to the person's name + + + + + data related to the person's name + + + + + Former name, Artist name, changes of Given name ..., compare AlternativName + + + + + + + + + + + + relatives (parents, ...), compare Verwandter + + + + + + type of the relationship, compare Verwandschftsgrad + + + + + + + + + + element of address type, essentially abstract. Use InternetAddress, TelephoneAddress, PostalAddress, TypedPostalAddress instead, or use Address with xsi:type Attribute + + + + + Postal or ZMR Address, compare PostAdresse + + + + + Postal or ZMR Address, compare PostAdresse + + + + + Typed Postal or ZMR Address, compare TypisiertePostAdresse + + + + + InternetAdress such as e-mail or website, compare InternetAdresse + + + + + Typed TelephoneAddress, compare TelefonAdresse + + + + + National or international bank connection, compare Bankverbindung + + + + + + possibility to include common austrian primary keys in human readable way, english translation not available + + + + + + + + + + + + + + + + + + + + + + + + Ergänzungsregister für nicht-natürliche Personen (CorporateBody) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + teletyper or telephone for the hearing impaired + + + + + + status of a person in the cycle of life, compare Familienstand + + + + + gender, comapre Geschlecht + + + + + date of birth, compare Geburtsdatum + + + + + date of death, compare Sterbedatum + + + + + place of birth, compare Geburtsort + + + + + country of birth, compare Geburtsland + + + + + state of birth, comapre Geburtsbundesland + + + + + nationality of Person, compare Staatsangehoerigkeit. attention! New Fomrat is complex, string value accepted for compatibility only + + + + + confession (religion) of Person - xs:token? gibt es wirklich keine Staaten mit Leerzeichen im Namen? + + + + + occupation, compare Beruf + + + + + + compare InternationalerLaendercode + + + + + compare NationalNummer + + + + + compare Vorwahl + + + + + compare Anschlussnummer + + + + + Complete number, ready formated - e.g. +43 1 5131345 4664 compare FormatierteNummer + + + + + compare Klappe + + + + + unique identifier + + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + container for your Information needs. Contained Elements must reside in a different Namespace + + + + + + any additional properties + + + + + + + + + + + + signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + + + + + + + + + one or more electronic signatures applied on fields above + + + + + container for your Information needs. Contained Elements must reside in a different Namespace + + + + + + any additional properties + + + + + + + + + + + + + + + + + unique identifier + + + + + actual value of the identifier. + + + + + + + + + + + + type of value (eg 'ZMR', 'SV-Nummer', 'Martrikelnummer', database identification, ...) + + + + + authority, which is reponsible for generation of the identifier (eg university in case of 'MatrikelNummer') + + + + + any additional properties + + + + + + + + + main structure of person data + + + + + unique identification entities + + + + + + + + + + physical person, compare NatuerlichePersonTyp + + + + + + + + + + + + + + + + + + + + + any additional properties + + + + + + + + + physical person, compare NatuerlichePersonTyp + + + + + + + + + + + + + any additional properties + + + + + + + + + juridical person, organisation, compare NichtNatuerlichePersonTyp + + + + + + + URI pointing to a predefined Class of CorporateBodies, compare Typ + + + + + name of corporate body (whole name), compare VollerName + + + + + alternative names of corporate body (abbreviations, short name, synonyms, ...), comapre AlternativName + + + + + type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation + + + + + + any additional properties + + + + + + + + + juridical person, organisation, compare NichtNatuerlichePersonTyp + + + + + + + URI pointing to a predefined Class of CorporateBodies, compare Typ + + + + + name of corporate body (whole name), compare VollerName + + + + + type of company (eg AG, OHG, ...), URI pointing to predefined LegalForm, compare Rechtsform + + + + + part of an organisation, see also X.500 ou (eg departement, section, branch, ...) , compare Organisation + + + + + any additional properties + + + + + + + + + container for parts of a name, comapre PersonenNameTyp + + + + + Complete Name (including Affixes) of the Person, especially useful for names from different cultural environments + + + + + + + + + + + + + + + + + + + + + Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable + + + + + A Person in possesion of more than one GivenName frequently preferrs the use of a Name other than the first GivenName + + + + + MiddleNames are not commonly found in central Europe. The field is mainly for compatibility reasons + + + + + Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable + + + + + + + + + + + + + + + + + + + + + Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + container for parts of a name, comapre PersonenNameTyp + + + + + Every given name should be contained inside a GivenName Tag. If that is not possible due to dabase contraints, ... putting several given names inside one GivenName Element is acceptable + + + + + Every family name should be contained inside a FamilyName Tag. If that is not possible due to dabase contraints, ... putting several family names inside one FamilyName Element is acceptable + + + + + + + + + + + + + + + + + + + + + Inlcudes all Information that is not exactly a name: academic or aristocratic titles, ... the new position attribute can contain a suffx or prefix value + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + comapre, StaatsangehoerigkeitTyp + + + + + + + + + + + + + + + + + + compare BankverbindungTyp + + + + + Account holder, compare Inhaber + + + + + compare BankName + + + + + + compare NationaleBankverbindung + + + + + + compare Kontonummer + + + + + compare BLZ + + + + + + + + compare InternationaleBankverbindung + + + + + + compare IBAN + + + + + comapre BIC + + + + + + + + + + + main structure of address data + + + + + unique identification entities + + + + + + + + + postal address with type information, compare TypisiertePostAdresseTyp + + + + + + + type of address - category (eg 'Wohnsitz', 'Zentrale', ...) + + + + + + any additional properties + + + + + + + + + compare PostAdresseTyp + + + + + + + Code for the country, use ISO or internatinal Postalstandard, compare Staatscode + + + + + + + + + + Name of the country, use ISO Name, or international Postal Standard, compare Staatsname + + + + + ZIP, compare Postleitzahl + + + + + compare Region + + + + + compare Bundesland + + + + + compare Gemeinde + + + + + compare Gemeindekennzahl + + + + + ZMR use, compare Ortschaft + + + + + ZMR use, comapre OrtschaftZweisprachig + + + + + + + + + + + + + + zmr use only + + + + + zmr use only + + + + + + Addressregister database keys used to identify Addresses + + + + + + + + + + + + + + + If Addressis used outside of PersonData a recipient can be specified + + + + + + + + rather OrganizationUnit e.G Sales Departement + + + + + e.g. Smith Ltd + + + + + + + + + + + + + + + + + + + + + + compare PostAdresseTyp + + + + + + + Code for the country, use ISO or internatinal Postalstandard, compare Staatscode + + + + + + + + + + Name of the country, use ISO Name, or international Postal Standard, compare Staatsname + + + + + ZIP, compare Postleitzahl + + + + + compare Gemeinde + + + + + + + + if streetname not available use name of Ortschaft + + + + + + + + + + + + + + + + + + + + + + + + + e.g. e-mail, webiste, compare InternetAdresseTyp + + + + + + + certificate for secure communication + + + + + URI: email-Address, Web, FTP, LDAP, ..., comapre Adress + + + + + any additional properties + + + + + + + + + phone numbers, conmpare TelephoneAdresseTyp + + + + + + + type of phononumber - category (eg 'Festnetz', 'Mobile', 'fax', ...) + + + + + phonenumber + + + + + any additional properties + + + + + + + + + like TelephoneAddresseType but with additional smsEnabled attribute + + + + + + + + + + formated number or set of telephone number parts + + + + + + + + + set of telephone number parts + + + + + + + + + + + + + simple type for sex (gender) of person + + + + + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for dates (union), which may omit day and/or month + + + + + + simple type for marital status of a person + + + + + + + + + + + pattern type for enlargement of type definitions. Contents as follows +x:sometext or 12345 or _ or other symbols + + + + + + + + + known relations (family + functional) + + + + + + + + + + + + + + + + known + any other relation + + + + + + known types of alternative names + + + + + + + + + + + + known + any other alternative name types + + + + + + + zmr use only + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonName-1_2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonName-1_2.xsd new file mode 100644 index 000000000..7a52b8582 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/PersonName-1_2.xsd @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/PostalAddress-1_2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/PostalAddress-1_2.xsd new file mode 100644 index 000000000..2203ede4a --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/PostalAddress-1_2.xsd @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd new file mode 100644 index 000000000..8bc02d403 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/TelcomNumber-1_0.xsd @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.1.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.1.1.xsd new file mode 100644 index 000000000..c57f09de8 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.1.1.xsd @@ -0,0 +1,545 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.2.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.2.2.xsd new file mode 100644 index 000000000..04ddb2d33 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.2.2.xsd @@ -0,0 +1,551 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd new file mode 100644 index 000000000..b05691515 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd @@ -0,0 +1,466 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd new file mode 100644 index 000000000..274dbdca1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema-instance.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema-instance.xsd new file mode 100644 index 000000000..f47577b8a --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema-instance.xsd @@ -0,0 +1,37 @@ + + + + + + + +]> + + + +

XML Schema instance namespace

+

See the XML Schema + Recommendation for an introduction

+ + +
+ $Date: 2001/03/16 20:25:57 $
+ $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $ + + + +

This schema should never be used as such: + the XML + Schema Recommendation forbids the declaration of + attributes in this namespace

+ + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema.dtd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema.dtd new file mode 100644 index 000000000..e8e8f7625 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XMLSchema.dtd @@ -0,0 +1,402 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +%xs-datatypes; + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd new file mode 100644 index 000000000..d41f3e817 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-assertion-01.xsd @@ -0,0 +1,194 @@ + + + + + + + Document identifier: cs-sstc-schema-assertion-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd new file mode 100644 index 000000000..d939fa732 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/cs-sstc-schema-protocol-01.xsd @@ -0,0 +1,127 @@ + + + + + + + + Document identifier: cs-sstc-schema-protocol-01 + Location: http://www.oasis-open.org/committees/security/docs/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/datatypes.dtd b/id/server/moa-id-commons/src/main/resources/resources/schemas/datatypes.dtd new file mode 100644 index 000000000..8e48553be --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/datatypes.dtd @@ -0,0 +1,203 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/exclusive-canonicalization.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/exclusive-canonicalization.xsd new file mode 100644 index 000000000..074e3f19e --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/exclusive-canonicalization.xsd @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd new file mode 100644 index 000000000..977c3fe69 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-assertion-2.0.xsd @@ -0,0 +1,290 @@ + + + + + + + + + Document identifier: saml-schema-assertion-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New assertion schema for SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd new file mode 100644 index 000000000..c83806b0d --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-metadata-2.0.xsd @@ -0,0 +1,323 @@ + + + + + + + + + Document identifier: saml-schema-metadata-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V2.0 (March, 2005): + Schema for SAML metadata, first published in SAML 2.0. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd new file mode 100644 index 000000000..b7d14e3e9 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/saml-schema-protocol-2.0.xsd @@ -0,0 +1,306 @@ + + + + + + + + Document identifier: saml-schema-protocol-2.0 + Location: http://docs.oasis-open.org/security/saml/v2.0/ + Revision history: + V1.0 (November, 2002): + Initial Standard Schema. + V1.1 (September, 2003): + Updates within the same V1.0 namespace. + V2.0 (March, 2005): + New protocol schema based in a SAML V2.0 namespace. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd new file mode 100644 index 000000000..2791f3a1e --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-assertion-1.0.xsd @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd new file mode 100644 index 000000000..92fda60a0 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/stork-schema-protocol-1.0.xsd @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd new file mode 100644 index 000000000..5f1c646a7 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_additionaltypes_xsd.xsd @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd new file mode 100644 index 000000000..1b3bed4b7 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_sie_xsd.xsd @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + Please first try to use the CriteriaList before doing the OtherCriteria extension point. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd new file mode 100644 index 000000000..5ee04ec36 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_102231v030102_xsd.xsd @@ -0,0 +1,331 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd new file mode 100644 index 000000000..4af373cf0 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_additionaltypes_xsd.xsd @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd new file mode 100644 index 000000000..42a96b78c --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_sie_xsd.xsd @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + Please first try to use the CriteriaList before doing the OtherCriteria extension point. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd new file mode 100644 index 000000000..fb1852ec0 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/ts_119612v010201_xsd.xsd @@ -0,0 +1,337 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/xenc-schema.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/xenc-schema.xsd new file mode 100644 index 000000000..d4519cd7a --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/xenc-schema.xsd @@ -0,0 +1,150 @@ + + + + + + ]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/xml.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/xml.xsd new file mode 100644 index 000000000..547867f51 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/xml.xsd @@ -0,0 +1,83 @@ + + + + + + + See http://www.w3.org/XML/1998/namespace.html and + http://www.w3.org/TR/REC-xml for information about this namespace. + + + + + This schema defines attributes and an attribute group + suitable for use by + schemas wishing to allow xml:base, xml:lang or xml:space attributes + on elements they define. + + To enable this, such a schema must import this schema + for the XML namespace, e.g. as follows: + <schema . . .> + . . . + <import namespace="http://www.w3.org/XML/1998/namespace" + schemaLocation="http://www.w3.org/2001/03/xml.xsd"/> + + Subsequently, qualified reference to any of the attributes + or the group defined below will have the desired effect, e.g. + + <type . . .> + . . . + <attributeGroup ref="xml:specialAttrs"/> + + will define a type which will schema-validate an instance + element with any of those attributes + + + + In keeping with the XML Schema WG's standard versioning + policy, this schema document will persist at + http://www.w3.org/2001/03/xml.xsd. + At the date of issue it can also be found at + http://www.w3.org/2001/xml.xsd. + The schema document at that URI may however change in the future, + in order to remain compatible with the latest version of XML Schema + itself. In other words, if the XML Schema namespace changes, the version + of this document at + http://www.w3.org/2001/xml.xsd will change + accordingly; the version at + http://www.w3.org/2001/03/xml.xsd will not change. + + + + + + In due course, we should install the relevant ISO 2- and 3-letter + codes as the enumerated possible values . . . + + + + + + + + + + + + + + + See http://www.w3.org/TR/xmlbase/ for + information about this attribute. + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-core-schema.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-core-schema.xsd new file mode 100644 index 000000000..d21ca43f1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-core-schema.xsd @@ -0,0 +1,264 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-filter2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-filter2.xsd new file mode 100644 index 000000000..517e7bd54 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/xmldsig-filter2.xsd @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java new file mode 100644 index 000000000..ba7a0edc4 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa; + +import test.at.gv.egovernment.moa.util.DOMUtilsTest; +import test.at.gv.egovernment.moa.util.DateTimeUtilsTest; +import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest; +import test.at.gv.egovernment.moa.util.SSLUtilsTest; +import test.at.gv.egovernment.moa.util.XPathUtilsTest; + +import junit.awtui.TestRunner; +import junit.framework.Test; +import junit.framework.TestSuite; + +/** + * @author patrick + * @version $Id$ + */ +public class AllTests { + + public static Test suite() { + TestSuite suite = new TestSuite(); + +// suite.addTestSuite(DOMUtilsTest.class); +// suite.addTestSuite(DateTimeUtilsTest.class); +// suite.addTestSuite(XPathUtilsTest.class); +// suite.addTestSuite(KeyStoreUtilsTest.class); +// suite.addTestSuite(SSLUtilsTest.class); + + return suite; + } + + public static void main(String[] args) { + try { + TestRunner.run(AllTests.class); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java new file mode 100644 index 000000000..5d1c5371a --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java @@ -0,0 +1,99 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa; + +import java.io.FileInputStream; +import java.io.StringReader; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; + +import org.xml.sax.InputSource; + +import junit.framework.TestCase; + +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * Base class for MOA test cases. + * + * Provides some utility functions. + * + * @author Patrick Peck + * @version $Id$ + */ +public class MOATestCase extends TestCase { + + protected static final String TESTDATA_ROOT = "data/test/"; + + /** + * Constructor for MOATestCase. + * @param arg0 + */ + public MOATestCase(String name) { + super(name); + } + + /** + * Parse an XML file non-validating. + */ + public static Document parseXml(String fileName) throws Exception { + return DOMUtils.parseDocument( + new FileInputStream(fileName), + false, + null, + null); + } + + /** + * Parse an XML validating with a given file name. + * + * Uses the local schema resources. + */ + public static Document parseXmlValidating(String fileName) throws Exception { + return DOMUtils.parseDocument( + new FileInputStream(fileName), + true, + Constants.ALL_SCHEMA_LOCATIONS, + null); + } + + /** + * Parse an XML from a String. + */ + public static Document parseXmlString(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder; + + factory.setNamespaceAware(true); + builder = factory.newDocumentBuilder(); + + return builder.parse(new InputSource(new StringReader(xml))); + } + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java new file mode 100644 index 000000000..1a2b6904d --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java @@ -0,0 +1,161 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; +import java.io.FileInputStream; +import java.util.Map; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import test.at.gv.egovernment.moa.*; + +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * @author Patrick Peck + * @version $Id$ + */ +public class DOMUtilsTest extends MOATestCase { + private static final String TESTDATA_BASE = TESTDATA_ROOT + "xml/"; + private static boolean grammarsInitialized = false; + + /** + * Constructor for DOMUtilsTest. + * @param name + */ + public DOMUtilsTest(String name) { + super(name); + } + + protected void setUp() throws Exception { + if (!grammarsInitialized) { + // preparse XML schema + DOMUtils.addSchemaToPool( + getClass().getResourceAsStream(Constants.XML_SCHEMA_LOCATION), + Constants.XML_NS_URI); + // preparse XMLDsig Filter2 schema + DOMUtils.addSchemaToPool( + getClass().getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION), + Constants.DSIG_FILTER2_NS_URI); + // preparse XMLDsig schema + DOMUtils.addSchemaToPool( + getClass().getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION), + Constants.DSIG_NS_URI); + // preparse MOA schema + DOMUtils.addSchemaToPool( + getClass().getResourceAsStream(Constants.MOA_SCHEMA_LOCATION), + Constants.MOA_NS_URI); + grammarsInitialized = true; + } + } + + private Document parse(String fileName) throws Exception { + return DOMUtils.parseDocument( + new FileInputStream(fileName), + true, + Constants.ALL_SCHEMA_LOCATIONS, + null); + } + + public void testParseCreateXMLSignature() throws Exception { + parse(TESTDATA_BASE + "CreateXMLSignature/TestGeneratorCX2.005.Req.xml"); + parse(TESTDATA_BASE + "CreateXMLSignature/Req000.xml"); + parse(TESTDATA_BASE + "CreateXMLSignature/Req001.xml"); + parse(TESTDATA_BASE + "CreateXMLSignature/Req002.xml"); + parse(TESTDATA_BASE + "CreateXMLSignature/Req004.xml"); + } + + public void testParseVerifyCMSSignature() throws Exception { + parse(TESTDATA_BASE + "VerifyCMSSignature/Req000.xml"); + } + + public void testParseVerifyXMLSignature() throws Exception { + parse(TESTDATA_BASE + "VerifyXMLSignature/Req000.xml"); + parse(TESTDATA_BASE + "VerifyXMLSignature/Req001.xml"); + parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml"); + parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.002.Req.xml"); + //parse(TESTDATA_BASE + "VerifyXMLSignature/TestGeneratorVX.006.Req.xml"); + parse(TESTDATA_BASE + "VerifyXMLSignature/VerifySAMLRequest.xml"); + } + + public void testParseInfobox() throws Exception { + parse(TESTDATA_BASE + "Infobox/InfoboxReadResponseMOA4.xml"); + parse(TESTDATA_BASE + "Infobox/InfoboxReadResponse.xml"); + } + + + private Document parsePlain(String fileName) throws Exception { + return DOMUtils.parseDocument( + new FileInputStream(fileName), + false, + null, + null); + } + + public void testValidateCreateXMLSignature() throws Exception { + Document doc; + boolean valid; + + // test a valid request + doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/Req000.xml"); + valid = + DOMUtils.validateElement( + doc.getDocumentElement(), + Constants.ALL_SCHEMA_LOCATIONS, + null); + assertTrue(valid); + + // test an invalid request + doc = parsePlain(TESTDATA_BASE + "CreateXMLSignature/invalid.xml"); + try { + valid = + DOMUtils.validateElement( + doc.getDocumentElement(), + Constants.ALL_SCHEMA_LOCATIONS, + null); + fail(); + } catch (Exception e) { + } + } + + public void testGetNamespaceDeclarations() throws Exception { + Document doc; + NodeList nl; + Element elem; + Map nsDecls; + + doc = parse(TESTDATA_BASE + "VerifyXMLSignature/Req002.xml"); + nl = doc.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Reference"); + elem = (Element) nl.item(0); + nsDecls = DOMUtils.getNamespaceDeclarations(elem); + + assertEquals(2, nsDecls.size()); + assertEquals(Constants.DSIG_NS_URI, nsDecls.get("dsig")); + assertEquals(Constants.MOA_NS_URI, nsDecls.get("")); + } + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java new file mode 100644 index 000000000..e3468b89f --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java @@ -0,0 +1,129 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.TimeZone; + +import junit.framework.TestCase; + +import at.gv.egovernment.moa.util.DateTimeUtils; + +/** + * @author Patrick Peck + * @version $Id$ + */ +public class DateTimeUtilsTest extends TestCase { + + /** + * Constructor for DateTimeUtilsTest. + * @param arg0 + */ + public DateTimeUtilsTest(String arg0) { + super(arg0); + } + + public void testParseDateTimeValid() throws Exception { + Date date; + DateFormat format = new SimpleDateFormat("dd.MM.yyyy HH:mm:ss"); + + String dateStr; + + format.setTimeZone(TimeZone.getTimeZone("GMT")); + date = DateTimeUtils.parseDateTime("+1971-12-12T06:30:15"); + date.setTime(date.getTime() + TimeZone.getDefault().getRawOffset()); + dateStr = format.format(date); + assertEquals("12.12.1971 06:30:15", dateStr); + + date = DateTimeUtils.parseDateTime("2000-01-01T23:59:59.012Z"); + dateStr = format.format(date); + assertEquals("01.01.2000 23:59:59", dateStr); + + date = DateTimeUtils.parseDateTime("2003-05-20T12:17:30-05:00"); + dateStr = format.format(date); + assertEquals("20.05.2003 17:17:30", dateStr); + + + date = DateTimeUtils.parseDateTime("2002-02-02T02:02:02.33+04:30"); + dateStr = format.format(date); + assertEquals("01.02.2002 21:32:02", dateStr); + } + + public void testParseDateTimeInvalid() { + try { + DateTimeUtils.parseDateTime("+1971-12-12T6:30:15"); + fail(); + } catch (ParseException e) { + } + + try { + DateTimeUtils.parseDateTime("2000-01-0123:59:59.999999Z"); + fail(); + } catch (ParseException e) { + } + + try { + DateTimeUtils.parseDateTime("2003-05-20T12:17:3005:00"); + fail(); + } catch (ParseException e) { + } + + try { + DateTimeUtils.parseDateTime(" 2002-02-02T02:02:02.33+04:00"); + fail(); + } catch (ParseException e) { + } + + } + + public void testBuildDateTimeGMTMinus3() { + String should = "2002-01-01T01:01:01-03:00"; + doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT-03:00", should); + } + public void testBuildDateTimeMEZSommerzeit() { + String should = "2002-07-31T23:59:59+02:00"; + doTestBuildDateTime(2002, 7, 31, 23, 59, 59, "GMT+01:00", should); + } + public void testBuildDateTimeGMT() { + String should = "2002-01-01T01:01:01"; + doTestBuildDateTime(2002, 1, 1, 1, 1, 1, "GMT+00:00", should); + } + private void doTestBuildDateTime( + int year, int month, int day, + int hour, int min, int sec, + String timeZone, String dateTimeShould) { + +// Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone)); +// cal.set(year,month, day, hour, min, sec); +// cal.set(Calendar.MILLISECOND, 0); +// String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false); +// assertEquals(dateTimeShould, dateTimeBuilt); + } + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java new file mode 100644 index 000000000..2433eca89 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java @@ -0,0 +1,114 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.KeyStore; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Enumeration; + +import at.gv.egovernment.moa.util.KeyStoreUtils; + +import junit.framework.TestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class KeyStoreUtilsTest extends TestCase { + private String tmpDir = "tmp/KeyStoreUtilsTest"; + private String tmpDirURL = "file:" + tmpDir; + + public KeyStoreUtilsTest(String arg0) { + super(arg0); + } + + protected void setUp() throws Exception { + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + new File(tmpDir).mkdirs(); + } + protected void tearDown() throws Exception { + new File(tmpDir).delete(); + } + public void testCreateKeyStoreJKS() throws Exception { + String[] certFilenames = new String[] { + "data/test/security/server-certs/baltimore.cer" + }; + KeyStore ks = KeyStoreUtils.createKeyStore("jks", certFilenames); + assertEquals(1, ks.size()); + X509Certificate cert = (X509Certificate)ks.getCertificate("0"); + assertEquals(3424, cert.getSerialNumber().intValue()); + } + public void testCreateKeyStorePKCS12() throws Exception { + String[] certFilenames = new String[] { + "data/test/security/server-certs/baltimore.cer" + }; + KeyStore ks = KeyStoreUtils.createKeyStore("pkcs12", certFilenames); + assertEquals(1, ks.size()); + X509Certificate cert = (X509Certificate)ks.getCertificate("0"); + assertEquals(3424, cert.getSerialNumber().intValue()); + } + public void testCreateKeyStoreFromCertificateDirectory() throws Exception { + // copy certificate files to a temporary directory, + // omitting the "CVS" directory in the source directory + copyCertificates("data/test/security/server-certs", tmpDir); + KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL); + assertEquals(2, ks.size()); + X509Certificate cert0 = (X509Certificate)ks.getCertificate("0"); + X509Certificate cert1 = (X509Certificate)ks.getCertificate("1"); + assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue()); + } + private void copyCertificates(String from, String to) throws IOException { + String[] fromList = new File(from).list(); + for (int i = 0; i < fromList.length; i++) { + File fromFile = new File(from + File.separator + fromList[i]); + if (fromFile.isFile()) { + String toFile = to + "/" + fromList[i]; + FileInputStream in = new FileInputStream(fromFile); + FileOutputStream out = new FileOutputStream(toFile); + for (int ch = in.read(); ch >= 0; ch = in.read()) + out.write(ch); + out.close(); + in.close(); + } + } + + } + public void testLoadKeyStore() throws Exception { + String keyStoreURL = "file:data/test/security/client-certs/sicher-demo(buergerkarte).p12"; + KeyStore ks = KeyStoreUtils.loadKeyStore("pkcs12", keyStoreURL, "buergerkarte"); + assertEquals(1, ks.size()); + Enumeration aliases = ks.aliases(); + String alias = (String)aliases.nextElement(); + X509Certificate cert = (X509Certificate)ks.getCertificate(alias); + assertEquals(new BigInteger("1044289238331").intValue(), cert.getSerialNumber().intValue()); + } + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java new file mode 100644 index 000000000..2b5094fb8 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java @@ -0,0 +1,181 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; + +import java.net.URL; +import java.security.KeyStore; +import java.security.Security; + +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSocketFactory; + +import junit.framework.TestCase; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.SSLUtils; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtilsTest extends TestCase { + + public SSLUtilsTest(String arg0) { + super(arg0); + } + + + protected void setUp() throws Exception { + //System.setProperty("javax.net.debug", "all"); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5"); + } + + public void testGetSSLSocketFactoryBaltimoreOK() throws Exception { + doTestGetSSLSocketFactory( + "GET", + "https://www.baltimore.com/", + false, + "file:data/test/security/cacerts+gt_cybertrust_root", + "changeit", + true); + } + public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception { + doTestGetSSLSocketFactory( + "GET", + "https://www.baltimore.com/", + false, + "file:data/test/security/cacerts", + "changeit", + false); + } + public void testGetSSLSocketFactoryVerisignOK() throws Exception { + doTestGetSSLSocketFactory( + "GET", + "https://www.verisign.com/", + false, + "file:data/test/security/cacerts", + "changeit", + true); + } + public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception { + doTestGetSSLSocketFactory( + "GET", + "https://www.verisign.com/", + false, + null, + null, + true); + } + public void testGetSSLSocketFactoryLocalhostOK() throws Exception { + String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; + doTestGetSSLSocketFactory( + "GET", + urlString, + true, + "file:data/test/security/server.keystore.tomcat", + "changeit", + true); + } + public void testGetSSLSocketFactoryLocalhostNOK() throws Exception { + String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; + doTestGetSSLSocketFactory( + "GET", + urlString, + true, + null, + null, + false); + } + + public void doTestGetSSLSocketFactory( + String requestMethod, + String urlString, + boolean useHostnameVerifierHack, + String truststoreurl, + String trustpassword, + boolean shouldOk + ) throws Exception { + + doTestGetSSLSocketFactory( + requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk); + } + public void doTestGetSSLSocketFactory( + String requestMethod, + String urlString, + boolean useHostnameVerifierHack, + String truststoreurl, + String trustpassword, + String keystoretype, + String keystoreurl, + String keypassword, + boolean shouldOk + ) throws Exception { + + KeyStore truststore = null; + if (truststoreurl != null) + truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword); + SSLSocketFactory sf = SSLUtils.getSSLSocketFactory( + truststore, keystoretype, keystoreurl, keypassword); + System.out.println(requestMethod + " " + urlString); + + URL url = new URL(urlString); + HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); + conn.setRequestMethod(requestMethod); + conn.setDoInput(true); + conn.setDoOutput(true); + conn.setUseCaches(false); + conn.setAllowUserInteraction(false); + conn.setSSLSocketFactory(sf); + if (useHostnameVerifierHack) + conn.setHostnameVerifier(new HostnameVerifierHack()); + try { + conn.connect(); + assertTrue(shouldOk); + assertEquals(200, conn.getResponseCode()); + conn.disconnect(); + } + catch (SSLException ex) { + assertFalse(shouldOk); + } + } +// private byte[] readTruststore(String filename) throws IOException { +// if (filename == null) +// return null; +// FileInputStream in = new FileInputStream(filename); +// byte[] buffer = new byte[in.available()]; +// in.read(buffer); +// in.close(); +// return buffer; +// } + private class HostnameVerifierHack implements HostnameVerifier { + public boolean verify(String arg0, String arg1) { + return true; + } + } +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java new file mode 100644 index 000000000..2ded896d0 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLDecoderTest.java @@ -0,0 +1,53 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; + +import java.net.URLEncoder; + +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.URLDecoder; + +import junit.framework.TestCase; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class URLDecoderTest extends TestCase { + + public void test() throws Exception { + String s = "immerZUA0129<>%==$$%&/()@?{()=} \\\""; + String senc = URLEncoder.encode(s); + String sdec = URLDecoder.decode(senc, "ISO-8859-1"); + assertEquals(s, sdec); + } + public void testUTF8() throws Exception { + String s = new String(FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml")); + String senc = URLEncoder.encode(s); + String sdec = URLDecoder.decode(senc, "UTF-8"); + String sutf8 = FileUtils.readFile("data/test/xml/CreateXMLSignature/CreateXMLSignatureResponse.xml", "UTF-8"); + assertEquals(sutf8, sdec); + } +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java new file mode 100644 index 000000000..5f72c8aad --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/URLEncoderTest.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; + +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.URLDecoder; +import at.gv.egovernment.moa.util.URLEncoder; +import junit.framework.TestCase; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class URLEncoderTest extends TestCase { + + public void testUnchangedString() throws Exception { + String s = "AZaz0123456789.-*_"; + String senc = URLEncoder.encode(s, "UTF-8"); + assertEquals(s, senc); + } + public void testAumlUTF8() throws Exception { + String s = "ä"; + String senc = URLEncoder.encode(s, "UTF-8"); + assertEquals("%C3%A4", senc); + } + public void testEncodeDecode() throws Exception { + String s = "AZaz09.-*_ <>%=$%&/()@?{}[]\\\""; + String senc = URLEncoder.encode(s, "UTF-8"); + String sdec = URLDecoder.decode(senc, "UTF-8"); + assertEquals(s, sdec); + } + public void testCertInfo() throws Exception { + String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8")); + String senc = URLEncoder.encode(s, "UTF-8"); + String sdec = URLDecoder.decode(senc, "UTF-8"); + assertEquals(s, sdec); + } + /*public void testJDK14() throws Exception { + String s = new String(FileUtils.readFile("data/test/xml/VerifyXMLSignature/CertInfoVerifyXMLSignatureRequest.xml", "UTF-8")); + String senc = URLEncoder.encode(s, "UTF-8"); + String senc14 = java.net.URLEncoder.encode(s, "UTF-8"); + assertEquals(senc, senc14); + }*/ + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java new file mode 100644 index 000000000..dfe7a5358 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XMLGrammarBuilderTest.java @@ -0,0 +1,123 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; +import java.io.FileInputStream; +import java.io.InputStream; + +import org.apache.xerces.parsers.DOMParser; +import org.apache.xerces.parsers.XMLGrammarPreparser; +import org.apache.xerces.util.SymbolTable; +import org.apache.xerces.util.XMLGrammarPoolImpl; +import org.apache.xerces.xni.grammars.Grammar; +import org.apache.xerces.xni.grammars.XMLGrammarDescription; +import org.apache.xerces.xni.parser.XMLInputSource; +import org.xml.sax.InputSource; + +import test.at.gv.egovernment.moa.MOATestCase; + +import at.gv.egovernment.moa.util.Constants; + + +/** + * Experimentation with Xerces grammar caching. + * + * Used the Xerces sample 'XMLGrammarBuilder' as a starting point. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLGrammarBuilderTest extends MOATestCase { + + private static final String GRAMMAR_POOL = + org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX + + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY; + + protected static final String NAMESPACES_FEATURE_ID = + "http://xml.org/sax/features/namespaces"; + protected static final String VALIDATION_FEATURE_ID = + "http://xml.org/sax/features/validation"; + protected static final String SCHEMA_VALIDATION_FEATURE_ID = + "http://apache.org/xml/features/validation/schema"; + protected static final String SCHEMA_FULL_CHECKING_FEATURE_ID = + "http://apache.org/xml/features/validation/schema-full-checking"; + + private static final int BIG_PRIME = 2039; + private SymbolTable symbolTable; + private XMLGrammarPoolImpl grammarPool; + + /** + * Constructor for XMLGrammarBuilderTest. + * @param name + */ + public XMLGrammarBuilderTest(String name) { + super(name); + } + + protected void setUp() throws Exception { + XMLGrammarPreparser preparser; + + // set up symbol table and grammar pool + symbolTable = new SymbolTable(BIG_PRIME); + grammarPool = new XMLGrammarPoolImpl(); + preparser = new XMLGrammarPreparser(symbolTable); + preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null); + preparser.setProperty(GRAMMAR_POOL, grammarPool); + preparser.setFeature(NAMESPACES_FEATURE_ID, true); + preparser.setFeature(VALIDATION_FEATURE_ID, true); + // now we can still do schema features just in case, + // so long as it's our configuraiton...... + preparser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true); + preparseSchemaResource( + preparser, + Constants.DSIG_SCHEMA_LOCATION, + "/resources/schemas/xmldsig-core-schema.xsd"); + } + + private static Grammar preparseSchemaResource( + XMLGrammarPreparser preparser, + String systemId, + String resource) + throws Exception { + + InputStream is = XMLGrammarBuilderTest.class.getResourceAsStream(resource); + return preparser.preparseGrammar( + XMLGrammarDescription.XML_SCHEMA, + new XMLInputSource(null, systemId, null, is, null)); + } + + public void testParseValidating() throws Exception { + DOMParser parser = new DOMParser(symbolTable, grammarPool); + + parser.setFeature(NAMESPACES_FEATURE_ID, true); + parser.setFeature(VALIDATION_FEATURE_ID, true); + parser.setFeature(SCHEMA_VALIDATION_FEATURE_ID, true); + + parser.parse( + new InputSource( + new FileInputStream(TESTDATA_ROOT + "xml/dsigTransform/base64.xml"))); + parser.getDocument(); + } + +} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java new file mode 100644 index 000000000..15e6a62f3 --- /dev/null +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java @@ -0,0 +1,75 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.util; +import org.w3c.dom.Document; +import org.w3c.dom.NodeList; + +import test.at.gv.egovernment.moa.MOATestCase; + +import at.gv.egovernment.moa.util.XPathUtils; + + +/** + * @author Patrick Peck + * @version $Id$ + */ +public class XPathUtilsTest extends MOATestCase { + + private Document doc1; + + /** + * Constructor for XPathUtilsTest. + * @param name + */ + public XPathUtilsTest(String name) { + super(name); + } + + /** + * @see TestCase#setUp() + */ + protected void setUp() throws Exception { + super.setUp(); + doc1 = + parseXml(TESTDATA_ROOT + "xml/VerifyXMLSignature/Req000.xml"); + } + + public void testSelectNodeList() throws Exception { + NodeList nodes; + + nodes = + XPathUtils.selectNodeList( + doc1.getDocumentElement(), + doc1.getDocumentElement(), + "/VerifyXMLSignatureRequest"); + assertEquals(1, nodes.getLength()); + nodes = + XPathUtils.selectNodeList( + doc1.getDocumentElement(), + "//dsig:Signature"); + assertEquals(1, nodes.getLength()); + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 49293420c..11e0c764c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -23,12 +23,12 @@ 3.0.3-Snapshot - + MOA.id.server diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 256fb4af2..f19802a01 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -37,12 +37,12 @@ moa-id-module-eIDAS - + MOA.id.server.modules diff --git a/pom.xml b/pom.xml index 9fb67e58a..a84bbc27b 100644 --- a/pom.xml +++ b/pom.xml @@ -29,12 +29,15 @@ 3.2.0-OPB-Snapshot 2.0.1-Snapshot - 2.0.5-RC1 + 2.2.0-OPB-Snapshot 2.0.5 1.0.0-Snapshot + + 2.0.5-RC1 + 4.2.4.RELEASE 2.18.1 @@ -69,9 +72,11 @@ - common - spss + + + id + @@ -224,9 +229,10 @@ id/assembly-auth-final.xml id/assembly-auth-edu.xml - id/assembly-proxy.xml - spss/assembly.xml - spss/assembly-lib.xml + id/assembly-proxy.xml + + @@ -438,12 +444,12 @@ ${moa-id-version} - + MOA.id.server moa-id-lib @@ -511,27 +517,27 @@ ${moa-id-module-elga_mandate_client} - - - + + MOA.spss.server moa-spss-lib ${moa-spss-version} compile - + + + junit junit diff --git a/spss/pom.xml b/spss/pom.xml index 2f1d57446..1c2a3fbfa 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -1,10 +1,10 @@ - + 4.0.0 spss -- cgit v1.2.3 From 989f5cfa9c9c6f60ce6e161983be8434ca87a698 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 9 Mar 2016 16:01:38 +0100 Subject: remove MOA-SPSS from buildpath and add MOA-SPSS container-modul --- id/moa-spss-container/.gitignore | 1 + id/moa-spss-container/pom.xml | 235 +++++++++++++++++++++ id/oa/pom.xml | 9 +- .../moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 30 ++- .../id/demoOA/servlet/pvp2/DemoApplication.java | 26 ++- id/pom.xml | 4 +- id/server/auth-edu/pom.xml | 37 ++-- id/server/auth-final/pom.xml | 36 ++-- id/server/idserverlib/pom.xml | 230 +++++--------------- id/server/moa-id-commons/pom.xml | 23 +- .../pom.xml | 23 +- pom.xml | 31 ++- 12 files changed, 389 insertions(+), 296 deletions(-) create mode 100644 id/moa-spss-container/.gitignore create mode 100644 id/moa-spss-container/pom.xml (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/moa-spss-container/.gitignore b/id/moa-spss-container/.gitignore new file mode 100644 index 000000000..b83d22266 --- /dev/null +++ b/id/moa-spss-container/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml new file mode 100644 index 000000000..7f13593a8 --- /dev/null +++ b/id/moa-spss-container/pom.xml @@ -0,0 +1,235 @@ + + 4.0.0 + + MOA + id + 3.x + + MOA.id + moa-spss-container + ${moa-id-version} + MOA-SPSS-Container-for-MOA-ID + This module holds MOA-SPSS and all required library + + + ${basedir}/../../../repository + + + + + + MOA.spss.server + moa-spss-lib + + + iaik_pki_module + iaik + + + commons-logging + commons-logging + + + axis-wsdl4j + axis + + + + + + iaik.prod + iaik_ixsil + + + iaik.prod + iaik_X509TrustManager + + + + axis + axis + + + + axis + axis + + + org.apache.axis + axis-jaxrpc + + + org.apache.axis + axis-saaj + + + commons-discovery + commons-discovery + + + commons-logging + commons-logging + + + javax.activation + activation + + + javax.mail + mail + + + junit + junit + + + log4j + log4j + + + org.postgresql + postgresql + + + javax.servlet + servlet-api + provided + + + xalan-bin-dist + xalan + + + + xerces + xercesImpl + + + + xalan-bin-dist + xml-apis + + + xalan-bin-dist + serializer + + + + iaik.prod + iaik_moa + + + iaik.prod + iaik_ixsil + + + iaik.prod + iaik_jce_full + compile + + + iaik.prod + iaik_ecc + compile + + + iaik.prod + iaik_cms + runtime + + + iaik.prod + iaik_Pkcs11Provider + runtime + + + iaik.prod + iaik_Pkcs11Wrapper + runtime + + + iaik.prod + iaik_Pkcs11Wrapper + win32 + dll + runtime + true + + + + com.sun.xml.bind + jaxb-impl + 2.2.11 + + + + com.sun.xml.bind + jaxb-core + 2.2.11 + + + + xalan-bin-dist + xalan + + provided + + + serializer + xalan + + + + + xerces + xercesImpl + + provided + + + xalan-bin-dist + xml-apis + + provided + + + xalan-bin-dist + serializer + + provided + + + iaik.prod + iaik_jce_full + + provided + + + iaik.prod + iaik_ecc + + provided + + + + iaik + iaik_tsl + + + iaik_pki_module + iaik + + + iaik_ecc_signed + iaik + + + iaik_jce_eval_signed + iaik + + + + + + + \ No newline at end of file diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 981443ef6..8abd75461 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -122,11 +122,10 @@ 0.7.1 - + + MOA.id.server + moa-id-commons + diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index 65a4ab2a7..67321ca7e 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -42,13 +42,13 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; -import org.opensaml.saml2.metadata.EncryptionMethod; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; @@ -57,9 +57,6 @@ import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.ServiceName; import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.impl.EncryptionMethodBuilder; -import org.opensaml.xml.encryption.EncryptionConstants; -import org.opensaml.xml.encryption.OAEPparams; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -77,10 +74,11 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; import at.iaik.commons.util.MiscUtil; public class BuildMetadata extends HttpServlet { + Logger log = Logger.getLogger(BuildMetadata.class); + private static final long serialVersionUID = 1L; private static final int VALIDUNTIL_IN_HOURS = 24; @@ -119,7 +117,7 @@ public class BuildMetadata extends HttpServlet { String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { - Logger.info("NO Metadata EntitiesName configurated"); + log.info("NO Metadata EntitiesName configurated"); throw new ConfigurationException("NO Metadata EntitiesName configurated"); } @@ -143,7 +141,7 @@ public class BuildMetadata extends HttpServlet { if (!serviceURL.endsWith("/")) serviceURL = serviceURL + "/"; - Logger.debug("Set OnlineApplicationURL to " + serviceURL); + log.debug("Set OnlineApplicationURL to " + serviceURL); spEntityDescriptor.setEntityID(serviceURL); SPSSODescriptor spSSODescriptor = SAML2Utils @@ -165,7 +163,7 @@ public class BuildMetadata extends HttpServlet { config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - Logger.debug("Set Metadata key information"); + log.debug("Set Metadata key information"); //Set MetaData Signing key KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils .createSAMLObject(KeyDescriptor.class); @@ -213,7 +211,7 @@ public class BuildMetadata extends HttpServlet { spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); } else { - Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); } @@ -293,32 +291,32 @@ public class BuildMetadata extends HttpServlet { response.getOutputStream().close(); } catch (ConfigurationException e) { - Logger.warn("Configuration can not be loaded.", e); + log.warn("Configuration can not be loaded.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (NoSuchAlgorithmException e) { - Logger.warn("Requested Algorithm could not found.", e); + log.warn("Requested Algorithm could not found.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (ParserConfigurationException e) { - Logger.warn("PVP2 Metadata createn error", e); + log.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerConfigurationException e) { - Logger.warn("PVP2 Metadata createn error", e); + log.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerFactoryConfigurationError e) { - Logger.warn("PVP2 Metadata createn error", e); + log.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerException e) { - Logger.warn("PVP2 Metadata createn error", e); + log.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (Exception e) { - Logger.warn("Unspecific PVP2 Metadata createn error", e); + log.warn("Unspecific PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index cde9451a4..b0653085b 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; -import java.security.Key; import java.security.KeyStore; import java.util.ArrayList; import java.util.List; @@ -34,6 +33,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.log4j.Logger; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -56,7 +56,6 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; @@ -77,12 +76,11 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; - public class DemoApplication extends HttpServlet { - + Logger log = Logger.getLogger(DemoApplication.class); + private static final long serialVersionUID = -2129228304760706063L; @@ -97,7 +95,7 @@ public class DemoApplication extends HttpServlet { String method = request.getMethod(); HttpSession session = request.getSession(); if (session == null) { - Logger.info("NO HTTP Session"); + log.info("NO HTTP Session"); bean.setErrorMessage("NO HTTP session"); setAnser(request, response, bean); return; @@ -120,7 +118,7 @@ public class DemoApplication extends HttpServlet { Signature sign = samlResponse.getSignature(); if (sign == null) { - Logger.info("Only http POST Requests can be used"); + log.info("Only http POST Requests can be used"); bean.setErrorMessage("Only http POST Requests can be used"); setAnser(request, response, bean); return; @@ -150,7 +148,7 @@ public class DemoApplication extends HttpServlet { ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); trustEngine.validate(sign, criteriaSet); - Logger.info("PVP2 Assertion is valid"); + log.info("PVP2 Assertion is valid"); //set assertion org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); @@ -166,7 +164,7 @@ public class DemoApplication extends HttpServlet { if (encryAssertionList != null && encryAssertionList.size() > 0) { //decrypt assertions - Logger.debug("Found encryped assertion. Start decryption ..."); + log.debug("Found encryped assertion. Start decryption ..."); KeyStore keyStore = config.getPVP2KeyStore(); @@ -192,7 +190,7 @@ public class DemoApplication extends HttpServlet { } - Logger.debug("Assertion decryption finished. "); + log.debug("Assertion decryption finished. "); } else { saml2assertions = samlResponse.getAssertions(); @@ -215,13 +213,13 @@ public class DemoApplication extends HttpServlet { String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) - familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent(); + familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue(); if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) - givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent(); + givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue(); if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) { - birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent(); + birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getNodeValue(); } } } @@ -249,7 +247,7 @@ public class DemoApplication extends HttpServlet { } } catch (Exception e) { - Logger.warn(e); + log.warn(e); bean.setErrorMessage("Internal Error: " + e.getMessage()); setAnser(request, response, bean); return; diff --git a/id/pom.xml b/id/pom.xml index 0aa9740ac..4aff9f373 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -14,10 +14,10 @@ oa - + moa-spss-container server ConfigWebTool - moa-id-webgui + moa-id-webgui diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 3d7f0b94a..0812745b6 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -89,27 +89,26 @@ - - - + - MOA.spss.server - moa-spss-lib - - - iaik_pki_module - iaik - - - commons-logging - commons-logging - - - axis-wsdl4j - axis - - + MOA.id + moa-spss-container + + + iaik_pki_module + iaik + + + commons-logging + commons-logging + + + axis-wsdl4j + axis + + + MOA.id.server moa-id-lib diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index b6b153ec3..a0f20ba1f 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -74,27 +74,25 @@ - - - - MOA.spss.server - moa-spss-lib - - - iaik_pki_module - iaik - - - commons-logging - commons-logging - - - axis-wsdl4j - axis - - + MOA.id + moa-spss-container + + + iaik_pki_module + iaik + + + commons-logging + commons-logging + + + axis-wsdl4j + axis + + + MOA.id.server moa-id-lib diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 445de36ee..9975fee54 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -61,18 +61,25 @@ MOA.id.server moa-id-commons - + + + + MOA.id.server + moa-id-commons + test-jar + test org.hibernate hibernate-core ${hibernate.version} + + + xml-apis + xml-apis + + org.hibernate @@ -84,60 +91,32 @@ hibernate-entitymanager ${hibernate.version} - - - - - - - - - MOA.spss.server - moa-spss-lib - - - iaik_pki_module - iaik - - - javax.servlet - servlet-api - - - axis-wsdl4j - axis - - - jaxb-impl - com.sun.xml.bind - - - - - axis - axis - - - + + + MOA.id + moa-spss-container + + + iaik_pki_module + iaik + + + commons-logging + commons-logging + + + axis-wsdl4j + axis + + + + + + jakarta-regexp + jakarta-regexp + 1.4 + + at.gv.util egovutils @@ -166,6 +145,10 @@ jaxb-core com.sun.xml.bind + + xml-apis + xml-apis + @@ -183,6 +166,11 @@ cxf-rt-transports-http + + xalan-bin-dist + xml-apis + + javax.xml.bind @@ -201,83 +189,6 @@ javax.mail mail - - - - xalan-bin-dist - xalan - - provided - - - serializer - xalan - - - - - xerces - xercesImpl - - provided - - - xalan-bin-dist - xml-apis - - provided - - - xalan-bin-dist - serializer - - provided - - - iaik.prod - iaik_jce_full - - provided - - - iaik.prod - iaik_ecc - - provided - - - - - - - - org.easymock @@ -318,33 +229,7 @@ httpsclient httpsclient - - - iaik.prod - iaik_moa - - - iaik.prod - iaik_ixsil - - - iaik.prod - iaik_X509TrustManager - - - - + org.opensaml opensaml @@ -390,23 +275,6 @@ - - - - - - com.fasterxml.jackson.core diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 90b391b42..bbaba6a50 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -249,11 +249,11 @@ - - install - + + org.apache.maven.plugins maven-compiler-plugin + 2.0.2 1.7 1.7 @@ -263,9 +263,6 @@ org.apache.maven.plugins maven-jar-plugin - true - true - true false @@ -279,18 +276,8 @@ - - true - maven-compiler-plugin - 2.0.2 - - 1.7 - 1.7 - - - - + org.apache.maven.plugins maven-dependency-plugin diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml index 11e0c764c..f2403a62e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml @@ -20,15 +20,14 @@ moa-id-lib test test-jar - 3.0.3-Snapshot - + MOA.id.server @@ -39,7 +38,19 @@ xalan-bin-dist xalan provided - + + + xml-apis + xml-apis + + + + + + xalan-bin-dist + xml-apis + provided + org.springframework diff --git a/pom.xml b/pom.xml index a84bbc27b..68620b71b 100644 --- a/pom.xml +++ b/pom.xml @@ -21,9 +21,7 @@ 2.0.1 --> - - 3.2.0-OPB-Snapshot - + 3.2.0-OPB-Snapshot 3.2.0-RC1 3.2.0-OPB-Snapshot @@ -444,12 +442,12 @@ ${moa-id-version} - + + MOA.id + moa-spss-container + ${moa-id-version} + + MOA.id.server moa-id-lib @@ -525,19 +523,20 @@ compile - - + + junit junit -- cgit v1.2.3 From 0fe2bed17c674587a60e63fac211a0354ab4ef03 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Mar 2016 16:07:58 +0100 Subject: remove axis 1 implementation completely --- id/server/auth-edu/pom.xml | 14 +++- id/server/auth-final/pom.xml | 14 +++- .../auth/builder/SignatureVerificationUtils.java | 2 +- .../auth/invoke/SignatureVerificationInvoker.java | 77 +++++++++++++++------- .../moa/id/auth/AuthenticationServer.java | 5 +- 5 files changed, 81 insertions(+), 31 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml index 0812745b6..404b7c354 100644 --- a/id/server/auth-edu/pom.xml +++ b/id/server/auth-edu/pom.xml @@ -106,7 +106,19 @@ axis-wsdl4j axis - + + axis + axis + + + axis-jaxrpc + org.apache.axis + + + axis-saaj + org.apache.axis + + diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml index a0f20ba1f..776ec00d3 100644 --- a/id/server/auth-final/pom.xml +++ b/id/server/auth-final/pom.xml @@ -90,7 +90,19 @@ axis-wsdl4j axis - + + axis + axis + + + axis-jaxrpc + org.apache.axis + + + axis-saaj + org.apache.axis + + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index e321c9d05..f2e4da818 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -81,7 +81,7 @@ public class SignatureVerificationUtils { Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); //send signature-verification to MOA-SP - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 72a7d3ba1..5c96f6ad2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -46,22 +46,16 @@ package at.gv.egovernment.moa.id.auth.invoke; -import java.util.Vector; - import javax.xml.namespace.QName; -import javax.xml.rpc.Call; -import javax.xml.rpc.Service; -import javax.xml.rpc.ServiceFactory; -import org.apache.axis.message.SOAPBodyElement; import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; @@ -77,9 +71,43 @@ import at.gv.egovernment.moa.util.MiscUtil; * @version $Id$ */ public class SignatureVerificationInvoker { - /** This QName Object identifies the SignatureVerification endpoint of the web service */ + + private static SignatureVerificationInvoker instance = null; + private SignatureVerificationService svs = null; + + /** This QName Object identifies the SignatureVerification endpoint of the web service */ private static final QName SERVICE_QNAME = new QName("SignatureVerification"); + + public static SignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new SignatureVerificationInvoker(); + + } + + return instance; + } + + private SignatureVerificationInvoker() { + try { + AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); + ConnectionParameter authConnParam = authConfigProvider.getMoaSpConnectionParameter(); + + if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { + + + } else { + svs = SignatureVerificationService.getInstance(); + + } + + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + /** * Method verifyXMLSignature. * @param request to be sent @@ -99,29 +127,28 @@ public class SignatureVerificationInvoker { */ protected Element doCall(QName serviceName, Element request) throws ServiceException { ConnectionParameter authConnParam = null; - try { - Service service = ServiceFactory.newInstance().createService(serviceName); - Call call = service.createCall(); - SOAPBodyElement body = new SOAPBodyElement(request); - SOAPBodyElement[] params = new SOAPBodyElement[] { body }; - Vector responses; - SOAPBodyElement response; - - String endPoint; + try { AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); - endPoint = authConnParam.getUrl(); - call.setTargetEndpointAddress(endPoint); - responses = (Vector) call.invoke(serviceName, params); - Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used - response = (SOAPBodyElement) responses.get(0); - return response.getAsDOM(); + + throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); +// Service service = ServiceFactory.newInstance().createService(serviceName); +// Call call = service.createCall(); +// SOAPBodyElement body = new SOAPBodyElement(request); +// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; +// Vector responses; +// SOAPBodyElement response; +// +// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); +// call.setTargetEndpointAddress(authConnParam.getUrl()); +// responses = (Vector) call.invoke(serviceName, params); +// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used +// response = (SOAPBodyElement) responses.get(0); +// return response.getAsDOM(); } else { - SignatureVerificationService svs = SignatureVerificationService.getInstance(); VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 21e7f2027..ea4dd868b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -292,7 +292,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( @@ -952,8 +952,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // try { // invokes the call - domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); + domVsresp = SignatureVerificationInvoker.getInstance().verifyXMLSignature(domVsreq); // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( -- cgit v1.2.3 From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 09:17:57 +0100 Subject: refactor the GUI generation for user interaction --- id/ConfigWebTool/pom.xml | 5 + .../auth/pvp2/MetaDataVerificationFilter.java | 2 +- .../configuration/data/FormularCustomization.java | 20 +- .../id/configuration/data/oa/OABPKEncryption.java | 2 +- .../configuration/struts/action/BasicOAAction.java | 60 +- .../configuration/struts/action/EditOAAction.java | 27 +- .../id/configuration/struts/action/VIDPAction.java | 2 +- .../oa/OAAuthenticationDataValidation.java | 2 +- .../htmlTemplates/loginFormFull.html | 874 +-------------------- .../htmlTemplates/sendAssertionFormFull.html | 581 +------------- .../conf/moa-id/htmlTemplates/css_template.css | 625 +++++++++++++++ .../conf/moa-id/htmlTemplates/error_message.html | 37 + .../moa-id/htmlTemplates/javascript_tempalte.js | 200 +++++ .../conf/moa-id/htmlTemplates/loginFormFull.html | 874 +-------------------- .../conf/moa-id/htmlTemplates/redirectForm.html | 13 + .../htmlTemplates/sendAssertionFormFull.html | 581 +------------- .../conf/moa-id/htmlTemplates/slo_template.html | 372 +-------- id/server/idserverlib/pom.xml | 4 + .../moa/id/advancedlogging/MOAReversionLogger.java | 6 +- .../moa/id/advancedlogging/StatisticLogger.java | 10 +- .../moa/id/advancedlogging/TransactionIDUtils.java | 2 +- .../moa/id/auth/AuthenticationSessionCleaner.java | 4 +- .../moa/id/auth/BaseAuthenticationServer.java | 3 +- .../moa/id/auth/MOAIDAuthConstants.java | 194 ----- .../moa/id/auth/MOAIDAuthInitializer.java | 6 +- .../id/auth/builder/AuthenticationDataBuilder.java | 14 +- .../builder/CreateXMLSignatureRequestBuilder.java | 6 +- .../moa/id/auth/builder/DataURLBuilder.java | 2 +- .../builder/DynamicOAAuthParameterBuilder.java | 6 +- .../moa/id/auth/builder/GUILayoutBuilder.java | 157 ---- .../moa/id/auth/builder/LoginFormBuilder.java | 171 ---- .../moa/id/auth/builder/RedirectFormBuilder.java | 65 -- .../id/auth/builder/SendAssertionFormBuilder.java | 147 ---- .../auth/builder/SignatureVerificationUtils.java | 2 +- .../moa/id/auth/data/AuthenticationSession.java | 2 +- .../id/auth/exception/AuthenticationException.java | 1 + .../moa/id/auth/exception/BKUException.java | 2 + .../moa/id/auth/exception/BuildException.java | 1 + .../exception/DatabaseEncryptionException.java | 2 + .../id/auth/exception/DynamicOABuildException.java | 2 + .../id/auth/exception/ECDSAConverterException.java | 1 + .../exception/InvalidProtocolRequestException.java | 2 + .../auth/exception/MISSimpleClientException.java | 1 + .../moa/id/auth/exception/MOAIDException.java | 222 ------ .../moa/id/auth/exception/MOASPException.java | 2 + .../moa/id/auth/exception/ParseException.java | 1 + .../auth/exception/ProtocolNotActiveException.java | 2 + .../moa/id/auth/exception/ServiceException.java | 1 + .../exception/SessionDataStorageException.java | 45 -- .../moa/id/auth/exception/ValidateException.java | 1 + .../auth/exception/WrongParametersException.java | 1 + .../auth/invoke/SignatureVerificationInvoker.java | 10 +- .../id/auth/modules/AbstractAuthServletTask.java | 6 +- .../id/auth/modules/BKUSelectionModuleImpl.java | 2 +- .../id/auth/modules/TaskExecutionException.java | 2 +- .../internal/tasks/EvaluateBKUSelectionTask.java | 2 +- .../tasks/EvaluateSSOConsentsTaskImpl.java | 2 +- .../internal/tasks/FinalizeAuthenticationTask.java | 4 +- .../tasks/GenerateBKUSelectionFrameTask.java | 43 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 37 +- .../tasks/RestartAuthProzessManagement.java | 2 +- .../StartAuthentificationParameterParser.java | 10 +- .../moa/id/auth/servlet/AbstractController.java | 128 +-- .../AbstractProcessEngineSignalController.java | 6 +- .../id/auth/servlet/GUILayoutBuilderServlet.java | 128 --- .../GeneralProcessEngineSignalController.java | 6 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 66 +- .../moa/id/auth/servlet/LogOutServlet.java | 4 +- .../moa/id/auth/servlet/RedirectServlet.java | 48 +- .../WebFrontEndSecurityInterceptor.java | 6 +- .../gv/egovernment/moa/id/client/SZRGWClient.java | 25 +- .../moa/id/client/SZRGWClientException.java | 2 +- .../moa/id/client/utils/SZRGWClientUtils.java | 12 +- .../moa/id/config/ConfigurationException.java | 82 -- .../moa/id/config/ConfigurationProvider.java | 66 -- .../moa/id/config/ConfigurationProviderImpl.java | 2 + .../moa/id/config/ConnectionParameter.java | 1 + .../id/config/ConnectionParameterInterface.java | 35 - .../moa/id/config/auth/AuthConfiguration.java | 165 ---- .../auth/AuthConfigurationProviderFactory.java | 3 +- .../moa/id/config/auth/IOAAuthParameters.java | 224 ------ .../moa/id/config/auth/OAAuthParameter.java | 64 +- .../PropertyBasedAuthConfigurationProvider.java | 15 +- .../config/auth/data/BPKDecryptionParameters.java | 137 ---- .../config/auth/data/DynamicOAAuthParameters.java | 18 +- .../moa/id/config/auth/data/ProtocolAllowed.java | 91 --- .../auth/data/SAML1ConfigurationParameters.java | 276 ------- .../gv/egovernment/moa/id/config/stork/CPEPS.java | 138 ---- .../moa/id/config/stork/STORKConfig.java | 33 +- .../config/stork/SignatureCreationParameter.java | 103 --- .../stork/SignatureVerificationParameter.java | 53 -- .../moa/id/config/stork/StorkAttribute.java | 27 - .../config/stork/StorkAttributeProviderPlugin.java | 81 -- .../moa/id/data/AuthenticationData.java | 2 +- .../moa/id/moduls/AuthenticationManager.java | 67 +- .../at/gv/egovernment/moa/id/moduls/IAction.java | 3 +- .../gv/egovernment/moa/id/moduls/IModulInfo.java | 2 + .../at/gv/egovernment/moa/id/moduls/IRequest.java | 202 ----- .../egovernment/moa/id/moduls/IRequestStorage.java | 3 +- .../id/moduls/NoPassivAuthenticationException.java | 2 +- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 9 +- .../egovernment/moa/id/moduls/RequestStorage.java | 3 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 82 +- .../egovernment/moa/id/process/ProcessEngine.java | 2 +- .../moa/id/process/ProcessEngineImpl.java | 4 +- .../at/gv/egovernment/moa/id/process/api/Task.java | 2 +- .../moa/id/process/springweb/MoaIdTask.java | 2 +- .../AbstractAuthProtocolModulController.java | 4 +- .../protocols/ProtocolFinalizationController.java | 6 +- .../builder/attributes/BPKAttributeBuilder.java | 2 +- .../attributes/BirthdateAttributeBuilder.java | 2 +- .../protocols/builder/attributes/EIDAuthBlock.java | 2 +- .../id/protocols/builder/attributes/EIDCcsURL.java | 2 +- .../EIDCitizenQAALevelAttributeBuilder.java | 2 +- .../builder/attributes/EIDIdentityLinkBuilder.java | 2 +- .../EIDIssuingNationAttributeBuilder.java | 2 +- .../builder/attributes/EIDSTORKTOKEN.java | 2 +- .../attributes/EIDSectorForIDAttributeBuilder.java | 2 +- .../builder/attributes/EIDSignerCertificate.java | 2 +- .../protocols/builder/attributes/EIDSourcePIN.java | 2 +- .../builder/attributes/EIDSourcePINType.java | 2 +- .../attributes/EncryptedBPKAttributeBuilder.java | 2 +- .../attributes/GivenNameAttributeBuilder.java | 2 +- .../protocols/builder/attributes/HolderOfKey.java | 4 +- .../builder/attributes/IAttributeBuilder.java | 2 +- .../MandateFullMandateAttributeBuilder.java | 2 +- ...MandateLegalPersonFullNameAttributeBuilder.java | 2 +- ...andateLegalPersonSourcePinAttributeBuilder.java | 2 +- ...teLegalPersonSourcePinTypeAttributeBuilder.java | 2 +- .../MandateNaturalPersonBPKAttributeBuilder.java | 2 +- ...dateNaturalPersonBirthDateAttributeBuilder.java | 2 +- ...ateNaturalPersonFamilyNameAttributeBuilder.java | 2 +- ...dateNaturalPersonGivenNameAttributeBuilder.java | 2 +- ...dateNaturalPersonSourcePinAttributeBuilder.java | 2 +- ...NaturalPersonSourcePinTypeAttributeBuilder.java | 2 +- .../MandateProfRepDescAttributeBuilder.java | 2 +- .../MandateProfRepOIDAttributeBuilder.java | 2 +- .../MandateReferenceValueAttributeBuilder.java | 2 +- .../attributes/MandateTypeAttributeBuilder.java | 2 +- .../attributes/PVPVersionAttributeBuilder.java | 2 +- .../attributes/PrincipalNameAttributeBuilder.java | 2 +- .../id/protocols/pvp2x/AttributQueryAction.java | 14 +- .../id/protocols/pvp2x/AuthenticationAction.java | 6 +- .../moa/id/protocols/pvp2x/MetadataAction.java | 4 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 16 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 6 +- .../id/protocols/pvp2x/binding/PostBinding.java | 2 +- .../pvp2x/builder/AttributQueryBuilder.java | 4 +- .../pvp2x/builder/AuthResponseBuilder.java | 2 +- .../pvp2x/builder/PVPAttributeBuilder.java | 2 +- .../pvp2x/builder/PVPAuthnRequestBuilder.java | 2 +- .../pvp2x/builder/PVPMetadataBuilder.java | 2 +- .../pvp2x/builder/SingleLogOutBuilder.java | 6 +- .../builder/assertion/PVP2AssertionBuilder.java | 6 +- .../pvp2x/config/IDPPVPMetadataConfiguration.java | 2 +- .../protocols/pvp2x/config/PVPConfiguration.java | 4 +- .../exceptions/AssertionValidationExeption.java | 2 +- .../exceptions/AuthnRequestValidatorException.java | 2 +- .../protocols/pvp2x/exceptions/PVP2Exception.java | 2 +- .../pvp2x/metadata/MOAMetadataProvider.java | 12 +- .../pvp2x/metadata/SimpleMOAMetadataProvider.java | 2 +- .../signer/CredentialsNotAvailableException.java | 2 +- .../pvp2x/signer/IDPCredentialProvider.java | 2 +- .../protocols/pvp2x/utils/MOASAMLSOAPClient.java | 2 +- .../pvp2x/validation/ChainSAMLValidator.java | 2 +- .../protocols/pvp2x/validation/ISAMLValidator.java | 2 +- .../pvp2x/validation/SAMLSignatureValidator.java | 2 +- .../pvp2x/verification/ChainSAMLVerifier.java | 2 +- .../pvp2x/verification/EntityVerifier.java | 8 +- .../pvp2x/verification/ISAMLVerifier.java | 2 +- .../verification/SAMLVerificationEngineSP.java | 6 +- .../metadata/MOASPMetadataSignatureFilter.java | 2 +- .../metadata/MetadataSignatureFilter.java | 3 +- .../metadata/SchemaValidationFilter.java | 2 +- .../storage/DBAuthenticationSessionStoreage.java | 8 +- .../id/storage/IAuthenticationSessionStoreage.java | 2 +- .../moa/id/util/ErrorResponseUtils.java | 2 +- .../gv/egovernment/moa/id/util/FormBuildUtils.java | 136 ---- .../moa/id/util/IdentityLinkReSigner.java | 4 +- .../moa/id/util/MOAIDMessageProvider.java | 104 --- .../moa/id/util/ParamValidatorUtils.java | 6 +- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 6 +- .../moa/id/util/VelocityLogAdapter.java | 99 --- .../egovernment/moa/id/util/VelocityProvider.java | 112 --- .../moa/id/util/legacy/LegacyHelper.java | 2 +- .../resources/properties/id_messages_de.properties | 1 + .../resources/resources/templates/css_template.css | 623 --------------- .../resources/templates/error_message.html | 37 - .../resources/templates/javascript_tempalte.js | 196 ----- .../resources/templates/loginFormFull.html | 92 --- .../resources/templates/redirectForm.html | 13 - .../resources/templates/sendAssertionFormFull.html | 68 -- .../resources/templates/slo_template.html | 94 --- .../resources/templates/sso_transfer_template.html | 59 -- .../moa/id/module/test/TestRequestImpl.java | 6 +- .../spring/test/task/CreateSAML1AssertionTask.java | 2 +- .../spring/test/task/GetIdentityLinkTask.java | 2 +- .../id/process/spring/test/task/SelectBKUTask.java | 2 +- .../spring/test/task/SignAuthBlockTask.java | 2 +- .../spring/test/task/ValidateIdentityLinkTask.java | 2 +- .../test/task/ValidateSignedAuthBlockTask.java | 2 +- .../moa/id/process/test/HalloWeltTask.java | 2 +- .../moa/id/process/test/HelloWorldTask.java | 2 +- .../at/gv/egovernment/moa/id/UnitTestCase.java | 3 +- id/server/moa-id-commons/pom.xml | 27 + .../moa/id/commons/MOAIDAuthConstants.java | 193 +++++ .../moa/id/commons/api/AuthConfiguration.java | 162 ++++ .../moa/id/commons/api/ConfigurationProvider.java | 66 ++ .../commons/api/ConnectionParameterInterface.java | 35 + .../moa/id/commons/api/IOAAuthParameters.java | 222 ++++++ .../egovernment/moa/id/commons/api/IRequest.java | 201 +++++ .../moa/id/commons/api/IStorkConfig.java | 51 ++ .../commons/api/data/BPKDecryptionParameters.java | 135 ++++ .../egovernment/moa/id/commons/api/data/CPEPS.java | 138 ++++ .../moa/id/commons/api/data/ProtocolAllowed.java | 91 +++ .../api/data/SAML1ConfigurationParameters.java | 276 +++++++ .../api/data/SignatureCreationParameter.java | 103 +++ .../api/data/SignatureVerificationParameter.java | 53 ++ .../moa/id/commons/api/data/StorkAttribute.java | 27 + .../api/data/StorkAttributeProviderPlugin.java | 81 ++ .../api/exceptions/ConfigurationException.java | 78 ++ .../id/commons/api/exceptions/MOAIDException.java | 222 ++++++ .../exceptions/SessionDataStorageException.java | 45 ++ .../moa/id/commons/utils/MOAIDMessageProvider.java | 104 +++ id/server/moa-id-frontend-resources/pom.xml | 23 +- .../AbstractGUIFormBuilderConfiguration.java | 106 +++ .../DefaultGUIFormBuilderConfiguration.java | 120 +++ .../auth/frontend/builder/GUIFormBuilderImpl.java | 221 ++++++ .../frontend/builder/IGUIBuilderConfiguration.java | 74 ++ .../id/auth/frontend/builder/IGUIFormBuilder.java | 67 ++ ...roviderSpecificGUIFormBuilderConfiguration.java | 186 +++++ .../auth/frontend/exception/GUIBuildException.java | 46 ++ .../moa/id/auth/frontend/utils/FormBuildUtils.java | 178 +++++ .../auth/frontend/velocity/VelocityLogAdapter.java | 99 +++ .../auth/frontend/velocity/VelocityProvider.java | 113 +++ .../src/main/resources/templates/css_template.css | 625 +++++++++++++++ .../main/resources/templates/error_message.html | 37 + .../resources/templates/javascript_tempalte.js | 200 +++++ .../main/resources/templates/loginFormFull.html | 92 +++ .../src/main/resources/templates/redirectForm.html | 13 + .../resources/templates/sendAssertionFormFull.html | 52 ++ .../src/main/resources/templates/slo_template.html | 94 +++ .../resources/templates/sso_transfer_template.html | 59 ++ .../moa/id/auth/MOAIDAuthSpringInitializer.java | 2 +- .../moa/id/auth/AuthenticationServer.java | 11 +- .../AuthenticationBlockAssertionBuilder.java | 4 +- .../auth/builder/GetIdentityLinkFormBuilder.java | 45 +- .../internal/DefaultCitizenCardAuthModuleImpl.java | 2 +- .../internal/tasks/CertificateReadRequestTask.java | 6 +- .../internal/tasks/CreateIdentityLinkFormTask.java | 8 +- .../modules/internal/tasks/GetForeignIDTask.java | 12 +- .../internal/tasks/GetMISSessionIDTask.java | 10 +- .../tasks/InitializeBKUAuthenticationTask.java | 6 +- .../tasks/PrepareAuthBlockSignatureTask.java | 4 +- .../internal/tasks/PrepareGetMISMandateTask.java | 10 +- .../tasks/VerifyAuthenticationBlockTask.java | 10 +- .../internal/tasks/VerifyCertificateTask.java | 12 +- .../internal/tasks/VerifyIdentityLinkTask.java | 8 +- .../CreateXMLSignatureResponseValidator.java | 8 +- .../VerifyXMLSignatureResponseValidator.java | 8 +- .../moa/id/auth/validator/parep/ParepUtils.java | 2 +- .../moa/id/util/CitizenCardServletUtils.java | 6 +- .../MOAIDCertificateManagerConfigurationImpl.java | 8 +- .../MOAeIDASSAMLEngineConfigurationImpl.java | 2 +- .../modules/eidas/config/ModifiedEncryptionSW.java | 4 +- .../engine/MOAeIDASChainingMetadataProvider.java | 2 +- .../EIDASEngineConfigurationException.java | 2 +- .../eidas/tasks/CreateIdentityLinkTask.java | 2 +- .../eidas/tasks/GenerateAuthnRequestTask.java | 12 +- .../eidas/tasks/ReceiveAuthnResponseTask.java | 2 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 9 +- .../id/protocols/eidas/EidasMetaDataRequest.java | 4 +- .../eidas/eIDASAuthenticationRequest.java | 6 +- .../config/ELGAMandatesMetadataConfiguration.java | 2 +- .../controller/ELGAMandateMetadataController.java | 2 +- .../exceptions/ELGAMetadataException.java | 2 +- .../tasks/ELGAInitializeBKUAuthenticationTask.java | 4 +- .../elgamandates/tasks/RequestELGAMandateTask.java | 4 +- .../utils/ELGAMandateServiceMetadataProvider.java | 2 +- .../utils/ELGAMandatesCredentialProvider.java | 2 +- .../id/protocols/oauth20/OAuth20Configuration.java | 2 +- .../attributes/OAuth20AttributeBuilder.java | 2 +- .../attributes/OpenIdAudiencesAttribute.java | 2 +- .../OpenIdAuthenticationTimeAttribute.java | 2 +- .../attributes/OpenIdExpirationTimeAttribute.java | 2 +- .../attributes/OpenIdIssueInstantAttribute.java | 2 +- .../oauth20/attributes/OpenIdIssuerAttribute.java | 2 +- .../oauth20/attributes/OpenIdNonceAttribute.java | 2 +- .../OpenIdSubjectIdentifierAttribute.java | 2 +- .../attributes/ProfileDateOfBirthAttribute.java | 2 +- .../attributes/ProfileFamilyNameAttribute.java | 2 +- .../attributes/ProfileGivenNameAttribute.java | 2 +- .../oauth20/exceptions/OAuth20Exception.java | 2 +- .../oauth20/protocol/OAuth20AuthAction.java | 6 +- .../oauth20/protocol/OAuth20AuthRequest.java | 6 +- .../oauth20/protocol/OAuth20BaseRequest.java | 6 +- .../oauth20/protocol/OAuth20Protocol.java | 4 +- .../oauth20/protocol/OAuth20TokenAction.java | 4 +- .../oauth20/protocol/OAuth20TokenRequest.java | 6 +- .../modules/moa-id-module-ssoTransfer/pom.xml | 5 + .../data/SSOTransferAuthenticationData.java | 6 +- .../data/SSOTransferOnlineApplication.java | 19 +- .../ssotransfer/servlet/SSOTransferServlet.java | 61 +- .../servlet/SSOTransferSignalServlet.java | 4 +- .../task/InitializeRestoreSSOSessionTask.java | 13 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 8 +- .../auth/modules/ssotransfer/utils/GUIUtils.java | 136 +--- .../ssotransfer/utils/SSOContainerUtils.java | 10 +- .../FederatedAuthenticationModuleImpl.java | 2 +- .../config/FederatedAuthMetadataConfiguration.java | 2 +- .../FederatedAuthMetadataController.java | 2 +- .../tasks/CreateAuthnRequestTask.java | 11 +- .../tasks/ReceiveAuthnResponseTask.java | 15 +- .../utils/FederatedAuthCredentialProvider.java | 2 +- id/server/modules/moa-id-modules-saml1/pom.xml | 7 + .../moa/id/protocols/saml1/GetArtifactAction.java | 6 +- .../saml1/GetAuthenticationDataService.java | 6 +- .../protocols/saml1/SAML1AuthenticationServer.java | 10 +- .../moa/id/protocols/saml1/SAML1Protocol.java | 11 +- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 2 +- .../moa/id/auth/servlet/MonitoringServlet.java | 4 +- .../moa/id/monitoring/DatabaseTestModule.java | 2 +- .../moa/id/monitoring/IdentityLinkTestModule.java | 5 +- .../egovernment/moa/id/monitoring/TestManager.java | 4 +- id/server/pom.xml | 6 +- 325 files changed, 6555 insertions(+), 8637 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/css_template.css delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/error_message.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/slo_template.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 71893fca2..aed716139 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -76,6 +76,11 @@ 1.0 + + MOA.id.server + moa-id-frontend-resources + + MOA.id.server moa-id-lib diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 12016a2bf..e3de84b0b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -30,7 +30,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index ecf0d19d7..80800543b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -36,6 +36,7 @@ import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUSelectionCustomizationType; @@ -50,7 +51,6 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; -import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.util.MiscUtil; public class FormularCustomization implements IOnlineApplicationData { @@ -177,47 +177,47 @@ public class FormularCustomization implements IOnlineApplicationData { if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { backGroundColor = formcustom.getBackGroundColor(); - map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); + map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); } if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { button_BackGroundColor = formcustom.getButtonBackGroundColor(); - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); } if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); - map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); + map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); } if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { button_FrontColor = formcustom.getButtonFontColor(); - map.put(FormBuildUtils.BUTTON_COLOR, formcustom.getButtonFontColor()); + map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor()); } if (MiscUtil.isNotEmpty(formcustom.getFontType())) { fontType = formcustom.getFontType(); - map.put(FormBuildUtils.FONTFAMILY, formcustom.getFontType()); + map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType()); } if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { frontColor = formcustom.getFrontColor(); - map.put(FormBuildUtils.MAIN_COLOR, formcustom.getFrontColor()); + map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor()); } if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { header_BackGroundColor = formcustom.getHeaderBackGroundColor(); - map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); + map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); } if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { header_FrontColor = formcustom.getHeaderFrontColor(); - map.put(FormBuildUtils.HEADER_COLOR, formcustom.getHeaderFrontColor()); + map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor()); } if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { header_text = formcustom.getHeaderText(); - map.put(FormBuildUtils.HEADER_TEXT, formcustom.getHeaderText()); + map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText()); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java index 58b0b9d17..b2cd18c26 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java @@ -36,12 +36,12 @@ import org.apache.commons.lang.SerializationUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BPKDecryption; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.EncBPKInformation; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; -import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 9ddb41d83..71639abef 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -22,22 +22,29 @@ */ package at.gv.egovernment.moa.id.configuration.struts.action; -import iaik.utils.URLDecoder; - +import java.io.BufferedReader; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; import java.util.ArrayList; import java.util.Arrays; +import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import org.apache.log4j.Logger; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; @@ -57,9 +64,9 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.utils.URLDecoder; /** * @author tlenz @@ -582,15 +589,16 @@ public class BasicOAAction extends BasicAction { log.info("NO MOA-ID instance URL configurated."); input.close(); throw new ConfigurationException("No MOA-ID instance configurated"); + } - - preview = LoginFormBuilder.getTemplate(input); - preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); - - Map map = (Map) mapobj; - + + //set parameters + Map params = (Map) mapobj; + params.put( + ServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, + contextpath); + request.setCharacterEncoding("UTF-8"); - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); @@ -599,24 +607,36 @@ public class BasicOAAction extends BasicAction { value = query[1].substring("value=".length()); } - synchronized (map) { - + synchronized (params) { if (MiscUtil.isNotEmpty(module)) { - if (map.containsKey("#" + module + "#")) { + if (params.containsKey(module)) { if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) + if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module) || value.startsWith("#")) - map.put("#" + module + "#", value); + params.put(module, value); else - map.put("#" + module + "#", "#" + value); + params.put(module, "#" + value); } else { - map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); + params.put(module, FormBuildUtils.getDefaultMap().get(module)); } } } - preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true); } + + //write preview + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + VelocityContext context = new VelocityContext(); + Iterator> interator = params.entrySet().iterator(); + while (interator.hasNext()) { + Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + + } + StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "BKUSelection_preview", + new BufferedReader(new InputStreamReader(input))); + stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); } else { preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); @@ -629,7 +649,7 @@ public class BasicOAAction extends BasicAction { } - stream = new ByteArrayInputStream(preview.getBytes()); + return Constants.STRUTS_SUCCESS; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 1079932b9..a8dd48ca0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -22,6 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute; @@ -29,17 +37,22 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; -import at.gv.egovernment.moa.id.configuration.data.oa.*; +import at.gv.egovernment.moa.id.configuration.data.oa.AttributeHelper; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OABPKEncryption; +import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OARevisionsLogData; +import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.MiscUtil; -import org.apache.log4j.Logger; - -import java.util.*; public class EditOAAction extends BasicOAAction { @@ -74,7 +87,7 @@ public class EditOAAction extends BasicOAAction { OASTORKConfig storkOA = new OASTORKConfig(); formList.put(storkOA.getName(), storkOA); - + Map map = new HashMap(); map.putAll(FormBuildUtils.getDefaultMap()); FormularCustomization formOA = new FormularCustomization(map); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java index 8588dd286..c00eb46a5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -26,12 +26,12 @@ import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; -import at.gv.egovernment.moa.id.util.FormBuildUtils; /** * @author tlenz diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index fd4226c5b..47c8f23b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -30,7 +30,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html index 2b0115d4a..02b86472b 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html @@ -4,847 +4,29 @@ - - - + + + + Anmeldung mittels Bürgerkarte oder Handy-Signatur
-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-

#HEADER_TEXT#

+

$HEADER_TEXT

-
+
+ onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED> -
+

Home Country Selection

i @@ -907,16 +87,6 @@

-
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html index 07d018a94..a9f0c4238 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html @@ -3,556 +3,7 @@ - - + Anmeldung an Online-Applikation @@ -574,25 +25,21 @@
-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-
+ - - - - + +
-
+ - - - - + +
@@ -600,18 +47,6 @@
-
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css new file mode 100644 index 000000000..a8735be60 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -0,0 +1,625 @@ +@charset "utf-8"; + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.85em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /*border-radius: 7px;*/ + margin-bottom: 25px; + min-width: 80px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 460px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + /*float:left; */ + width:250px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 100px; + height: 30px + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 75px; + margin-bottom: 10px; + } + + + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.6em; + min-width: 60px; + /* max-width: 65px; */ + min-height: 1.0em; + /* border-radius: 5px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.7em; + min-width: 55px; + /*min-height: 1.1em; + border-radius: 5px;*/ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2 { + font-size: 0.8em; + margin-top: -0.4em; + padding-top: 0.4em; + } + + #bkulogin { + min-height: 150px; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + /* max-width: 75px; */ + min-height: 0.95em; + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.75em; + min-width: 60px; + /* min-height: 0.95em; + border-radius: 6px; */ + margin-bottom: 5% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2 { + font-size: 0.9em; + margin-top: -0.45em; + padding-top: 0.45em; + } + + #bkulogin { + min-height: 180px; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /* min-height: 1.05em; + border-radius: 7px; */ + margin-bottom: 10%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.0em; + margin-top: -0.50em; + padding-top: 0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.9em; + /* min-height: 1.2em; + border-radius: 8px; */ + margin-bottom: 10%; + max-width: 80px; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.1em; + margin-top: -0.55em; + padding-top: 0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 80px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 1.0em; + /* min-height: 1.3em; + border-radius: 10px; */ + margin-bottom: 10%; + max-width: 85px; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2 { + font-size: 1.3em; + margin-top: -0.65em; + padding-top: 0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: $MAIN_BACKGOUNDCOLOR; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + vertical-align: middle; + min-height: 173px; + min-width: 204px; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + position: relative; + top: 50%; + } + + #stork h2 { + font-size: 0.9em; + margin-bottom: 2%; + } + + #bkulogin { + min-width: 190px; + min-height: 155px; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button] { +/* height: 11%; */ + width: 70%; + } + } + + * { + margin: 0; + padding: 0; + #if($FONTTYPE) + font-family: $FONTTYPE; + #end + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + /*margin-bottom: 10px;*/ + /* margin-top: 5px; */ + } + + #mandateLogin { + padding-bottom: 4%; + padding-top: 4%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-bottom: 4%; + /*padding-top: 4%;*/ + position: relative; + clear: both; + text-align: center; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + +/* input[type=button], .sendButton { + background: $BUTTON_BACKGROUNDCOLOR; + color: $BUTTON_COLOR; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: 3px 3px 3px #222222; */ +/* } + +/* button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { + background: $BUTTON_BACKGROUNDCOLOR_FOCUS; + color: $BUTTON_COLOR; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: -1px -1px 3px #222222; */ +/* } + +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: $BUTTON_COLOR; */ + /*border: 0px;*/ + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : $MAIN_BACKGOUNDCOLOR; + color: $MAIN_COLOR; + } + + .dunkel { + background-color: $HEADER_BACKGROUNDCOLOR; + color: $HEADER_COLOR; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } + + #alert_area { + width: 500px; + padding-left: 80px; + } \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html new file mode 100644 index 000000000..4fd4d63cd --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html @@ -0,0 +1,37 @@ + + + + + + An error arise ... + + + +
+
+

Authentication error arise

+ + + + + +
+

The authentication stops on account of a process error:

+
+

Error Code: $errorCode

+

Error Message:$errorMsg

+
+ + + #if($stacktrace) +
+

Stacktrace: $stacktrace

+
+ #end + + + +
+
+ + \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js new file mode 100644 index 000000000..e4e05bace --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js @@ -0,0 +1,200 @@ +function isIE() { + return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); + } + function isFullscreen() { + try { + return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); + } catch (e) { + return false; + } + } + function isActivexEnabled() { + var supported = null; + try { + supported = !!new ActiveXObject("htmlfile"); + } catch (e) { + supported = false; + } + return supported; + } + function isMetro() { + if (!isIE()) + return false; + return !isActivexEnabled() && isFullscreen(); + } + window.onload=function() { + document.getElementById("localBKU").style.display="block"; + return; + } + function bkuLocalClicked() { + setMandateSelection(); + } + + function bkuOnlineClicked() { + if (isMetro()) + document.getElementById("metroDetected").style.display="block"; + document.getElementById("localBKU").style.display="block"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + iFrameURL += "bkuURI=" + "$bkuOnline"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + + generateIFrame(iFrameURL); + } + function bkuHandyClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + iFrameURL += "bkuURI=" + "$bkuHandy"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + + generateIFrame(iFrameURL); + } + function storkClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var ccc = "AT"; + var countrySelection = document.getElementById("cccSelection"); + if (countrySelection != null) { + ccc = document.getElementById("cccSelection").value; + } + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + #if($bkuOnline) + iFrameURL += "bkuURI=" + "$bkuOnline"; + #end + + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&CCC=" + ccc; + + generateIFrame(iFrameURL); + } + function generateIFrame(iFrameURL) { + var el = document.getElementById("bkulogin"); + var width = el.clientWidth; + var heigth = el.clientHeight - 20; + var parent = el.parentNode; + + iFrameURL += "&heigth=" + heigth; + iFrameURL += "&width=" + width; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", iFrameURL); + iframe.setAttribute("width", el.clientWidth - 1); + iframe.setAttribute("height", el.clientHeight - 1); + iframe.setAttribute("frameborder", "0"); + iframe.setAttribute("scrolling", "no"); + iframe.setAttribute("title", "Login"); + parent.replaceChild(iframe, el); + } + function setMandateSelection() { + document.getElementById("useMandate").value = "false"; + var checkbox = document.getElementById("mandateCheckBox"); + if (checkbox != null) { + if (document.getElementById("mandateCheckBox").checked) { + document.getElementById("useMandate").value = "true"; + } + } + } + function onChangeChecks() { + if (self.innerWidth < 650) { + document.getElementById("moaidform").setAttribute("target","_parent"); + } else { + document.getElementById("moaidform").removeAttribute("target"); + } + + } + + function checkIfBrowserSupportsJava(){ + console.log("Browser is Chrome: "+checkIfBrowserIsChrome()); + console.log("Browser is Safari: "+checkIfBrowserIsSafari()); + console.log("Browser is Edge: "+checkIfBrowserIsEdge()); + + var cnt = 0; + + if(checkIfBrowserIsChrome())cnt++; + if(checkIfBrowserIsEdge())cnt++; + if(checkIfBrowserIsSafari())cnt++; + + if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection + return true; + + var image = document.getElementById("bkuimage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'online-bku-deactivated.png'); + image.setAttribute("src",srcatt); + + + var button = document.getElementsByName("bkuButtonOnline")[0]; + button.setAttribute("class","browserInfoButton"); + button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen."); + button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');"); + + return false; + + } + function checkIfBrowserIsChrome(){ + var chrome_defined = !!window.chrome;//chrome object defined + var webstore_defined = false; + if(window.chrome){ + webstore_defined = !!window.chrome.webstore; + } + return chrome_defined && webstore_defined; + } + function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp + var chrome_defined = !!window.chrome;//chrome object defined + var webstore_defined = true; + if(window.chrome){ + webstore_defined = !!window.chrome.webstore; + } + return chrome_defined && !webstore_defined; + } + function checkIfBrowserIsSafari(){ + var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0; + return cond1; + } +/* function setSSOSelection() { + document.getElementById("useSSO").value = "false"; + var checkbox = document.getElementById("SSOCheckBox"); + if (checkbox != null) { + if (document.getElementById("SSOCheckBox").checked) { + document.getElementById("useSSO").value = "true"; + } + } + } */ + +/* function checkMandateSSO() { + var sso = document.getElementById("SSOCheckBox"); + var mandate = document.getElementById("mandateCheckBox"); + + + if (sso.checked && mandate.checked) { + alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") + mandate.checked = false; + sso.checked = false; + return true; + } else { + return false; + } + } */ \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index af133525e..02b86472b 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -4,847 +4,29 @@ - - - + + + + Anmeldung mittels Bürgerkarte oder Handy-Signatur
-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-

#HEADER_TEXT#

+

$HEADER_TEXT

-
+
+ onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED> -
+

Home Country Selection

i @@ -907,16 +87,6 @@

-
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html new file mode 100644 index 000000000..ac3242c89 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html @@ -0,0 +1,13 @@ + + + + + + + + + CLICK to perform a + redirect back to Online Application + + diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html index 07d018a94..a9f0c4238 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html @@ -3,556 +3,7 @@ - - + Anmeldung an Online-Applikation @@ -574,25 +25,21 @@
-

Anmeldung an: #OAName#

+

Anmeldung an: $OAName

-
+ - - - - + +
-
+ - - - - + +
@@ -600,18 +47,6 @@
-
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html index a9d73e0d3..b3eb18082 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html @@ -3,377 +3,7 @@ - + #if($timeoutURL) - - -Anmeldung mittels Bürgerkarte oder Handy-Signatur - - -
-
-

Anmeldung an: #OAName#

-
-
-
-

#HEADER_TEXT#

-
-
-
-
- - - -
-
-
-
- OnlineBKU -
-
- HandyBKU -
-
-
-
- - -
-
- - - - -
-

Home Country Selection

-

- - - i -

-
- - -
-
-
-
-
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html deleted file mode 100644 index 9bddee931..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - - - CLICK to perform a - redirect back to Online Application - - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html deleted file mode 100644 index ecda6550b..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - Anmeldung an Online-Applikation - - - - -
- -
- - - -
-
-
-

- Anmeldeinformationen: -

-
- -
-

Anmeldung an: #OAName#

- - -
-
- - - - - -
-
-
-
- - - - - -
-
- -
-
-
-
- -
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html deleted file mode 100644 index b3eb18082..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ /dev/null @@ -1,94 +0,0 @@ - - - - - - - - #if($timeoutURL) - - #end - - Single LogOut Vorgang ... - - -#if($timeoutURL) - -#else - -#end - - -
-
-

MOA-ID Single LogOut Information

-
-
- - #if($errorMsg) -
-

$errorMsg

-
- #end - - #if($successMsg) -
-

$successMsg

-
- #end - - #if($redirectURLs) -
-

- Sie werden von allen Online-Applikationen abgemeldet.
- Dieser Vorgang kann einige Zeit in Anspruch nehmen. -

-
- #end - -
-
-
- -
- - - #foreach( $el in $redirectURLs ) - - #end - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html b/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html deleted file mode 100644 index e9c2fae76..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - - Single Sign-On Session Transfer - - - - - -
-
-

MOA-ID Single Sign-On Session Transfer Service

-
-
- - #if($errorMsg) -
-

$errorMsg

-
- #end - - #if($successMsg) -
-

$successMsg

-
- #end - - #if($QRImage) -
- -
- #end - -
-
-
- -
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java index 125d83d6d..66dffe311 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.module.test; import java.util.Collection; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; /** * @author tlenz diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java index 005ad8bcc..54515ab8e 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java @@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java index 6ba2f24e4..266878d7e 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java @@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java index 89b5a5e2a..915cb3b1e 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java @@ -4,7 +4,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java index 6c91c574c..41ccb4451 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java @@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java index 766f9fadb..818e8b479 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java @@ -6,7 +6,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java index 7a4d5f70d..2ee67ec27 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java @@ -7,7 +7,7 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java index 32e7bda2f..1f77eadbc 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java index 81fc32d24..bc640e97a 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.api.Task; diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java index a645aa5a2..a05159c27 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java @@ -46,10 +46,9 @@ package test.at.gv.egovernment.moa.id; +import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import test.MOAIDTestCase; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; - /** * Base class for MOA ID test cases. * diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index bbaba6a50..c722b265e 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -50,6 +50,33 @@ + + at.gv.util + egovutils + + + * + * + + + + + + org.opensaml + opensaml + + + * + * + + + + + + org.apache.commons + commons-lang3 + + at.gv.egiz.components egiz-configuration-api diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java new file mode 100644 index 000000000..8d893be9d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -0,0 +1,193 @@ + + + +package at.gv.egovernment.moa.id.commons; + +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import iaik.asn1.ObjectID; + + +/** + * Constants used throughout moa-id-auth component. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDAuthConstants extends MOAIDConstants{ + + /** servlet parameter "Target" */ + public static final String PARAM_TARGET = "Target"; + /** servlet parameter "useMandate" */ + public static final String PARAM_USEMANDATE = "useMandate"; + public static final String PARAM_USEMISMANDATE = "useMISMandate"; + public static final String PARAM_USEELGAMANDATE = "useELGAMandate"; + /** servlet parameter "OA" */ + public static final String PARAM_OA = "OA"; + /** servlet parameter "bkuURI" */ + public static final String PARAM_BKU = "bkuURI"; + public static final String PARAM_MODUL = "MODUL"; + public static final String PARAM_ACTION = "ACTION"; + public static final String PARAM_SSO = "SSO"; + public static final String INTERFEDERATION_IDP = "interIDP"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; + + public static final String PARAM_SLOSTATUS = "status"; + public static final String PARAM_SLORESTART = "restart"; + public static final String SLOSTATUS_SUCCESS = "success"; + public static final String SLOSTATUS_ERROR = "error"; + + /** servlet parameter "sourceID" */ + public static final String PARAM_SOURCEID = "sourceID"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "CCC (Citizen Country Code)" */ + public static final String PARAM_CCC = "CCC"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; + /** default BKU URL */ + public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; + /** default BKU URL for https connections*/ + public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request"; + /** servlet parameter "returnURI" */ + public static final String PARAM_RETURN = "returnURI"; + /** servlet parameter "Template" */ + public static final String PARAM_TEMPLATE = "Template"; + /** servlet parameter "MOASessionID" */ + public static final String PARAM_SESSIONID = "MOASessionID"; + /** servlet parameter "XMLResponse" */ + public static final String PARAM_XMLRESPONSE = "XMLResponse"; + /** servlet parameter "SAMLArtifact" */ + public static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */ + public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ + public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */ + public static final String REQ_GET_FOREIGN_ID = "GetForeignID"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */ + public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */ + public static final String GET_MIS_SESSIONID = "GetMISSessionID"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ + public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; + /** Logging hierarchy used for controlling debug output of XML structures to files */ + public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_EXPIRES = "Expires"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_PRAGMA = "Pragma"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_PRAGMA = "no-cache"; + /** Header Name for controlling the caching mechanism of the browser */ + public static final String HEADER_CACHE_CONTROL = "Cache-control"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; + /** Header Value for controlling the caching mechanism of the browser */ + public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; + /** + * the identity link signer X509Subject names of those identity link signer certificates + * not including the identity link signer OID. The authorisation for signing the identity + * link must be checked by using their issuer names. After february 19th 2007 the OID of + * the certificate will be used fo checking the authorisation for signing identity links. + */ + public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = + new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ + public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; + /** + * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); + * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 + */ + public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + +// /** the number of the certifcate extension for party organ representatives */ +// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /** OW */ + public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; + + /** List of OWs */ + public static final List OW_LIST = Arrays.asList( + new ObjectID(OW_ORGANWALTER)); + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + + public static final List LEGACYPARAMETERWHITELIST + = Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID); + + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; + public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; + + public static final String PARAM_APPLET_HEIGTH = "heigth"; + public static final String PARAM_APPLET_WIDTH = "width"; + + public static final Map COUNTRYCODE_XX_TO_NAME = + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put("AT", "Other Countries");//"Workaround for PEPS Simulator" + put("BE", "België/Belgique"); + //put("CH", "Schweiz"); + put("EE", "Eesti"); + put("ES", "España"); + put("FI", "Suomi"); + put("IS", "Ísland"); + put("IT", "Italia"); + put("LI", "Liechtenstein"); + put("LT", "Lithuania"); + put("LU", "Luxemburg"); + put("PT", "Portugal"); + put("SE", "Sverige"); + put("SI", "Slovenija"); + } + }); + + public static final String COUNTRYCODE_AUSTRIA = "AT"; + + public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; + + public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_SESSION_ID = "sessionId"; + + //AuthnRequest IssueInstant validation + public static final int TIME_JITTER = 5; //all 5 minutes time jitter + + public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication"; + public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication"; + public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection"; + public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; + + //General protocol-request data-store keys + public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target"; + public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName"; + public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; + + //General MOASession data-store keys + public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java new file mode 100644 index 000000000..fa08dcab6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -0,0 +1,162 @@ +package at.gv.egovernment.moa.id.commons.api; + +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public interface AuthConfiguration extends ConfigurationProvider{ + + public static final String DEFAULT_X509_CHAININGMODE = "pkix"; + + public Properties getGeneralPVP2ProperiesConfig(); + + public Properties getGeneralOAuth20ProperiesConfig(); + + public ProtocolAllowed getAllowedProtocols(); + + public Map getConfigurationWithPrefix(final String Prefix); + + public String getConfigurationWithKey(final String key); + + /** + * Get a configuration value from basic file based MOA-ID configuration + * + * @param key configuration key + * @return configuration value + */ + public String getBasicMOAIDConfiguration(final String key); + + public int getTransactionTimeOut(); + public int getSSOCreatedTimeOut(); + public int getSSOUpdatedTimeOut(); + + public String getAlternativeSourceID() throws ConfigurationException; + + public List getLegacyAllowedProtocols(); + + public IOAAuthParameters getOnlineApplicationParameter(String oaURL); + + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; + + public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException; + + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException; + + public ConnectionParameterInterface getForeignIDConnectionParameter() throws ConfigurationException; + + public ConnectionParameterInterface getOnlineMandatesConnectionParameter() throws ConfigurationException; + + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException; + + public List getTransformsInfos() throws ConfigurationException; + + public List getIdentityLinkX509SubjectNames() throws ConfigurationException; + + public List getSLRequestTemplates() throws ConfigurationException; + + public String getSLRequestTemplates(String type) throws ConfigurationException; + + public List getDefaultBKUURLs() throws ConfigurationException; + + public String getDefaultBKUURL(String type) throws ConfigurationException; + + public String getSSOTagetIdentifier() throws ConfigurationException; + + public String getSSOFriendlyName(); + + public String getSSOSpecialText(); + + public String getMOASessionEncryptionKey(); + + public String getMOAConfigurationEncryptionKey(); + + public boolean isIdentityLinkResigning(); + + public String getIdentityLinkResigningKey(); + + public boolean isMonitoringActive(); + + public String getMonitoringTestIdentityLinkURL(); + + public String getMonitoringMessageSuccess(); + + public boolean isAdvancedLoggingActive(); + + /** + * Returns the PublicURLPrefix. + * + * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / + * @throws ConfigurationException if no PublicURLPrefix is found. + */ + public List getPublicURLPrefix() throws ConfigurationException; + + public boolean isVirtualIDPsEnabled(); + + public boolean isPVP2AssertionEncryptionActive(); + + public boolean isCertifiacteQCActive(); + + public IStorkConfig getStorkConfig() throws ConfigurationException; + + public EgovUtilPropertiesConfiguration geteGovUtilsConfig(); + + public String getDocumentServiceUrl(); + + /** + * Notify, if the STORK fake IdentityLink functionality is active + * + * @return true/false + */ + public boolean isStorkFakeIdLActive(); + + /** + * Get a list of all STORK countries for which a faked IdentityLink should be created + * + * @return {List} of country codes + */ + public List getStorkFakeIdLCountries(); + + /** + * Get a list of all STORK countries for which no signature is required + * + * @return {List} of country codes + */ + public List getStorkNoSignatureCountries(); + + /** + * Get the MOA-SS key-group identifier for fake IdentityLink signing + * + * @return MOA-SS key-group identifier {String} + */ + public String getStorkFakeIdLResigningKey(); + + + /** + * Notify, if the PVP2x metadata schema validation is active + * + * @return true/false + */ + public boolean isPVPSchemaValidationActive(); + + /** + * Get all configuration values with prefix and wildcard + * + * @param key: Search key. * and % can be used as wildcards + * @return Key/Value pairs {Map}, which key maps the search key + */ + Map getConfigurationWithWildCard(String key); + + /** + * Get configured default revisions-log event codes which should be logged + * + * @return {List} if event codes or null + */ + List getDefaultRevisionsLogEventCodes(); + + @Deprecated + public boolean isHTTPAuthAllowed(); +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java new file mode 100644 index 000000000..ca0a56049 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api; + +/** + * @author tlenz + * + */ +public interface ConfigurationProvider { + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.id.configuration"; + + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String PROXY_CONFIG_PROPERTY_NAME = + "moa.id.proxy.configuration"; + + /** + * The name of the generic configuration property giving the certstore directory path. + */ + public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = + "DirectoryCertStoreParameters.RootDir"; + + /** + * The name of the generic configuration property switching the ssl revocation checking on/off + */ + public static final String TRUST_MANAGER_REVOCATION_CHECKING = + "TrustManager.RevocationChecking"; + + public String getRootConfigFileDir(); + + public String getDefaultChainingMode(); + + public String getTrustedCACertificates(); + + public String getCertstoreDirectory(); + + public boolean isTrustmanagerrevoationchecking(); +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java new file mode 100644 index 000000000..89a21661b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java @@ -0,0 +1,35 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.api; + +public interface ConnectionParameterInterface { + + + public boolean isHTTPSURL(); + public String getUrl(); + public String getAcceptedServerCertificates(); + + public String getClientKeyStore(); + public String getClientKeyStorePassword(); + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java new file mode 100644 index 000000000..be6d34275 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -0,0 +1,222 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; + +/** + * @author tlenz + * + */ +public interface IOAAuthParameters { + + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + public static final String INDERFEDERATEDIDP = "interfederated"; + + /** + * Get the full key/value configuration for this online application + * + * @return an unmodifiable map of key/value pairs + */ + public Map getFullConfiguration(); + + /** + * Get a configuration value from online application key/value configuration + * + * @param key: The key identifier of a configuration value * + * @return The configuration value {String} or null if the key does not exist + */ + public String getConfigurationValue(String key); + + public String getFriendlyName(); + + public String getPublicURLPrefix(); + + public String getOaType(); + + public boolean getBusinessService(); + + /** + * Get target of a public service-provider + * + * @return target identifier without prefix + */ + public String getTarget(); + + public String getTargetFriendlyName(); + + public boolean isInderfederationIDP(); + + public boolean isSTORKPVPGateway(); + + public boolean isRemovePBKFromAuthBlock(); + + /** + * Return the private-service domain-identifier with PreFix + * + * @return the identityLinkDomainIdentifier + */ + public String getIdentityLinkDomainIdentifier(); + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier(); + + public SAML1ConfigurationParameters getSAML1Parameter(); + + /** + * Get a list of online application specific trusted security layer templates + * + * @return a {List} with template URLs, maybe empty but never null + */ + public List getTemplateURL(); + + + /** + * Return the additional AuthBlock text for this online application + * + * @return authblock text {String} or null if no text is configured + */ + public String getAditionalAuthBlockText(); + + /** + * Return an online application specific BKU URL for a requested BKU type + * + * @param bkutype: defines the type of BKU + * @return BKU URL {String} or null if no BKU URL is configured + */ + public String getBKUURL(String bkutype); + + /** + * Return a list of all configured BKU URLs for this online application + * + * @return List of BKU URLs or an empty list if no BKU is configured + */ + public List getBKUURL(); + + public boolean useSSO(); + + public boolean useSSOQuestion(); + + /** + * Return all mandate-profile types configured for this online application + * + * @return the mandateProfiles {List} or null if no profile is defined + */ + public List getMandateProfiles(); + + /** + * @return the identityLinkDomainIdentifierType + */ + public String getIdentityLinkDomainIdentifierType(); + + public boolean isShowMandateCheckBox(); + + public boolean isOnlyMandateAllowed(); + + /** + * Shall we show the stork login in the bku selection frontend? + * + * @return true, if is we should show stork login + */ + public boolean isShowStorkLogin(); + + public Integer getQaaLevel(); + + public boolean isRequireConsentForStorkAttributes(); + + /** + * Return a {Collection} of requested STORK attributes + * + * @return {Collection} maybe empty but never null + */ + public Collection getRequestedSTORKAttributes(); + + public byte[] getBKUSelectionTemplate(); + + public byte[] getSendAssertionTemplate(); + + /** + * Return a {Collection} of configured STORK CPEPS + * + * @return {Collection} maybe empty but never null + */ + public Collection getPepsList(); + + public String getIDPAttributQueryServiceURL(); + + /** + * @return + */ + boolean isInboundSSOInterfederationAllowed(); + + /** + * @return + */ + boolean isInterfederationSSOStorageAllowed(); + + /** + * @return + */ + boolean isOutboundSSOInterfederationAllowed(); + + boolean isTestCredentialEnabled(); + + List getTestCredentialOIDs(); + + boolean isUseIDLTestTrustStore(); + boolean isUseAuthBlockTestTestStore(); + + PrivateKey getBPKDecBpkDecryptionKey(); + + /** + * @return + */ + boolean isPassivRequestUsedForInterfederation(); + + /** + * @return + */ + boolean isPerformLocalAuthenticationOnInterfederationError(); + + /** + * Get a {Collection} of configured STORK attribute provider plug-ins + * + * @return {Collection} maybe empty but never null + */ + public Collection getStorkAPs(); + + public List getReversionsLoggingEventCodes(); + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java new file mode 100644 index 000000000..b23b4474b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java @@ -0,0 +1,201 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.api; + +import java.util.Collection; + +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; + +public interface IRequest { + + /** + * Indicates the module, which implements this authentication protocol. + * The class, which is referenced, had to implement the 'IModulInfo' interface. + * + * @return Full-qualified name of the class which implements this protocol + */ + public String requestedModule(); + + /** + * Indicates the protocol specific action, which should executed if the request is processed. + * The class, which is referenced, had to implement the 'IAction' interface. + * + * @return Full-qualified name of the class which implements the action + */ + public String requestedAction(); + + /** + * Unique identifier, which indicates the service provider. + * In case of SAML1 protocol, it is the OA http-GET parameter + * + * @return Unique identifier for the service provider + */ + public String getOAURL(); + + /** + * Indicates the passive flag in authentication requests. + * If the passive flag is set, the identification and authentication process + * failed if no active SSO session is found. + * + * @return true, if the is passive flag is set in authentication request, otherwise false + */ + public boolean isPassiv(); + + /** + * Indicates the force authentication flag in authentication request + * If this flag is set, a new identification and authentication process + * is carried out in any case. + * + * @return true, if the force authentication flag is set, otherwise false + */ + public boolean forceAuth(); + + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @return The request-data object or null if no data is found with this key + */ + public Object getGenericData(String key); + + /** + * Returns a generic request-data object with is stored with a specific identifier + * + * @param key The specific identifier of the request-data object + * @param clazz The class type which is stored with this key + * @return The request-data object or null if no data is found with this key + */ + public T getGenericData(String key, final Class clazz); + + /** + * Store a generic data-object to request with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage + */ + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; + + /** + * Hold the identifier of this request object. + * This identifier can be used to load the request from request storage + * + * @return Request identifier + */ + public String getRequestID(); + + + /** + * Hold the identifier of the MOASession which is associated with this request + * + * @return MOASession identifier if a associated session exists, otherwise null + */ + public String getMOASessionIdentifier(); + + + /** + * Holds a unique transaction identifier, which could be used for looging + * This transaction identifier is unique for a single identification and authentication process + * + * @return Unique transaction identifier. + */ + public String getUniqueTransactionIdentifier(); + + /** + * Holds a unique session identifier, which could be used for logging + * This session identifier is unique for the full Single Sign-On session time + * + * @return Unique session identifier + */ + public String getUniqueSessionIdentifier(); + + + /** + * Hold the identifier if the process instance, which is associated with this request + * + * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null + */ + public String getProcessInstanceId(); + + + /** + * get the IDP URL PreFix, which was used for authentication request + * + * @return IDP URL PreFix . The URL prefix always ends without / + */ + public String getAuthURL(); + public String getAuthURLWithOutSlash(); + + /** + * Indicates if this pending request needs authentication + * + * @return true if this request needs authentication, otherwise false + */ + public boolean isNeedAuthentication(); + + /** + * Indicates, if this pending request needs Single Sign-On (SSO) functionality + * + * @return true if this request needs SSO, otherwise false + */ + public boolean needSingleSignOnFunctionality(); + public void setNeedSingleSignOnFunctionality(boolean needSSO); + + /** + * Indicates, if this pending request is already authenticated + * + * @return true if this request is already authenticated, otherwise false + */ + public boolean isAuthenticated(); + public void setAuthenticated(boolean isAuthenticated); + + /** + * Get get Service-Provider configuration which is associated with this request. + * + * @return Service-Provider configuration + */ + public IOAAuthParameters getOnlineApplicationConfiguration(); + + /** + * Indicates, if this pending-request is aborted by the user + * + * @return true, if it is aborted, otherwise false + */ + public boolean isAbortedByUser(); + + /** + * Set the 'isAboredByUser' flag of this pending-request + * + * @param b true, if the user has abort the authentication process, otherwise false + */ + public void setAbortedByUser(boolean isAborted); + + /** + * This method get a Set of PVP 2.1 attribute, which are request by this pending-request. + * + * @return A set of PVP attribute names or null if no attributes are requested + * or the Service Provider, which sends this request needs no attributes + */ + public Collection getRequestedAttributes(); +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java new file mode 100644 index 000000000..b2d90aed4 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java @@ -0,0 +1,51 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api; + +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SignatureCreationParameter; +import at.gv.egovernment.moa.id.commons.api.data.SignatureVerificationParameter; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; + +/** + * @author tlenz + * + */ +public interface IStorkConfig { + + SignatureCreationParameter getSignatureCreationParameter(); + + SignatureVerificationParameter getSignatureVerificationParameter(); + + Map getCpepsMap(); + + boolean isSTORKAuthentication(String ccc); + + CPEPS getCPEPS(String ccc); + + List getStorkAttributes(); + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java new file mode 100644 index 000000000..cb81fe79e --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java @@ -0,0 +1,135 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.Serializable; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; + +import org.apache.commons.lang3.SerializationUtils; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; + + +/** + * @author tlenz + * + */ +public class BPKDecryptionParameters implements Serializable{ + + private static final long serialVersionUID = 1L; + + private byte[] keyStore = null; + private String keyStorePassword = null; + private String keyAlias = null; + private String keyPassword = null; + + /** + * @return + * @throws IOException + */ + public PrivateKey getPrivateKey() { + InputStream in = null; + try { + in = new ByteArrayInputStream(keyStore); + KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword); + + char[] chPassword = " ".toCharArray(); + if (keyPassword != null) + chPassword = keyPassword.toCharArray(); + +// Certificate test = store.getCertificate(keyAlias); +// Base64Utils.encode(test.getPublicKey().getEncoded()); + + return (PrivateKey) store.getKey(keyAlias, chPassword); + + + } catch (KeyStoreException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (IOException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (UnrecoverableKeyException e) { + Logger.error("Can not load private key from keystore.", e); + + } catch (NoSuchAlgorithmException e) { + Logger.error("Can not load private key from keystore.", e); + + } finally { + if (in != null) { + try { + in.close(); + } catch (IOException e) { + Logger.warn("Close InputStream failed." , e); + } + } + } + + return null; + } + + public byte[] serialize() { + return SerializationUtils.serialize(this); + + } + + /** + * @param keyStore the keyStore to set + */ + public void setKeyStore(byte[] keyStore) { + this.keyStore = keyStore; + } + + /** + * @param keyStorePassword the keyStorePassword to set + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * @param keyAlias the keyAlias to set + */ + public void setKeyAlias(String keyAlias) { + this.keyAlias = keyAlias; + } + + /** + * @param keyPassword the keyPassword to set + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java new file mode 100644 index 000000000..a88aa2171 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java @@ -0,0 +1,138 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/** + * + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +/** + * Encpasulates C-PEPS information according MOA configuration + * + * @author bzwattendorfer + * + */ +public class CPEPS { + + /** Country Code of C-PEPS */ + private String countryCode; + + /** URL of C-PEPS */ + private URL pepsURL; + + private Boolean isXMLSignatureSupported; + + /** Specific attributes to be requested for this C-PEPS */ + private List countrySpecificRequestedAttributes = new ArrayList(); + + /** + * Constructs a C-PEPS + * @param countryCode ISO Country Code of C-PEPS + * @param pepsURL URL of C-PEPS + */ + public CPEPS(String countryCode, URL pepsURL, Boolean isXMLSignatureSupported) { + super(); + this.countryCode = countryCode; + this.pepsURL = pepsURL; + this.isXMLSignatureSupported = isXMLSignatureSupported; + } + + /** + * Gets the country code of this C-PEPS + * @return ISO country code + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the country code of this C-PEPS + * @param countryCode ISO country code + */ + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + + /** + * Gets the URL of this C-PEPS + * @return C-PEPS URL + */ + public URL getPepsURL() { + return pepsURL; + } + + /** + * Sets the C-PEPS URL + * @param pepsURL C-PEPS URL + */ + public void setPepsURL(URL pepsURL) { + this.pepsURL = pepsURL; + } + + /** + * Returns weather the C-PEPS supports XMl Signatures or not (important for ERnB) + */ + public Boolean isXMLSignatureSupported() { + return isXMLSignatureSupported; + } + + /** + * Sets weather the C-PEPS supports XMl Signatures or not (important for ERnB) + * @param isXMLSignatureSupported C-PEPS XML Signature support + */ + public void setXMLSignatureSupported(boolean isXMLSignatureSupported) { + this.isXMLSignatureSupported = isXMLSignatureSupported; + } + + /** + * Gets the country specific attributes of this C-PEPS + * @return List of country specific attributes + */ + public List getCountrySpecificRequestedAttributes() { + return countrySpecificRequestedAttributes; + } + + /** + * Sets the country specific attributes + * @param countrySpecificRequestedAttributes List of country specific requested attributes + */ + public void setCountrySpecificRequestedAttributes( + List countrySpecificRequestedAttributes) { + this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes; + } + + /** + * Adds a Requested attribute to the country specific attribute List + * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add + */ + public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) { + this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute); + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java new file mode 100644 index 000000000..4f63dca54 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java @@ -0,0 +1,91 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * @author tlenz + * + */ +public class ProtocolAllowed { + + private boolean isSAML1Active = false; + private boolean isPVP21Active = true; + private boolean isOAUTHActive = true; + + /** + * + */ + public ProtocolAllowed() { + + } + + /** + * + */ + public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { + this.isOAUTHActive = oauth; + this.isPVP21Active = pvp21; + this.isSAML1Active = saml1; + + } + + /** + * @return the isSAML1Active + */ + public boolean isSAML1Active() { + return isSAML1Active; + } + /** + * @param isSAML1Active the isSAML1Active to set + */ + public void setSAML1Active(boolean isSAML1Active) { + this.isSAML1Active = isSAML1Active; + } + /** + * @return the isPVP21Active + */ + public boolean isPVP21Active() { + return isPVP21Active; + } + /** + * @param isPVP21Active the isPVP21Active to set + */ + public void setPVP21Active(boolean isPVP21Active) { + this.isPVP21Active = isPVP21Active; + } + /** + * @return the isOAUTHActive + */ + public boolean isOAUTHActive() { + return isOAUTHActive; + } + /** + * @param isOAUTHActive the isOAUTHActive to set + */ + public void setOAUTHActive(boolean isOAUTHActive) { + this.isOAUTHActive = isOAUTHActive; + } + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java new file mode 100644 index 000000000..eb709a6f1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java @@ -0,0 +1,276 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * @author tlenz + * + */ +public class SAML1ConfigurationParameters { + + private boolean isActive = false; + private boolean provideBaseId = false; + private boolean provideAuthBlock = false; + private boolean provideIdl = false; + private boolean provideCertificate = false; + private boolean provideMandate = false; + private boolean provideAllErrors = true; + private boolean useCondition = false; + private String sourceID = null; + private String condition = new String(); + + + /** + * + */ + public SAML1ConfigurationParameters(boolean isActive, + boolean provideBaseId, boolean provideAuthBlock, + boolean provideIdl, boolean provideCertificate, + boolean provideMandate, boolean provideAllErrors, + boolean useCondition, String condition, + String sourceID) { + this.condition = condition; + this.isActive = isActive; + this.provideAllErrors = provideAllErrors; + this.provideAuthBlock = provideAuthBlock; + this.provideBaseId = provideBaseId; + this.provideCertificate = provideCertificate; + this.provideIdl = provideIdl; + this.provideMandate = provideMandate; + this.useCondition = useCondition; + this.sourceID = sourceID; + + } + + + /** + * + */ + public SAML1ConfigurationParameters() { + + } + + + /** + * Gets the value of the isActive property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isIsActive() { + return this.isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + + /** + * @param provideBaseId the provideBaseId to set + */ + public void setProvideBaseId(boolean provideBaseId) { + this.provideBaseId = provideBaseId; + } + + + /** + * @param provideAuthBlock the provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + + /** + * @param provideIdl the provideIdl to set + */ + public void setProvideIdl(boolean provideIdl) { + this.provideIdl = provideIdl; + } + + + /** + * @param provideCertificate the provideCertificate to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + + /** + * @param provideMandate the provideMandate to set + */ + public void setProvideMandate(boolean provideMandate) { + this.provideMandate = provideMandate; + } + + + /** + * @param provideAllErrors the provideAllErrors to set + */ + public void setProvideAllErrors(boolean provideAllErrors) { + this.provideAllErrors = provideAllErrors; + } + + + /** + * @param useCondition the useCondition to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + + /** + * @param sourceID the sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + + + /** + * @param condition the condition to set + */ + public void setCondition(String condition) { + this.condition = condition; + } + + + /** + * Gets the value of the provideStammzahl property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideStammzahl() { + return this.provideBaseId; + } + + /** + * Gets the value of the provideAUTHBlock property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideAUTHBlock() { + return this.provideAuthBlock; + } + + /** + * Gets the value of the provideIdentityLink property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideIdentityLink() { + return this.provideIdl; + } + + /** + * Gets the value of the provideCertificate property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideCertificate() { + return this.provideCertificate; + } + + /** + * Gets the value of the provideFullMandatorData property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideFullMandatorData() { + return this.provideMandate; + } + + /** + * Gets the value of the useCondition property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isUseCondition() { + return this.useCondition; + } + + /** + * Gets the value of the conditionLength property. + * + * @return + * possible object is + * {@link BigInteger } + * + */ + + public int getConditionLength() { + return condition.length(); + } + + /** + * Gets the value of the sourceID property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getSourceID() { + return this.sourceID; + } + + /** + * Gets the value of the provideAllErrors property. + * + * @return + * possible object is + * {@link String } + * + */ + public Boolean isProvideAllErrors() { + return this.provideAllErrors; + } + +} + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java new file mode 100644 index 000000000..9bfd93977 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java @@ -0,0 +1,103 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.commons.api.data; + +import java.util.Properties; + +/** + * Encapsulates signature creation parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureCreationParameter { + + private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation."; + private static final String PROPS_KEYSTORE_FILE = "keystore.file"; + private static final String PROPS_KEYSTORE_PASS = "keystore.password"; + private static final String PROPS_KEYNAME_NAME = "keyname.name"; + private static final String PROPS_KEYNAME_PASS = "keyname.password"; + + private Properties props; + private String basedirectory; + + public SignatureCreationParameter(Properties props, String basedirectory) { + this.props = props; + this.basedirectory = basedirectory; + } + + /** + * Gets the KeyStore Path + * @return File Path to KeyStore + */ + public String getKeyStorePath() { + return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE); + } + + /** + * Gets the KeyStore Password + * @return Password to KeyStore + */ + public String getKeyStorePassword() { + return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS); + } + + /** + * Gets the Signing Key Name + * @return Siging Key Name + */ + public String getKeyName() { + return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME); + } + + /** + * Gets the Signing Key Password + * @return Signing Key Password + */ + public String getKeyPassword() { + return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java new file mode 100644 index 000000000..f408ea7fe --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java @@ -0,0 +1,53 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/** + * + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * Encapsulates Signature Verification data for STORK according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureVerificationParameter { + + /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ + private String trustProfileID; + + public SignatureVerificationParameter(String trustProfileID2) { + this.trustProfileID = trustProfileID2; + } + + /** + * Gets the MOA-SP TrustProfileID + * @return TrustProfileID of MOA-SP for STORK signature verification + */ + public String getTrustProfileID() { + return trustProfileID; + } + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java new file mode 100644 index 000000000..1bbb7d3fe --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.commons.api.data; + +public class StorkAttribute { + + protected Boolean mandatory; + protected String name; + + public StorkAttribute(String name, boolean mandatory) { + this.name = name; + this.mandatory = mandatory; + } + + public Boolean getMandatory() { + return mandatory; + } + public void setMandatory(Boolean mandatory) { + this.mandatory = mandatory; + } + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java new file mode 100644 index 000000000..070d304a6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java @@ -0,0 +1,81 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * @author tlenz + * + */ +public class StorkAttributeProviderPlugin { + private String name = null; + private String url = null; + private String attributes = null; + + /** + * + */ + public StorkAttributeProviderPlugin(String name, String url, String attributes) { + this.name = name; + this.url = url; + this.attributes = attributes; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + /** + * @return the url + */ + public String getUrl() { + return url; + } + /** + * @param url the url to set + */ + public void setUrl(String url) { + this.url = url; + } + /** + * @return the attributes + */ + public String getAttributes() { + return attributes; + } + /** + * @param attributes the attributes to set + */ + public void setAttributes(String attributes) { + this.attributes = attributes; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java new file mode 100644 index 000000000..e8f6da323 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java @@ -0,0 +1,78 @@ +package at.gv.egovernment.moa.id.commons.api.exceptions; +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +/** + * Exception signalling an error in the configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ConfigurationException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = -7199539463319751278L; + +/** + * Create a MOAConfigurationException. + */ + public ConfigurationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Create a MOAConfigurationException. + */ + public ConfigurationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(messageId, parameters, wrapped); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java new file mode 100644 index 000000000..955b0f5ea --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java @@ -0,0 +1,222 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.commons.api.exceptions; + +import java.io.PrintStream; +import java.io.PrintWriter; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.DOMImplementation; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * Base class of technical MOA exceptions. + * + * Technical exceptions are exceptions that originate from system failure (e.g., + * a database connection fails, a component is not available, etc.) + * + * @author Patrick Peck, Ivancsics Paul + * @version $Id$ + */ +public class MOAIDException extends Exception { + /** + * + */ + private static final long serialVersionUID = -1507246171708083912L; +/** message ID */ + private String messageId; + /** wrapped exception */ + private Throwable wrapped; + + private Object[] parameters; + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * exception. + * @param parameters Additional message parameters. + */ + public MOAIDException(String messageId, Object[] parameters) { + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + this.parameters = parameters; + } + + /** + * Create a new MOAIDException. + * + * @param messageId The identifier of the message associated with this + * MOAIDException. + * @param parameters Additional message parameters. + * @param wrapped The exception wrapped by this + * MOAIDException. + */ + public MOAIDException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters)); + this.messageId = messageId; + this.wrapped = wrapped; + this.parameters = parameters; + } + + /** + * Print a stack trace of this exception to System.err. + * + * @see java.lang.Throwable#printStackTrace() + */ + public void printStackTrace() { + printStackTrace(System.err); + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stack trace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) + */ + public void printStackTrace(PrintStream s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * Print a stack trace of this exception, including the wrapped exception. + * + * @param s The stream to write the stacktrace to. + * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) + */ + public void printStackTrace(PrintWriter s) { + if (getWrapped() == null) + super.printStackTrace(s); + else { + s.print("Root exception: "); + getWrapped().printStackTrace(s); + } + } + + /** + * @return message ID + */ + public String getMessageId() { + return messageId; + } + + /** + * @return wrapped exception + */ + public Throwable getWrapped() { + return wrapped; + } + + + + /** + * @return the parameters + */ +public Object[] getParameters() { + return parameters; +} + +/** + * Convert this MOAIDException to an ErrorResponse + * element from the MOA namespace. + * + * @return An ErrorResponse element, containing the subelements + * ErrorCode and Info required by the MOA schema. + */ + public Element toErrorResponse() { + DocumentBuilder builder; + DOMImplementation impl; + Document doc; + Element errorResponse; + Element errorCode; + Element info; + + // create a new document + try { + builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + impl = builder.getDOMImplementation(); + } catch (ParserConfigurationException e) { + return null; + } + + // build the ErrorResponse element + doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null); + errorResponse = doc.getDocumentElement(); + + // add MOA namespace declaration + errorResponse.setAttributeNS( + Constants.XMLNS_NS_URI, + "xmlns", + Constants.MOA_NS_URI); + + // build the child elements + errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode"); + errorCode.appendChild(doc.createTextNode(messageId)); + info = doc.createElementNS(Constants.MOA_NS_URI, "Info"); + info.appendChild(doc.createTextNode(toString())); + errorResponse.appendChild(errorCode); + errorResponse.appendChild(info); + return errorResponse; + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java new file mode 100644 index 000000000..9414556a2 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java @@ -0,0 +1,45 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.exceptions; + +/** + * @author tlenz + * + */ +public class SessionDataStorageException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 5743057708136365929L; + + /** + * @param messageId + * @param parameters + */ + public SessionDataStorageException(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java new file mode 100644 index 000000000..4d8a07a55 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java @@ -0,0 +1,104 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.commons.utils; + +import java.util.Locale; + +import at.gv.egovernment.moa.util.Messages; + +/** + * A singleton wrapper around a Message object, providing the messages used in MOA-ID. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDMessageProvider { + + /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */ + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/id_messages" }; + /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */ + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + /** The instance for our singleton */ + private static MOAIDMessageProvider instance; + /** The Messages */ + private Messages messages; + + /** + * Returns the single instance of MOAIDMessageProvider. + * + * @return the single instance of MOAIDMessageProvider + */ + public static MOAIDMessageProvider getInstance() { + if (instance == null) + instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + return instance; + } + + /** + * Create a MOAIDMessageProvider. + * + * @param resourceNames The names of the resources containing the messages. + * @param locales The corresponding locales. + */ + protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + /** + * Get the message corresponding to a given message ID. + * + * @param messageId The ID of the message. + * @param parameters The parameters to fill in into the message arguments. + * @return The formatted message. + */ + public String getMessage(String messageId, Object[] parameters) { + return messages.getMessage(messageId, parameters); + } + +} diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml index 4107e98e3..64ebc14b6 100644 --- a/id/server/moa-id-frontend-resources/pom.xml +++ b/id/server/moa-id-frontend-resources/pom.xml @@ -12,7 +12,7 @@ jar MOA-ID-Auth FrontEnd-Resources - Static FrontEnd resources for MOA-ID-Auth + FrontEnd resources for MOA-ID-Auth EGIZ https://www.egiz.gv.at @@ -29,7 +29,12 @@ ${basedir}/../../../../repository - + + + MOA.id.server + moa-id-commons + + org.springframework spring-webmvc @@ -40,6 +45,20 @@ + + + org.apache.velocity + velocity + 1.7 + + + + javax.servlet + javax.servlet-api + provided + + + \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java new file mode 100644 index 000000000..71a4837d4 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java @@ -0,0 +1,106 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration { + + public static final String PARAM_AUTHCONTEXT = "contextPath"; + public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint"; + + public static final String PARAM_PENDINGREQUESTID = "pendingReqID"; + + private String authURL = null; + private String viewName = null; + private String formSubmitEndpoint = null; + + /** + * @param authURL IDP PublicURL-Prefix which should be used, but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + * + */ + public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) { + this.viewName = viewName; + + if (authURL.endsWith("/")) + this.authURL = authURL.substring(0, authURL.length() - 1); + else + this.authURL = authURL; + + if (MiscUtil.isNotEmpty(formSubmitEndpoint)) { + if (formSubmitEndpoint.startsWith("/")) + this.formSubmitEndpoint = formSubmitEndpoint; + else + this.formSubmitEndpoint = "/" + formSubmitEndpoint; + } + } + + + /** + * Define the parameters, which should be evaluated in the template + * + * @return Map of parameters, which should be added to template + */ + abstract protected Map getSpecificViewParameters(); + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName() + */ + @Override + public final String getViewName() { + return this.viewName; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() + */ + @Override + public final Map getViewParameters() { + //get parameters from detail implementation + Map specParams = getSpecificViewParameters(); + if (specParams == null) + specParams = new HashMap(); + + //add generic parameters + specParams.put(PARAM_AUTHCONTEXT, this.authURL); + if (this.formSubmitEndpoint != null) + specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint); + + return specParams; + + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java new file mode 100644 index 000000000..2c2792b84 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java @@ -0,0 +1,120 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IRequest; + +/** + * This class builds MOA-ID GUI forms from default resource paths + * + * @author tlenz + * + */ +public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { + + public static final String VIEW_REDIRECT = "redirectForm.html"; + public static final String VIEW_ERRORMESSAGE = "error_message.html"; + public static final String VIEW_SINGLELOGOUT = "slo_template.html"; + public static final String VIEW_SSO_SESSION_TRANSFER = "sso_transfer_template.html"; + + private IRequest pendingReq; + private Map customParameters = null; + + + /** + * @param authURL PublicURLPrefix of the IDP but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public DefaultGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) { + super(authURL, viewName, formSubmitEndpoint); + } + + /** + * @param Current processed pending-request DAO but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public DefaultGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, String formSubmitEndpoint) { + super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint); + this.pendingReq = pendingReq; + + + } + + public void putCustomParameter(String key, Object value) { + if (customParameters == null) + customParameters = new HashMap(); + + customParameters.put(key, value); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() + */ + @Override + public Map getSpecificViewParameters() { + Map params = new HashMap(); + if (pendingReq != null) { + params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); + + } + if (customParameters != null) + params.putAll(customParameters); + + return params; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) + */ + @Override + public InputStream getTemplate(String viewName) { + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getContentType() + */ + @Override + public String getDefaultContentType() { + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir() + */ + @Override + public String getClasspathTemplateDir() { + return null; + + } +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java new file mode 100644 index 000000000..862c7edcf --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java @@ -0,0 +1,221 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; +import java.net.URI; +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service("guiFormBuilder") +public class GUIFormBuilderImpl implements IGUIFormBuilder { + + private static final String DEFAULT_CONTENT_TYPE = "text/html;charset=UTF-8"; + private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates"; + private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates"; + + @Autowired private AuthConfiguration authConfig; + private VelocityEngine engine; + + public GUIFormBuilderImpl() throws GUIBuildException { + try { + engine = VelocityProvider.getClassPathVelocityEngine(); + + } catch (Exception e) { + Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e); + throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e); + + } + + } + + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException { + build(httpResp, config, getInternalContentType(config), loggerName); + + } + + + @Override + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, + String contentType, String loggerName) throws GUIBuildException { + + InputStream is = null; + try { + String viewName = config.getViewName(); + + //load Tempate + is = getInternalTemplate(config); + if (is == null) { + Logger.warn("No GUI with viewName:" + viewName + " FOUND."); + throw new GUIBuildException("No GUI with viewName:" + viewName + " FOUND."); + + } + + //build Velocity Context from input paramters + VelocityContext context = buildContextFromViewParams(config.getViewParameters()); + + //evaluate template + StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is))); + + //write template to response + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.setContentType(contentType); + httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } catch (IOException e) { + Logger.error("GUI form-builder has an internal error.", e); + throw new GUIBuildException("GUI form-builder has an internal error.", e); + + } finally { + if (is != null) + try { + is.close(); + + } catch (IOException e) { + Logger.error("Can NOT close GUI-Template InputStream.", e); + + } + } + + } + + private String getInternalContentType(IGUIBuilderConfiguration config) { + if (MiscUtil.isEmpty(config.getDefaultContentType())) + return DEFAULT_CONTENT_TYPE; + + else + return config.getDefaultContentType(); + + } + + private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException { + String viewName = config.getViewName(); + + //load specific template + InputStream is = config.getTemplate(viewName); + + if (is == null) { + //load template from default resources + try { + Logger.trace("Loading GUI template:" + viewName + " from default resources ... "); + String pathLocation = null; + try { + //load template from config directory + String rootconfigdir = authConfig.getRootConfigFileDir(); + pathLocation = rootconfigdir + CONFIG_HTMLTEMPLATES_DIR + + viewName; + File file = new File(new URI(pathLocation)); + is = new FileInputStream(file); + + } catch (Exception e) { + //load template from classpath as backup + Logger.info("GUI template:" + viewName + " is not found in configuration directory. " + + " Load template from project library ... "); + try { + pathLocation = getInternalClasspathTemplateDir(config) + viewName; + is = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } catch (Exception e1) { + Logger.error("GUI template:" + pathLocation + " is NOT loadable!", e); + throw new GUIBuildException("GUI template:" + pathLocation + " is NOT loadable!", e); + + } + } + + } catch (GUIBuildException e) { + throw e; + + } catch (Exception e) { + Logger.error("GUI builder has an internal error during template load operation", e); + throw new GUIBuildException("GUI builder has an internal error during template load operation", e); + + } + } + + return is; + + } + + + /** + * @return + */ + private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) { + String dir = config.getClasspathTemplateDir(); + if (dir != null) { + if (!dir.endsWith("/")) + dir += "/"; + + return dir; + + } else + return CLASSPATH_HTMLTEMPLATES_DIR; + } + + /** + * @param viewParams + * @return + */ + private VelocityContext buildContextFromViewParams(Map viewParams) { + VelocityContext context = new VelocityContext(); + + if (viewParams != null) { + Iterator> interator = viewParams.entrySet().iterator(); + while (interator.hasNext()) { + Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + } + + } + + return context; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java new file mode 100644 index 000000000..51f6295c7 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java @@ -0,0 +1,74 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.InputStream; +import java.util.Map; + +/** + * @author tlenz + * + */ +public interface IGUIBuilderConfiguration { + + + /** + * Define the name of the template (with suffix) which should be used + * + * @return templatename, but never null + */ + public String getViewName(); + + /** + * Define the parameters, which should be evaluated in the template + * + * @return Map of parameters, which should be added to template + */ + public Map getViewParameters(); + + + /** + * Get a specific classpath template-directory prefix, which is used + * to load a template from classpath by using ClassLoader.getResourceAsStream(...) + * + * @return Classpath directory, or null if the default directory should be used + */ + public String getClasspathTemplateDir(); + + /** + * Get the GUI template with a specific name + * + * @param viewName Name of the template + * @return Tempate as InputStream, or null if default getTemplate method should be used + */ + public InputStream getTemplate(String viewName); + + /** + * Get the contentType, which should be set in HTTP response + *

+ * DefaultValue: text/html;charset=UTF-8 + * + * @return ContentType, or null if default ContentType should be used. + */ + public String getDefaultContentType(); +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java new file mode 100644 index 000000000..198220e97 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; + +/** + * @author tlenz + * + */ +public interface IGUIFormBuilder { + + /** + * Parse a GUI template, with parameters into a http servlet-response + * and use the default http-response content-type. + *

+ * The parser use the VelocityEngine as internal template evaluator. + * + * @param httpResp http-response object + * @param viewName Name of the template (with suffix), which should be used. + * The template is selected by using the getTemplate(String viewName) method + * @param viewParams Map of parameters, which should be added to template + * @param loggerName String, which should be used from logger + * + * @throws GUIBuildException + */ + public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException; + + /** + * Parse a GUI template, with parameters into a http servlet-response. + *

+ * The parser use the VelocityEngine as internal template evaluator. + * + * @param httpResp http-response object + * @param viewName Name of the template (with suffix), which should be used. + * The template is selected by using the getTemplate(String viewName) method + * @param viewParams Map of parameters, which should be added to template + * @param contentType http-response content-type, which should be set + * @param loggerName String, which should be used from logger + * + * @throws GUIBuildException + */ + void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, + String loggerName) throws GUIBuildException; +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java new file mode 100644 index 000000000..73a0e7691 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -0,0 +1,186 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { + + public static final String VIEW_BKUSELECTION = "/loginFormFull.html"; + public static final String VIEW_SENDASSERTION = "/sendAssertionFormFull.html"; + public static final String VIEW_TEMPLATE_CSS = "/css_template.css"; + public static final String VIEW_TEMPLATE_JS = "/javascript_tempalte.js"; + + public static final String PARAM_BKU_ONLINE = "bkuOnline"; + public static final String PARAM_BKU_HANDY = "bkuLocal"; + public static final String PARAM_BKU_LOCAL = "bkuHandy"; + + public static final String PARAM_OANAME = "OAName"; + public static final String PARAM_COUNTRYLIST = "countryList"; + + private IRequest pendingReq = null; + + /** + * @param authURL PublicURLPrefix of the IDP but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public ServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, + String formSubmitEndpoint) { + super(authURL, viewName, formSubmitEndpoint); + + } + + /** + * @param Current processed pending-request DAO but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public ServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, + String formSubmitEndpoint) { + super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint); + this.pendingReq = pendingReq; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() + */ + @Override + public Map getSpecificViewParameters() { + Map params = new HashMap(); + params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU); + params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU); + params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU); + + if (pendingReq != null) { + params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); + + //add service-provider specific GUI parameters + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + if (oaParam != null) { + params.put(PARAM_OANAME, oaParam.getFriendlyName()); + + + if (oaParam.isShowStorkLogin()) + addCountrySelection(params, oaParam); + + FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); + + } else + FormBuildUtils.defaultLayoutBKUSelection(params); + + + } else { + //add default GUI parameters + FormBuildUtils.defaultLayoutBKUSelection(params); + + } + + return params; + } + + /** + * @param params + * @param oaParam + */ + private void addCountrySelection(Map params, IOAAuthParameters oaParam) { + String pepslist = ""; + try { + for (CPEPS current : oaParam.getPepsList()) { + String countryName = null; + if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()))) + countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase()); + else + countryName = current.getCountryCode().toUpperCase(); + + pepslist += "\n"; + + } + params.put(PARAM_COUNTRYLIST, pepslist); + + } catch (NullPointerException e) { + Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage()); + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir() + */ + @Override + public String getClasspathTemplateDir() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) + */ + @Override + public InputStream getTemplate(String viewName) { + if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { + + byte[] oatemplate = null; + if (VIEW_BKUSELECTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); + + else if (VIEW_SENDASSERTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); + + // OA specific template requires a size of 8 bits minimum + if (oatemplate != null && oatemplate.length > 7) + return new ByteArrayInputStream(oatemplate); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType() + */ + @Override + public String getDefaultContentType() { + return null; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java new file mode 100644 index 000000000..fff458546 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java @@ -0,0 +1,46 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.exception; + +/** + * @author tlenz + * + */ +public class GUIBuildException extends Exception { + + private static final long serialVersionUID = -278663750102498205L; + + /** + * @param string + */ + public GUIBuildException(String msg) { + super(msg); + + } + + public GUIBuildException(String msg, Throwable e) { + super(msg, e); + + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java new file mode 100644 index 000000000..71093a4d3 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java @@ -0,0 +1,178 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.auth.frontend.utils; + + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.util.MiscUtil; + +public class FormBuildUtils { + + private static Map defaultmap = null; + + public static String PARAM_MAIN_BACKGROUNDCOLOR = "MAIN_BACKGOUNDCOLOR"; + public static String PARAM_MAIN_COLOR = "MAIN_COLOR"; + public static String PARAM_HEADER_BACKGROUNDCOLOR = "HEADER_BACKGROUNDCOLOR"; + public static String PARAM_HEADER_COLOR = "HEADER_COLOR"; + public static String PARAM_BUTTON_BACKGROUNDCOLOR = "BUTTON_BACKGROUNDCOLOR"; + public static String PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS = "BUTTON_BACKGROUNDCOLOR_FOCUS"; + public static String PARAM_BUTTON_COLOR = "BUTTON_COLOR"; + public static String PARAM_FONTFAMILY = "FONTTYPE"; + public static String PARAM_HEADER_TEXT = "HEADER_TEXT"; + public static String PARAM_REDIRECTTARGET = "REDIRECTTARGET"; + public static String PARAM_APPLET_HEIGHT = "APPLETHEIGHT"; + public static String PARAM_APPLET_WIDTH = "APPLETWIDTH"; + + private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE"; + private static String PARAM_MANDATECHECKED = "MANDATECHECKED"; + + private static String PARAM_STORKVISIBLE = "STORKVISIBLE"; + + private static final String TEMPLATEVISIBLE = " display: none"; + private static final String TEMPLATEDISABLED = "disabled=\"true\""; + private static final String TEMPLATECHECKED = "checked=\"true\""; + private static final String TEMPLATE_ARIACHECKED = "aria-checked="; + + + static { + if (defaultmap == null) { + defaultmap = new HashMap(); + defaultmap.put(PARAM_MAIN_BACKGROUNDCOLOR, "#F7F8F7"); + defaultmap.put(PARAM_MAIN_COLOR, "#000000"); + + defaultmap.put(PARAM_HEADER_BACKGROUNDCOLOR, "#C3D2E2"); + defaultmap.put(PARAM_HEADER_COLOR, "#000000"); + defaultmap.put(PARAM_HEADER_TEXT, "Login"); + + defaultmap.put(PARAM_BUTTON_BACKGROUNDCOLOR, "#EBEBEB"); + defaultmap.put(PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB"); + defaultmap.put(PARAM_BUTTON_COLOR, "#000000"); + + defaultmap.put(PARAM_FONTFAMILY, "Verdana,Geneva,Arial,sans-serif"); + + defaultmap.put(PARAM_REDIRECTTARGET, "_top"); + } + } + + public static void customiceLayoutBKUSelection(Map params, IOAAuthParameters oaParam) { + + if (oaParam.isShowMandateCheckBox()) + params.put(PARAM_MANDATEVISIBLE, ""); + else + params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE); + + if (oaParam.isOnlyMandateAllowed()) { + params.put(PARAM_MANDATECHECKED, TEMPLATECHECKED + " " + + TEMPLATEDISABLED + " " +TEMPLATE_ARIACHECKED + "\"true\""); + + } else + params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); + + if (oaParam.isShowStorkLogin()) + params.put(PARAM_STORKVISIBLE, ""); + else + params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); + + //add more SP specific infos + setFormCustomizatenFromSP(params, oaParam); + + //format parameter-value for fontss + String fonttype = (String) params.get(PARAM_FONTFAMILY); + if (MiscUtil.isNotEmpty(fonttype)) { + String[] fonttypeList = fonttype.split(","); + String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\""; + + for (int i=1; i getDefaultMap() { + return defaultmap; + } + + /** + * @param value + * @return + */ + public static void defaultLayoutBKUSelection(Map params) { + params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE); + params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); + params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); + + params.putAll(getDefaultMap()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ + private static void setFormCustomizatenFromSP(Map params, IOAAuthParameters spConfig) { + params.putAll(FormBuildUtils.getDefaultMap()); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR))) + params.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR))) + params.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS))) + params.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR))) + params.put(FormBuildUtils.PARAM_BUTTON_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE))) + params.put(FormBuildUtils.PARAM_FONTFAMILY, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR))) + params.put(FormBuildUtils.PARAM_MAIN_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR))) + params.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR))) + params.put(FormBuildUtils.PARAM_HEADER_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT))) + params.put(FormBuildUtils.PARAM_HEADER_TEXT, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET))) + params.put(FormBuildUtils.PARAM_REDIRECTTARGET, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT))) + params.put(FormBuildUtils.PARAM_APPLET_HEIGHT, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)); + + if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH))) + params.put(FormBuildUtils.PARAM_APPLET_WIDTH, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)); + + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java new file mode 100644 index 000000000..3d5c5ed2f --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java @@ -0,0 +1,99 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.auth.frontend.velocity; + +import org.apache.velocity.app.Velocity; +import org.apache.velocity.runtime.RuntimeServices; +import org.apache.velocity.runtime.log.LogChute; + +import at.gv.egovernment.moa.logging.Logger; + +public class VelocityLogAdapter implements LogChute { + + public VelocityLogAdapter() { + try + { + /* + * register this class as a logger with the Velocity singleton + * (NOTE: this would not work for the non-singleton method.) + */ + Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); + Velocity.init(); + } + catch (Exception e) + { + Logger.error("Failed to register Velocity logger"); + } + } + + public void init(RuntimeServices arg0) throws Exception { + } + + public boolean isLevelEnabled(int arg0) { + switch(arg0) { + case LogChute.DEBUG_ID: + return Logger.isDebugEnabled(); + case LogChute.TRACE_ID: + return Logger.isTraceEnabled(); + default: + return true; + } + } + + public void log(int arg0, String arg1) { + switch(arg0) { + case LogChute.DEBUG_ID: + Logger.debug(arg1); + break; + case LogChute.TRACE_ID: + Logger.trace(arg1); + break; + case LogChute.INFO_ID: + Logger.info(arg1); + break; + case LogChute.WARN_ID: + Logger.warn(arg1); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1); + break; + } + } + + public void log(int arg0, String arg1, Throwable arg2) { + switch(arg0) { + case LogChute.DEBUG_ID: + case LogChute.TRACE_ID: + case LogChute.INFO_ID: + case LogChute.WARN_ID: + Logger.warn(arg1, arg2); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1, arg2); + break; + } + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java new file mode 100644 index 000000000..022c144f0 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java @@ -0,0 +1,113 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2011 by Graz University of Technology, Austria + * The Austrian STORK Modules have been developed by the E-Government + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery + * Austria and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +/** + * + */ +package at.gv.egovernment.moa.id.auth.frontend.velocity; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; + +/** + * Gets a Velocity Engine + * + * @author bzwattendorfer + * + */ +public class VelocityProvider { + + /** + * Gets velocityEngine from Classpath + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getClassPathVelocityEngine() throws Exception { + VelocityEngine velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + velocityEngine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + + + velocityEngine.init(); + + return velocityEngine; + } + + /** + * Gets VelocityEngine from File + * @param rootPath File Path to template file + * @return VelocityEngine + * @throws Exception + */ + public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception { + VelocityEngine velocityEngine = getBaseVelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file"); + velocityEngine.setProperty("file.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.FileResourceLoader"); + velocityEngine.setProperty("file.resource.loader.path", rootPath); + + velocityEngine.init(); + + return velocityEngine; + } + + /** + * Gets a basic VelocityEngine + * @return VelocityEngine + */ + private static VelocityEngine getBaseVelocityEngine() { + VelocityEngine velocityEngine = new VelocityEngine(); + velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + + return velocityEngine; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css new file mode 100644 index 000000000..a8735be60 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css @@ -0,0 +1,625 @@ +@charset "utf-8"; + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.85em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /*border-radius: 7px;*/ + margin-bottom: 25px; + min-width: 80px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 460px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + /*float:left; */ + width:250px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 100px; + height: 30px + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 75px; + margin-bottom: 10px; + } + + + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.6em; + min-width: 60px; + /* max-width: 65px; */ + min-height: 1.0em; + /* border-radius: 5px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.7em; + min-width: 55px; + /*min-height: 1.1em; + border-radius: 5px;*/ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2 { + font-size: 0.8em; + margin-top: -0.4em; + padding-top: 0.4em; + } + + #bkulogin { + min-height: 150px; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + /* max-width: 75px; */ + min-height: 0.95em; + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.75em; + min-width: 60px; + /* min-height: 0.95em; + border-radius: 6px; */ + margin-bottom: 5% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2 { + font-size: 0.9em; + margin-top: -0.45em; + padding-top: 0.45em; + } + + #bkulogin { + min-height: 180px; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /* min-height: 1.05em; + border-radius: 7px; */ + margin-bottom: 10%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.0em; + margin-top: -0.50em; + padding-top: 0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.9em; + /* min-height: 1.2em; + border-radius: 8px; */ + margin-bottom: 10%; + max-width: 80px; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.1em; + margin-top: -0.55em; + padding-top: 0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 80px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 1.0em; + /* min-height: 1.3em; + border-radius: 10px; */ + margin-bottom: 10%; + max-width: 85px; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2 { + font-size: 1.3em; + margin-top: -0.65em; + padding-top: 0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: $MAIN_BACKGOUNDCOLOR; + } + .browserInfoButton{ + color: rgb(128, 128, 128); + } + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + vertical-align: middle; + min-height: 173px; + min-width: 204px; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + position: relative; + top: 50%; + } + + #stork h2 { + font-size: 0.9em; + margin-bottom: 2%; + } + + #bkulogin { + min-width: 190px; + min-height: 155px; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button] { +/* height: 11%; */ + width: 70%; + } + } + + * { + margin: 0; + padding: 0; + #if($FONTTYPE) + font-family: $FONTTYPE; + #end + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + /*margin-bottom: 10px;*/ + /* margin-top: 5px; */ + } + + #mandateLogin { + padding-bottom: 4%; + padding-top: 4%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-bottom: 4%; + /*padding-top: 4%;*/ + position: relative; + clear: both; + text-align: center; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + +/* input[type=button], .sendButton { + background: $BUTTON_BACKGROUNDCOLOR; + color: $BUTTON_COLOR; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: 3px 3px 3px #222222; */ +/* } + +/* button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { + background: $BUTTON_BACKGROUNDCOLOR_FOCUS; + color: $BUTTON_COLOR; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: -1px -1px 3px #222222; */ +/* } + +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: $BUTTON_COLOR; */ + /*border: 0px;*/ + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + /*text-decoration: underline;*/ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : $MAIN_BACKGOUNDCOLOR; + color: $MAIN_COLOR; + } + + .dunkel { + background-color: $HEADER_BACKGROUNDCOLOR; + color: $HEADER_COLOR; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + #ssoSessionTransferBlock { + font-size: 0.8em; + margin-left: 5px; + margin-bottom: 5px; + } + + #alert_area { + width: 500px; + padding-left: 80px; + } \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html new file mode 100644 index 000000000..4fd4d63cd --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html @@ -0,0 +1,37 @@ + + + + + + An error arise ... + + + +
+
+

Authentication error arise

+ + + + + +
+

The authentication stops on account of a process error:

+
+

Error Code: $errorCode

+

Error Message:$errorMsg

+
+ + + #if($stacktrace) +
+

Stacktrace: $stacktrace

+
+ #end + + + +
+
+ + \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js new file mode 100644 index 000000000..e4e05bace --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js @@ -0,0 +1,200 @@ +function isIE() { + return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); + } + function isFullscreen() { + try { + return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); + } catch (e) { + return false; + } + } + function isActivexEnabled() { + var supported = null; + try { + supported = !!new ActiveXObject("htmlfile"); + } catch (e) { + supported = false; + } + return supported; + } + function isMetro() { + if (!isIE()) + return false; + return !isActivexEnabled() && isFullscreen(); + } + window.onload=function() { + document.getElementById("localBKU").style.display="block"; + return; + } + function bkuLocalClicked() { + setMandateSelection(); + } + + function bkuOnlineClicked() { + if (isMetro()) + document.getElementById("metroDetected").style.display="block"; + document.getElementById("localBKU").style.display="block"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + iFrameURL += "bkuURI=" + "$bkuOnline"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + + generateIFrame(iFrameURL); + } + function bkuHandyClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + iFrameURL += "bkuURI=" + "$bkuHandy"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + + generateIFrame(iFrameURL); + } + function storkClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var ccc = "AT"; + var countrySelection = document.getElementById("cccSelection"); + if (countrySelection != null) { + ccc = document.getElementById("cccSelection").value; + } + var iFrameURL = "$contextPath$submitEndpoint" + "?"; + iFrameURL += "&pendingid=" + "$pendingReqID"; + + #if($bkuOnline) + iFrameURL += "bkuURI=" + "$bkuOnline"; + #end + + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&CCC=" + ccc; + + generateIFrame(iFrameURL); + } + function generateIFrame(iFrameURL) { + var el = document.getElementById("bkulogin"); + var width = el.clientWidth; + var heigth = el.clientHeight - 20; + var parent = el.parentNode; + + iFrameURL += "&heigth=" + heigth; + iFrameURL += "&width=" + width; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", iFrameURL); + iframe.setAttribute("width", el.clientWidth - 1); + iframe.setAttribute("height", el.clientHeight - 1); + iframe.setAttribute("frameborder", "0"); + iframe.setAttribute("scrolling", "no"); + iframe.setAttribute("title", "Login"); + parent.replaceChild(iframe, el); + } + function setMandateSelection() { + document.getElementById("useMandate").value = "false"; + var checkbox = document.getElementById("mandateCheckBox"); + if (checkbox != null) { + if (document.getElementById("mandateCheckBox").checked) { + document.getElementById("useMandate").value = "true"; + } + } + } + function onChangeChecks() { + if (self.innerWidth < 650) { + document.getElementById("moaidform").setAttribute("target","_parent"); + } else { + document.getElementById("moaidform").removeAttribute("target"); + } + + } + + function checkIfBrowserSupportsJava(){ + console.log("Browser is Chrome: "+checkIfBrowserIsChrome()); + console.log("Browser is Safari: "+checkIfBrowserIsSafari()); + console.log("Browser is Edge: "+checkIfBrowserIsEdge()); + + var cnt = 0; + + if(checkIfBrowserIsChrome())cnt++; + if(checkIfBrowserIsEdge())cnt++; + if(checkIfBrowserIsSafari())cnt++; + + if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection + return true; + + var image = document.getElementById("bkuimage"); + var srcatt = image.getAttribute("src"); + var last = srcatt.substring(srcatt.lastIndexOf('/')+1); + srcatt = srcatt.replace(last,'online-bku-deactivated.png'); + image.setAttribute("src",srcatt); + + + var button = document.getElementsByName("bkuButtonOnline")[0]; + button.setAttribute("class","browserInfoButton"); + button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen."); + button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');"); + + return false; + + } + function checkIfBrowserIsChrome(){ + var chrome_defined = !!window.chrome;//chrome object defined + var webstore_defined = false; + if(window.chrome){ + webstore_defined = !!window.chrome.webstore; + } + return chrome_defined && webstore_defined; + } + function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp + var chrome_defined = !!window.chrome;//chrome object defined + var webstore_defined = true; + if(window.chrome){ + webstore_defined = !!window.chrome.webstore; + } + return chrome_defined && !webstore_defined; + } + function checkIfBrowserIsSafari(){ + var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0; + return cond1; + } +/* function setSSOSelection() { + document.getElementById("useSSO").value = "false"; + var checkbox = document.getElementById("SSOCheckBox"); + if (checkbox != null) { + if (document.getElementById("SSOCheckBox").checked) { + document.getElementById("useSSO").value = "true"; + } + } + } */ + +/* function checkMandateSSO() { + var sso = document.getElementById("SSOCheckBox"); + var mandate = document.getElementById("mandateCheckBox"); + + + if (sso.checked && mandate.checked) { + alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") + mandate.checked = false; + sso.checked = false; + return true; + } else { + return false; + } + } */ \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html new file mode 100644 index 000000000..02b86472b --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html @@ -0,0 +1,92 @@ + + + + + + + + + + + + +Anmeldung mittels Bürgerkarte oder Handy-Signatur + + +
+
+

Anmeldung an: $OAName

+
+
+
+

$HEADER_TEXT

+
+
+
+
+ + + +
+
+
+
+ OnlineBKU +
+
+ HandyBKU +
+
+
+
+ + + + + + +
+
+ + + + +
+

Home Country Selection

+

+ + + i +

+
+ + +
+
+
+
+
+ + diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html new file mode 100644 index 000000000..ac3242c89 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html @@ -0,0 +1,13 @@ + + + + + + + + + CLICK to perform a + redirect back to Online Application + + diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html new file mode 100644 index 000000000..a9f0c4238 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html @@ -0,0 +1,52 @@ + + + + + + + + Anmeldung an Online-Applikation + + + + +
+ +
+ + + +
+
+
+

+ Anmeldeinformationen: +

+
+ +
+

Anmeldung an: $OAName

+ + +
+
+ + + +
+
+
+
+ + + +
+
+ +
+
+
+
+
+ + diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html new file mode 100644 index 000000000..b3eb18082 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html @@ -0,0 +1,94 @@ + + + + + + + + #if($timeoutURL) + + #end + + Single LogOut Vorgang ... + + +#if($timeoutURL) + +#else + +#end + + +
+
+

MOA-ID Single LogOut Information

+
+
+ + #if($errorMsg) +
+

$errorMsg

+
+ #end + + #if($successMsg) +
+

$successMsg

+
+ #end + + #if($redirectURLs) +
+

+ Sie werden von allen Online-Applikationen abgemeldet.
+ Dieser Vorgang kann einige Zeit in Anspruch nehmen. +

+
+ #end + +
+
+
+ +
+ + + #foreach( $el in $redirectURLs ) + + #end + + \ No newline at end of file diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html new file mode 100644 index 000000000..e9c2fae76 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html @@ -0,0 +1,59 @@ + + + + + + + + Single Sign-On Session Transfer + + + + + +
+
+

MOA-ID Single Sign-On Session Transfer Service

+
+
+ + #if($errorMsg) +
+

$errorMsg

+
+ #end + + #if($successMsg) +
+

$successMsg

+
+ #end + + #if($QRImage) +
+ +
+ #end + +
+
+
+ +
+ + + \ No newline at end of file diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java index cc5552e81..636a3ed03 100644 --- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java +++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java @@ -17,7 +17,7 @@ import org.springframework.web.context.support.ServletContextResource; import org.springframework.web.servlet.DispatcherServlet; import at.gv.egiz.components.spring.api.SpringLoader; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index ea4dd868b..7122c6577 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; @@ -57,11 +56,13 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.LogMsg; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index f00f4386f..e51700111 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -48,10 +48,10 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index dc981ba33..18495381e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; -import java.util.Map; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.util.FormBuildUtils; +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -165,31 +165,32 @@ public class GetIdentityLinkFormBuilder extends Builder { htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); //new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); - //removed in MOA-ID 2.0 -// htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL); -// htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL); + + //set applet-background coller + if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR))) + htmlForm = replaceTag(htmlForm, COLOR_TAG, + oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR), false, ALL); + else + htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR), false, ALL); + + //set redirect target + if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)))) + htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, + oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET), false, ALL); + else + htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_REDIRECTTARGET), false, ALL); - Map map = null; - - if (oaParam != null) { - map = oaParam.getFormCustomizaten(); - htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL); - htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL); - - } else { - htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL); - htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.REDIRECTTARGET), false, ALL); - } - - if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_HEIGHT))) - htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, map.get(FormBuildUtils.APPLET_HEIGHT), false, ALL); + //set applet heigh + if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT))) + htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT), false, ALL); else if (MiscUtil.isNotEmpty(appletheigth)) htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL); else htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL); - if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_WIDTH))) - htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, map.get(FormBuildUtils.APPLET_WIDTH), false, ALL); + //set applet width + if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH))) + htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH), false, ALL); else if (MiscUtil.isNotEmpty(appletwidth)) htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL); else diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index cbdef7093..4f9936c94 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,8 +3,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index aff6b1ca6..000a47438 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE; import java.io.IOException; @@ -14,9 +14,9 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.logging.Logger; * * Expects: *
    - *
  • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
    • + *
  • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
    • *
* Result: *
    diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index cbaaa5ec7..e82aa8fbb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -13,10 +13,10 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -26,14 +26,14 @@ import at.gv.egovernment.moa.util.StringUtils; * In detail: *
      *
    • Renames the moa session id.
      • - *
    • Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.
      • + *
    • Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.
      • *
    • Creates the http form mentioned above.
      • *
    • Returns the http form via HttpServletResponse.
      • *
    * Expects: *
      - *
    • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} or
      • - *
    • ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).
      • + *
    • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} or
      • + *
    • ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).
      • *
    * Result: *
      diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 204e39b8c..7cc9df30c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -22,7 +22,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -31,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -44,7 +44,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; * In detail: *
        *
      • Renames the moa session id.
        • - *
      • Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
        • + *
      • Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
        • *
      • Extracts signature and signer certificate.
        • *
      • Send request to SZR Gateway in order to get an identity link.
        • *
      • Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).
        • @@ -52,8 +52,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; *
      * Expects: *
        - *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • - *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.
        • + *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • + *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.
        • *
      * Result: *
        diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 0a1e3c8f5..c172c3b9c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID; import java.security.GeneralSecurityException; import java.util.List; @@ -18,10 +18,10 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -42,7 +42,7 @@ import iaik.pki.PKIException; *
      * Expects: *
        - *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • + *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • *
      * Result: *
        @@ -72,7 +72,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { String misSessionID = moasession.getMISSessionID(); //get mandates from MIS - ConnectionParameter connectionParameters = authConfig + ConnectionParameterInterface connectionParameters = authConfig .getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( authConfig, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index b1b87f68d..d3d736a9c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -31,15 +31,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index b9a8fecf6..ed49201b8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -8,9 +8,9 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -25,7 +25,7 @@ import at.gv.egovernment.moa.logging.Logger; *
      * Expects: *
        - *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • + *
      • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
        • *
      * Result: *
        diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index f976c0b49..afbb87f10 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID; import java.util.List; @@ -39,12 +39,12 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -72,7 +72,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //perform default task initialization defaultTaskInitialization(request, executionContext); - ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); + ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); // get identitity link as byte[] diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index b52778577..516e9501b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; import java.util.Map; @@ -15,10 +15,10 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -28,15 +28,15 @@ import at.gv.egovernment.moa.logging.Logger; * In detail: *
          *
        • Renames the moa session id.
          • - *
        • Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
          • + *
        • Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
          • *
        • Verifies the {@code CreateXMLSignatureResponse}.
          • *
        • Updates moa session.
          • *
        • Redirects back to {@code /dispatcher} in order to finalize the authentication.
          • *
        * Expects: *
          - *
        • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
          • - *
        • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.
          • + *
        • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
          • + *
        • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.
          • *
        * Result: *
          diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index cd444f7c8..df158a7ec 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; +import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; import java.io.IOException; import java.util.Map; @@ -17,9 +17,9 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; @@ -28,11 +28,11 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils; import iaik.x509.X509Certificate; /** - * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.

          + * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.

          * In detail: *

            *
          • Renames the moa session id.
            • - *
          • Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
            • + *
          • Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
            • *
          • Verifies the certificate.
            • *
          • Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.
            • *
          • Puts it in a {@code CreateXMLSignatureRequest}.
            • @@ -41,8 +41,8 @@ import iaik.x509.X509Certificate; *
          * Expects: *
            - *
          • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
            • - *
          • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.
            • + *
          • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
            • + *
          • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.
            • *
          * Result: *
            diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 23e92c0c0..0deda4d43 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -12,10 +12,10 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -24,15 +24,15 @@ import at.gv.egovernment.moa.logging.Logger; * In detail: *
              *
            • Renames the moa session id.
              • - *
            • Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
              • + *
            • Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.
              • *
            • Verifies the identity link.
              • *
            • Updates moa session.
              • *
            • Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.
              • *
            * Expects: *
              - *
            • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
              • - *
            • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.
              • + *
            • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}
              • + *
            • HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.
              • *
            * Result: *
              diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 5e0a69fd4..4b0e7b869 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,7 +56,6 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -64,11 +63,12 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index ac528c89d..df101f5b7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -61,14 +61,14 @@ import java.util.Iterator; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 1850ff671..55562176d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -69,7 +69,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 36bab9355..2a8d26566 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -55,11 +55,11 @@ import java.net.URLEncoder; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java index 9b634ff4d..1759a7281 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java @@ -54,7 +54,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends try { initalizeConfiguration(); - } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) { + } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) { Logger.error("eIDAS SAML-engine initialization FAILED", e); } @@ -89,7 +89,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends try { initalizeConfiguration(); - } catch (at.gv.egovernment.moa.id.config.ConfigurationException e) { + } catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) { Logger.error("eIDAS SAML-engine initialization FAILED", e); } @@ -103,10 +103,10 @@ public class MOAIDCertificateManagerConfigurationImpl extends /** * Initialize eIDAS SAML-engine from MOA-ID configuration - * @throws at.gv.egovernment.moa.id.config.ConfigurationException + * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException * */ - private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException { + private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { //initialize configuration MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl(); tmp.initialize(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 584910ea5..5d1874157 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -37,7 +37,7 @@ import java.util.Properties; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java index bdd8c8e72..1ba344fd1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.config; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.core.impl.EncryptionSW; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 55504dcb0..d0454688a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -26,9 +26,9 @@ import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java index 98bc559d2..20f18b772 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 515ce2913..7a696cd2f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -39,12 +39,12 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 2156720e8..6de446e01 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -36,19 +36,19 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASAuthnRequest; import eu.eidas.auth.commons.EIDASUtil; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 9858d6004..082fdbbbf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -6,13 +6,13 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 1e3b0f507..83fadb04e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -32,13 +32,12 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; @@ -167,7 +166,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setOAURL(samlReq.getIssuer()); // - memorize OA config - OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); + IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL()); if (oaConfig == null) throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()}); pendingReq.setOnlineApplicationConfiguration(oaConfig); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 4e34902e2..55f4f44d4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -23,14 +23,14 @@ import org.slf4j.Logger; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import eu.eidas.auth.engine.EIDASSAMLEngine; import eu.eidas.auth.engine.metadata.MetadataConfigParams; import eu.eidas.auth.engine.metadata.MetadataGenerator; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 5f3f89aee..4ab587159 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -37,17 +37,17 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EIDASAuthnResponse; import eu.eidas.auth.commons.EIDASStatusCode; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java index a64fc8bf7..22cb22c6d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java @@ -35,7 +35,7 @@ import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index 3fa43d0a3..29bc5ee12 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -36,7 +36,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.util.HTTPUtils; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java index 6b7c13804..d27353809 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java index 03711aa40..fb9628909 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java @@ -29,11 +29,11 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index d25921167..26fd5fe5b 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -36,7 +36,6 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; @@ -44,7 +43,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index 49f131983..1c564b20d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -37,7 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index c6434b901..f5bcdb70b 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index e2ac97535..9060f35c5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 21fe4e5fa..9b19e0a4d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -31,7 +31,7 @@ import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index e81132ca7..a43c8fce9 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c4260db82..c6775b692 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 6008eede1..5f32e32a2 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index ad7fe68b9..04f38faf6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index 5c4fe02df..ff19a618a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index d08a3b4f0..eda276df2 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 10af9cc32..7de90e98e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 4262d6bb3..3ebadba52 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index da4f76e2d..89209b062 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 04a6ec60b..895037b2e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java index 307615fbd..d7fecd1b5 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java @@ -22,7 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; public class OAuth20Exception extends RuntimeException { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 518a694b0..803ae388f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -35,14 +35,14 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 055d14ef3..98fcdc8dc 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -32,10 +32,10 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; @@ -187,7 +187,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 4eae5ac3b..88669bd90 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,10 +31,10 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -71,7 +71,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } this.setOAURL(oaURL); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index b29d33a8d..2f8c43e23 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -19,9 +19,9 @@ import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index bb0126a7b..9d78418cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -33,12 +33,12 @@ import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 75fbb4120..f35de9c58 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -30,10 +30,10 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -140,7 +140,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 8207fc502..b15d7dc85 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -46,6 +46,11 @@ 1.52 + + MOA.id.server + moa-id-frontend-resources + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 103a03063..f9cb4c636 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,11 +28,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index 4ba2e1a01..af180ff10 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -27,11 +27,11 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; /** * @author tlenz @@ -261,15 +261,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() - */ - @Override - public Map getFormCustomizaten() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 48ef5b526..2bb31f700 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -56,7 +56,6 @@ import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; @@ -80,17 +79,18 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -124,6 +124,7 @@ public class SSOTransferServlet{ @Autowired ITransactionStorage transactionStorage; @Autowired IDPCredentialProvider idpCredentials; @Autowired AuthConfiguration authConfig; + @Autowired IGUIFormBuilder guiBuilder; public SSOTransferServlet() { super(); @@ -145,8 +146,6 @@ public class SSOTransferServlet{ method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { - VelocityContext context = new VelocityContext(); - //create first step of SSO Transfer GUI String authURL = HTTPUtils.extractAuthURLFromRequest(req); if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { @@ -155,8 +154,13 @@ public class SSOTransferServlet{ } + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + internalCreateQRCodeForTransfer(resp, authURL, - "123456", "/TestTransmitSSOSession", context); + "123456", "/TestTransmitSSOSession", config); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -388,28 +392,32 @@ public class SSOTransferServlet{ //search SSO session String ssoid = ssomanager.getSSOSessionID(req); - VelocityContext context = new VelocityContext(); - try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + if (ssomanager.isValidSSOSession(ssoid, null)) { //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - + String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); if(authSession != null) { internalCreateQRCodeForTransfer(resp, authURL, authSession.getSessionID(), - SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context); + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; } @@ -417,9 +425,10 @@ public class SSOTransferServlet{ } - context.put("errorMsg", + config.putCustomParameter("errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); + + guiBuilder.build(resp, config, "SSO-Transfer-Module"); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -505,7 +514,7 @@ public class SSOTransferServlet{ } private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL, - String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception { + String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception { SSOTransferContainer container = new SSOTransferContainer(); String token = Random.nextRandom(); @@ -558,12 +567,12 @@ public class SSOTransferServlet{ ByteArrayOutputStream qrStream = QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); + config.putCustomParameter("QRImage", base64EncodedImage); - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + config.putCustomParameter("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - GUIUtils.printSSOTransferGUI(context, resp); - + + guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index 0b3bd892a..cd18afb71 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -33,9 +33,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index e84c60ec5..e3c8efb50 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -45,6 +45,8 @@ import at.gv.egovernment.moa.logging.Logger; @Component("InitializeRestoreSSOSessionTask") public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { + @Autowired IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -63,11 +65,10 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { } - VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID()); - } catch (WrongParametersException | AuthenticationException e) { + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index d52e03c09..526f45be3 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -38,12 +38,13 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -60,6 +61,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; + @Autowired IGUIFormBuilder guiBuilder; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -180,8 +182,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, + authURL, pendingReq.getRequestID()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index ee7a397aa..b1446c4d2 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -22,29 +22,19 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; -import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; -import java.net.URI; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import net.glxn.qrgen.QRCode; @@ -54,95 +44,43 @@ import net.glxn.qrgen.image.ImageType; * @author tlenz * */ -public class GUIUtils { - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; - +public class GUIUtils { public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec - public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException { - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + public static void buildSSOTransferGUI( + IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, + String authURL, String pendingReqID) throws ConfigurationException, IOException { + try { + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - VelocityContext context = new VelocityContext(); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); - - context.put("timeoutURL", containerURL); - context.put("timeout", REFESH_TIMEOUT); - - return context; - - } - - public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { - try { - Logger.trace("Initialize VelocityEngine..."); - - InputStream is = null; - String pathLocation = null; - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE; - File file = new File(new URI(pathLocation)); - is = new FileInputStream(file); - evaluateTemplate(context, httpResp, is); - - } catch (Exception e) { - Logger.warn("SLO Template is not found in configuration directory (" + - pathLocation + "). Load template from project library ... "); - - try { - pathLocation = GUI_HTML_TEMPLATE; - is = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - evaluateTemplate(context, httpResp, is); + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - } catch (Exception e1) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - - } finally { - if (is != null) - is.close(); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + + config.putCustomParameter("QRImage", base64EncodedImage); + config.putCustomParameter("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + config.putCustomParameter("timeoutURL", containerURL); + config.putCustomParameter("timeout", REFESH_TIMEOUT); - } + guiBuilder.build(httpResp, config, "SSO-Transfer-Module"); - } catch (Exception e) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - } - - private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { - - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - BufferedReader reader = new BufferedReader(new InputStreamReader(is )); - - //set default elements to velocity context - context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); - - StringWriter writer = new StringWriter(); - //velocityEngine.evaluate(context, writer, "SLO_Template", reader); - engine.evaluate(context, writer, "SSO Transfer Template", reader); - - - httpResp.setContentType("text/html;charset=UTF-8"); - httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } - + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); + throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e); + + } + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index b2ab8b119..5f2642cf8 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -81,19 +81,19 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 6abc60c46..49275c6eb 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index 0f2c85350..0cee2dde3 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -34,7 +34,7 @@ import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index c06800079..98240a636 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -36,7 +36,7 @@ import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstant import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.util.HTTPUtils; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index 06664af45..d581e7e75 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,15 +35,14 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -82,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); + IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); @@ -139,7 +138,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { * @param objects * @throws AuthnRequestBuildException */ - private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException { + private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException { if (idpConfig.isPerformLocalAuthenticationOnInterfederationError()) { Logger.info("Switch to local authentication on this IDP ... "); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 01163efd6..1c3134b77 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -41,20 +41,19 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -225,7 +224,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); if (msg != null) { - OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); + IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); //remove federated IDP from SSO session if exists ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); @@ -313,7 +312,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { * @throws TaskExecutionException * @throws Throwable */ - private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, Throwable e) throws TaskExecutionException { + private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException { if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) { Logger.info("Switch to local authentication on this IDP ... "); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index 1168250ad..aac253083 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index f19802a01..323edee8d 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -44,6 +44,13 @@ test --> + + MOA.id.server + moa-id-commons + test + test-jar + + MOA.id.server.modules moa-id-modul-citizencard_authentication diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index b184aa4fe..c421bf8cc 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -30,17 +30,17 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; import eu.eidas.auth.commons.IPersonalAttributeList; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index fc5837e51..b01ea666d 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -71,13 +71,13 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 9d0dac0f8..0ec0d95a2 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -46,7 +46,6 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; @@ -61,13 +60,14 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 8cc894040..37d66d29b 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -37,14 +37,14 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -163,8 +163,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { //load Target only from OA config - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index d93aebcec..42fafc01e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -30,7 +30,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java index 4e5bed97c..70448ef09 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -36,8 +36,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.monitoring.TestManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index 13fb59038..5e4183146 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -29,11 +29,11 @@ import java.util.List; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index 824791797..7994e7a06 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -37,9 +37,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -71,7 +70,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { .getMoaSpIdentityLinkTrustProfileID(false)); // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the try { diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 3c2b143b3..b25eed520 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -27,8 +27,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/pom.xml b/id/server/pom.xml index 2fbd3dd06..56d317cf5 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -18,11 +18,11 @@ + moa-id-spring-initializer + moa-id-frontend-resources idserverlib moa-id-commons - modules - moa-id-spring-initializer - moa-id-frontend-resources + modules auth-final auth-edu -- cgit v1.2.3 From b01fc5becad147315bbd8d168f5435ee126e638d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 11:40:13 +0100 Subject: add independent mandate-service selection step to choose between MIS and ELGA mandate-service --- .../StartAuthentificationParameterParser.java | 22 +-- .../id/auth/servlet/GUILayoutBuilderServlet.java | 150 +++++++++++++++++++++ .../templates/mandate-service-selection.html | 52 +++++++ .../internal/DefaultCitizenCardAuthModuleImpl.java | 8 +- .../tasks/InitializeBKUAuthenticationTask.java | 4 +- .../internal/DefaultAuthentication.process.xml | 2 +- .../elgamandates/ELGAMandatesAuthConstants.java | 2 + .../elgamandates/ELGAMandatesAuthModuleImpl.java | 25 +++- .../tasks/ELGAInitializeBKUAuthenticationTask.java | 144 -------------------- .../tasks/EvaluateMandateServiceTask.java | 126 +++++++++++++++++ .../tasks/SelectMandateServiceTask.java | 95 +++++++++++++ .../elgamandates/utils/ELGAMandateUtils.java | 59 ++++++++ .../DefaultAuth_with_ELGA_mandates.process.xml | 19 ++- .../moaid_elga_mandate_client_auth.beans.xml | 10 +- 14 files changed, 541 insertions(+), 177 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html delete mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index f91dc6d3e..69c155c1e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -78,20 +78,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ //check UseMandate flag - String useMISMandateString = null; - boolean useMISMandateBoolean = false; + String useMandateString = null; + boolean useMandateBoolean = false; if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMISMandateString = useMandate; + useMandateString = useMandate; } else { - useMISMandateString = "false"; + useMandateString = "false"; } - if (useMISMandateString.compareToIgnoreCase("true") == 0) - useMISMandateBoolean = true; + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; else - useMISMandateBoolean = false; + useMandateBoolean = false; - moasession.setUseMandate(useMISMandateString); + moasession.setUseMandate(useMandateString); //load OnlineApplication configuration @@ -155,7 +155,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } else { Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); - if (useMISMandateBoolean) { + if (useMandateBoolean) { Logger.error("Online-Mandate Mode for business application not supported."); throw new AuthenticationException("auth.17", null); } @@ -213,8 +213,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ protocolReq.setNeedSingleSignOnFunctionality(false); } - if (protocolReq.needSingleSignOnFunctionality() && useMISMandateBoolean) { - Logger.info("Usage of MIS-MandateService does not allow Single Sign-On. --> SSO is disabled for this request."); + if (protocolReq.needSingleSignOnFunctionality() && useMandateBoolean) { + Logger.info("Usage of Mandate-Service does not allow Single Sign-On. --> SSO is disabled for this request."); protocolReq.setNeedSingleSignOnFunctionality(false); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java new file mode 100644 index 000000000..09b344f9d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -0,0 +1,150 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.moduls.IRequestStorage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class GUILayoutBuilderServlet extends AbstractController { + + public static final String ENDPOINT_CSS = "/css/buildCSS"; + public static final String ENDPOINT_JS = "/js/buildJS"; + + @Autowired AuthConfiguration authConfig; + @Autowired IRequestStorage requestStoreage; + @Autowired IGUIFormBuilder formBuilder; + + public GUILayoutBuilderServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + ENDPOINT_CSS + + "' and '" + ENDPOINT_JS + "'."); + + } + + @RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET}) + public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException { + try { + IRequest pendingReq = extractPendingRequest(req); + + //initialize GUI builder configuration + ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + if (pendingReq != null) + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + null); + + else + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + HTTPUtils.extractAuthURLFromRequest(req), + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + null); + + //build GUI component + formBuilder.build(resp, config, "text/css;charset=UTF-8", "CSS-Form"); + + } catch (Exception e) { + Logger.warn("GUI ressource:'CSS' generation FAILED."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); + } + + } + + @RequestMapping(value = "/js/buildJS", method = {RequestMethod.GET}) + public void buildJavaScript(HttpServletRequest req, HttpServletResponse resp) throws IOException { + try { + IRequest pendingReq = extractPendingRequest(req); + + //initialize GUI builder configuration + ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + if (pendingReq != null) + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + null); + + else + config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + HTTPUtils.extractAuthURLFromRequest(req), + ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + null); + + //build GUI component + formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript"); + + } catch (Exception e) { + Logger.warn("GUI ressource:'JavaScript' generation FAILED."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); + } + + } + + private IRequest extractPendingRequest(HttpServletRequest req) { + try { + String pendingReqID = StringEscapeUtils.escapeHtml( + req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + if (MiscUtil.isNotEmpty(pendingReqID)) { + IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); + if (pendingReq != null) { + Logger.trace("GUI-Layout builder: Pending-request:" + + pendingReqID + " found -> Build specific template"); + return pendingReq; + + } + } + + Logger.trace("GUI-Layout builder: No pending-request found -> Use default templates"); + + } catch (Exception e) { + Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e); + } + + return null; + } +} diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html new file mode 100644 index 000000000..a9f0c4238 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html @@ -0,0 +1,52 @@ + + + + + + + + Anmeldung an Online-Applikation + + + + +
              + +
              + + + +
              +
              +
              +

              + Anmeldeinformationen: +

              +
              + +
              +

              Anmeldung an: $OAName

              + + +
              +
              + + + +
              +
              +
              +
              + + + +
              +
              + +
              +
              +
              +
              +
              + + diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 4f9936c94..b0efb100a 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -17,12 +17,6 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { return 0; } - public String getProcessName() { - return "DefaultAuthentication"; - - - } - @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication @@ -35,7 +29,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { if (StringUtils.isBlank((String) context.get("ccc")) && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection) - return getProcessName(); + return "DefaultAuthentication"; else return null; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index d3d736a9c..c1fae1f1e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -177,9 +177,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } } + //set useMandate flag to executionContext executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.isMandateUsed()); - executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, moasession.isMandateUsed()); - + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index afa3fe2ad..74792ed72 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -38,7 +38,7 @@ - + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index b50d1cf4e..60dd95338 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -44,6 +44,8 @@ public class ELGAMandatesAuthConstants { public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect"; public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata"; + public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html"; + //configuration properties public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate."; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index 7f7af704c..753d3336c 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -23,7 +23,12 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; */ +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.util.MiscUtil; /** * This authentication module extens the default citizen @@ -33,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModu */ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { + @Autowired private AuthConfiguration authConfig; + private int priority = 0; /* (non-Javadoc) @@ -42,13 +49,23 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl public int getPriority() { return priority; } - + @Override - public String getProcessName() { - return "DefaultAuthenticationWithELGAMandates"; + public String selectProcess(ExecutionContext context) { + String selectedProcessID = super.selectProcess(context); + + //check if BKU authentication is selected and ELGA-MandateService is configurated + if (MiscUtil.isNotEmpty(selectedProcessID)) { + if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration( + ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL))) + return "DefaultAuthenticationWithELGAMandates"; + + } + + return selectedProcessID; } - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() */ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java deleted file mode 100644 index fb9628909..000000000 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; - -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Component; - -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Component("ELGAInitializeBKUAuthenticationTask") -public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask { - - @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - - try { - //perform Default-BKU authentication initialization - internalInitializeWithoutPersist(executionContext, request, response); - - //perform ELGA Mandate-Service specific parts - Logger.debug("Perfom ELGA-Mandate specific parts of initialisation."); - Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE); - - boolean elgaMandateUsed = false; - Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE); - if (elgaMandateUsedObj == null || - !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) { - Logger.error("Use ELGA-MandateService flag has a wrong type."); - throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"}); - - } else { - if (elgaMandateUsedObj instanceof String) - elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj); - else - elgaMandateUsed = (boolean) elgaMandateUsedObj; - - } - - //check if both mandate Services are requested - if ( (misMandateUsed != null && misMandateUsed) && - elgaMandateUsed ) { - Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince"); - throw new MOAIDException("validator.73", null); - - } - - - if (elgaMandateUsed) { - //check mandateProfiles against ELGA-MandateService configuration - if (!checkServiceProviderAgainstELGAModulConfigration()) { - Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() - + " does not fulfill requirements to use ELGA-MandateService."); - throw new MOAIDException("service.10", new Object[]{ - ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, - "No valid mandate-profile defined"}); - - } - - //remove MIS-Mandate flag and set useMandate flag to MOASession - Logger.debug("Authentication process select ELGA-MandateService."); - executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE); - moasession.setUseMandates(elgaMandateUsed); - } - - //disable SSO if it is requested - if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) { - Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request."); - pendingReq.setNeedSingleSignOnFunctionality(false); - - - } - - //store MOASession and pendingRequest - requestStoreage.storePendingRequest(pendingReq); - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException | MOAIDException e) { - Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage()); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - } - - /** - * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService. - * - * @return true, if ELGA mandateservice is allowed, otherwise false - */ - private boolean checkServiceProviderAgainstELGAModulConfigration() { - String allowedMandateTypesCSV = - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); - List allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); - List spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); - - boolean isELGAMandateServiceAllowed = false; - if (spMandateProfiles != null) { - for (String el : allowedMandateTypes) { - if (spMandateProfiles.contains(el)) - isELGAMandateServiceAllowed = true; - - } - } - - return isELGAMandateServiceAllowed; - } -} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java new file mode 100644 index 000000000..f05446771 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -0,0 +1,126 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("EvaluateMandateServiceTask") +public class EvaluateMandateServiceTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE); + boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE); + + //check if both mandate Services are requested + if ( useMIS && useELGA ) { + Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince"); + throw new MOAIDException("validator.73", null); + + } + + //select next process step + if (useELGA) { + //validate service-provider again + if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { + Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + + " does not fulfill requirements to use ELGA-MandateService."); + throw new MOAIDException("service.10", new Object[]{ + ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, + "No valid mandate-profile defined"}); + + } + + executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA); + Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... "); + + } else if(useMIS) { + executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS); + Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... "); + + + } else { + //mark pending-request as aborted + Logger.info("No Mandate-Service is selected. Abort authentication process ... "); + pendingReq.setAbortedByUser(true); + pendingReq.setAuthenticated(false); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //redirect to protocol finalization + performRedirectToProtocolFinialization(pendingReq, response); + + } + + } catch (MOAIDException e) { + Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e); + + } + + } + + private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException { + String paramString = httpReq.getParameter(paramName); + paramString = StringEscapeUtils.escapeHtml(paramString); + if (!ParamValidatorUtils.isValidUseMandate(paramString)) + throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null); + + if (MiscUtil.isNotEmpty(paramString)) + return Boolean.parseBoolean(paramString); + + else + return false; + + } +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java new file mode 100644 index 000000000..8d6ac1762 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -0,0 +1,95 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; +import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("SelectMandateServiceTask") +public class SelectMandateServiceTask extends AbstractAuthServletTask { + + @Autowired IGUIFormBuilder guiBuilder; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + //check if Service-Provider allows ELGA-mandates + if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { + Logger.trace("Build GUI for mandate-service selection ..."); + + IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + pendingReq, + ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, + GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + guiBuilder.build(response, config, "Mandate-Service selection"); + + Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... "); + + } else { + //service-provider does not allow ELGA-mandates --> switch to MIS mandate-service + Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default."); + executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true); + + } + + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, + "Can not build GUI. Msg:" + e.getMessage(), + new MOAIDException("builder.09", new Object[]{e.getMessage()}, e)); + + } catch (Exception e) { + Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java new file mode 100644 index 000000000..03f8fa195 --- /dev/null +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -0,0 +1,59 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; + +import java.util.List; + +import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; + +/** + * @author tlenz + * + */ +public class ELGAMandateUtils { + /** + * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService. + * + * @return true, if ELGA mandateservice is allowed, otherwise false + */ + public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) { + String allowedMandateTypesCSV = + authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + List allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); + List spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + + boolean isELGAMandateServiceAllowed = false; + if (spMandateProfiles != null) { + for (String el : allowedMandateTypes) { + if (spMandateProfiles.contains(el)) + isELGAMandateServiceAllowed = true; + + } + } + + return isELGAMandateServiceAllowed; + } +} diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index 8cd08d226..23edac7ca 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -5,7 +5,7 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - + @@ -18,6 +18,8 @@ + + @@ -25,9 +27,9 @@ - + - + @@ -43,10 +45,17 @@ - - + + + + + + + + + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml index c1abe78df..cbc4e65c1 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml @@ -26,11 +26,15 @@ - - + + + -- cgit v1.2.3 From a5c361d60ab4103026cdaac1818ecec52611be5d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 12:19:07 +0100 Subject: change Base64 decoder implementation --- .../moa/id/auth/parser/InfoboxReadResponseParser.java | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 28ce69e95..31c91cd40 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -46,9 +46,8 @@ package at.gv.egovernment.moa.id.auth.parser; -import iaik.x509.X509Certificate; - import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStream; import java.security.cert.CertificateException; @@ -57,7 +56,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; -import org.apache.axis.encoding.Base64; import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -66,9 +64,11 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.x509.X509Certificate; /** * Parses an <InfoboxReadResponse>. @@ -256,16 +256,14 @@ public class InfoboxReadResponseParser { String base64Content = DOMUtils.getText(base64ContentElement); - // Decode Base64 value to X509Certificate - byte[] content = Base64.decode(base64Content); + // Decode Base64 value to X509Certificate + byte[] content = Base64Utils.decode(base64Content, false); return new X509Certificate(content); - } catch (ParserConfigurationException e) { - throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); - } catch (TransformerException e) { - throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); - } catch (CertificateException e) { + } catch (ParserConfigurationException | TransformerException | + CertificateException | IOException e) { throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e); + } } -- cgit v1.2.3 From bd53025fa776091cd82d0fca57a28a5404fb4f37 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 Mar 2016 08:36:03 +0200 Subject: fix problem with XML parser and additional features options --- .../metadata/MOASPMetadataSignatureFilter.java | 26 +++--- .../moa/id/util/ParamValidatorUtils.java | 30 +++++-- .../java/at/gv/egovernment/moa/util/DOMUtils.java | 97 +++++++++++++++++++-- .../java/test/at/gv/egovernment/moa/AllTests.java | 8 +- .../test/at/gv/egovernment/moa/MOATestCase.java | 23 +++-- .../at/gv/egovernment/moa/util/DOMUtilsTest.java | 8 +- .../parser/CreateXMLSignatureResponseParser.java | 14 ++- .../id/auth/parser/InfoboxReadResponseParser.java | 16 +++- .../2.0.5/moa-spss-lib-2.0.5-javadoc.jar | Bin 0 -> 976947 bytes .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar | Bin 380513 -> 381412 bytes spss/pom.xml | 6 +- spss/server/pom.xml | 2 +- spss/server/serverlib/pom.xml | 19 ++-- .../server/config/ConfigurationPartsBuilder.java | 23 +++-- .../moa/spss/server/invoke/DataObjectFactory.java | 20 ++--- .../moa/spss/server/service/AxisHandler.java | 19 +++- .../moa/spss/server/service/ServiceUtils.java | 3 +- spss/server/serverws/pom.xml | 5 +- 18 files changed, 234 insertions(+), 85 deletions(-) create mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar (limited to 'id/server/modules/moa-id-modul-citizencard_authentication') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index a4ab92f58..3d69b0380 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -23,14 +23,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import java.io.IOException; -import java.io.StringWriter; -import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.FilterException; @@ -41,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter { EntityDescriptor entityDes = (EntityDescriptor) metadata; //check signature; try { - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(metadata.getDOM()); - transformer.transform(source, sr); - sw.close(); - String metadataXML = sw.toString(); + byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8"); + +// Transformer transformer = TransformerFactory.newInstance() +// .newTransformer(); +// StringWriter sw = new StringWriter(); +// StreamResult sr = new StreamResult(sw); +// DOMSource source = new DOMSource(metadata.getDOM()); +// transformer.transform(source, sr); +// sw.close(); +// String metadataXML = sw.toString(); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); VerifyXMLSignatureResponse result = sigVerify.verify( - metadataXML.getBytes(), trustProfileID); + serialized, trustProfileID); //check signature-verification result if (result.getSignatureCheckCode() != 0) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index f97d646b6..47ea91753 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -46,20 +46,20 @@ package at.gv.egovernment.moa.id.util; +import java.io.ByteArrayInputStream; import java.io.IOException; -import java.io.StringReader; import java.net.MalformedURLException; import java.net.URL; +import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; -import org.xml.sax.InputSource; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -68,12 +68,22 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; public class ParamValidatorUtils extends MOAIDAuthConstants{ + private static final Map parserFeatures = + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Checks if the given target is valid * @param target HTTP parameter from request @@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false; Logger.debug("Ueberpruefe Parameter XMLDocument"); - try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); - InputSource is = new InputSource(new StringReader(document)); - builder.parse(is); + try { + DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures); + +// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +// DocumentBuilder builder = factory.newDocumentBuilder(); +// InputSource is = new InputSource(new StringReader(document)); +// builder.parse(is); Logger.debug("Parameter XMLDocument erfolgreich ueberprueft"); return true; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 0a07fc4a7..95cd63643 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -33,6 +33,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.Set; import java.util.Vector; @@ -115,7 +116,7 @@ public class DOMUtils { private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; - private static final String DISALLOW_DOCTYPE_FEATURE = + public static final String DISALLOW_DOCTYPE_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; @@ -205,7 +206,8 @@ public class DOMUtils { String externalSchemaLocations, String externalNoNamespaceSchemaLocation, EntityResolver entityResolver, - ErrorHandler errorHandler) + ErrorHandler errorHandler, + Map parserFeatures) throws SAXException, IOException, ParserConfigurationException { DOMParser parser; @@ -247,8 +249,25 @@ public class DOMUtils { parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + //set external added parser features + if (parserFeatures != null) { + for (Entry el : parserFeatures.entrySet()) { + String key = el.getKey(); + if (MiscUtil.isNotEmpty(key)) { + Object value = el.getValue(); + if (value != null && value instanceof Boolean) + parser.setFeature(key, (boolean)value); + + else + Logger.warn("This XML parser only allows features with 'boolean' values"); + + } else + Logger.warn("Can not set 'null' feature to XML parser"); + } + } + //fix XXE problem - parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); if (validating) { @@ -346,6 +365,7 @@ public class DOMUtils { * @param externalNoNamespaceSchemaLocation The schema location of the * schema for elements without a namespace, the same way it is accepted by the * xsi:noNamespaceSchemaLocation attribute. + * @param parserFeatures * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -356,7 +376,7 @@ public class DOMUtils { InputStream inputStream, boolean validating, String externalSchemaLocations, - String externalNoNamespaceSchemaLocation) + String externalNoNamespaceSchemaLocation, Map parserFeatures) throws SAXException, IOException, ParserConfigurationException { @@ -367,9 +387,50 @@ public class DOMUtils { externalSchemaLocations, externalNoNamespaceSchemaLocation, new MOAEntityResolver(), - new MOAErrorHandler()); + new MOAErrorHandler(), + parserFeatures); } + /** + * Parse an XML document from a String. + * + * It uses a MOAEntityResolver as the EntityResolver + * and a MOAErrorHandler as the ErrorHandler. + * + * @param xmlString The String containing the XML document. + * @param encoding The encoding of the XML document. + * @param validating If true, parse validating. + * @param externalSchemaLocations A String containing namespace + * URI to schema location pairs, the same way it is accepted by the xsi: + * schemaLocation attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * xsi:noNamespaceSchemaLocation attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + String encoding, + boolean validating, + String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + Map parserFeatures) + throws SAXException, IOException, ParserConfigurationException { + + InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); + return parseDocument( + in, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + parserFeatures); + } + + /** * Parse an XML document from a String. * @@ -404,7 +465,8 @@ public class DOMUtils { in, validating, externalSchemaLocations, - externalNoNamespaceSchemaLocation); + externalNoNamespaceSchemaLocation, + null); } /** @@ -453,7 +515,26 @@ public class DOMUtils { public static Element parseXmlValidating(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) + .getDocumentElement(); + } + + /** + * A convenience method to parse an XML document validating. + * + * @param inputStream The InputStream containing the XML + * document. + * @param parserFeatures Set additional features to XML parser + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlValidating(InputStream inputStream, Map parserFeatures) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures) .getDocumentElement(); } @@ -471,7 +552,7 @@ public class DOMUtils { public static Element parseXmlNonValidating(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null) .getDocumentElement(); } diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java index ba7a0edc4..c0a93bf03 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java @@ -24,16 +24,10 @@ package test.at.gv.egovernment.moa; -import test.at.gv.egovernment.moa.util.DOMUtilsTest; -import test.at.gv.egovernment.moa.util.DateTimeUtilsTest; -import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest; -import test.at.gv.egovernment.moa.util.SSLUtilsTest; -import test.at.gv.egovernment.moa.util.XPathUtilsTest; - import junit.awtui.TestRunner; import junit.framework.Test; import junit.framework.TestSuite; - + /** * @author patrick * @version $Id$ diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java index 5d1c5371a..66bf1faff 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java @@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa; import java.io.FileInputStream; import java.io.StringReader; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; - import org.xml.sax.InputSource; -import junit.framework.TestCase; - import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import junit.framework.TestCase; /** * Base class for MOA test cases. @@ -51,6 +52,16 @@ public class MOATestCase extends TestCase { protected static final String TESTDATA_ROOT = "data/test/"; + protected static final Map parserFeatures = + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + + /** * Constructor for MOATestCase. * @param arg0 @@ -67,7 +78,8 @@ public class MOATestCase extends TestCase { new FileInputStream(fileName), false, null, - null); + null, + parserFeatures); } /** @@ -80,7 +92,8 @@ public class MOATestCase extends TestCase { new FileInputStream(fileName), true, Constants.ALL_SCHEMA_LOCATIONS, - null); + null, + parserFeatures); } /** diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java index 1a2b6904d..7b1c0cb67 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java @@ -23,6 +23,7 @@ package test.at.gv.egovernment.moa.util; + import java.io.FileInputStream; import java.util.Map; @@ -30,10 +31,9 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import test.at.gv.egovernment.moa.*; - import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import test.at.gv.egovernment.moa.MOATestCase; /** * @author Patrick Peck @@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase { new FileInputStream(fileName), true, Constants.ALL_SCHEMA_LOCATIONS, - null); + null, + parserFeatures); } public void testParseCreateXMLSignature() throws Exception { @@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase { new FileInputStream(fileName), false, null, + null, null); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index b39cf9e9b..eca231094 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser { /** This is the root element of the CreateXMLsignatureResponse */ private Element sigResponse_; + private static final Map parserFeatures = + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Parses and validates the document given as string and extracts the * root element. @@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser { private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { try { - Element responseElem = DOMUtils.parseXmlValidating(is); + Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures); if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) { sigResponse_ = responseElem; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 31c91cd40..90fd7e1c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.CertificateException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -82,6 +85,16 @@ public class InfoboxReadResponseParser { /** This is the root element of the XML-Document provided by the Security Layer Card*/ private Element infoBoxElem_; + private static final Map parserFeatures = + Collections.unmodifiableMap(new HashMap() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + + /** * Parses and validates the document given as string and extracts the * root element. @@ -132,7 +145,8 @@ public class InfoboxReadResponseParser { private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { try { - Element responseElem = DOMUtils.parseXmlValidating(is); + + Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures); if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { infoBoxElem_ = responseElem; diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar new file mode 100644 index 000000000..f166efece Binary files /dev/null and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar differ diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar index 5097e2f28..f57276444 100644 Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar differ diff --git a/spss/pom.xml b/spss/pom.xml index 1c2a3fbfa..9780bc5b5 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -1,10 +1,10 @@ - + 4.0.0 spss @@ -18,7 +18,7 @@ server - handbook + diff --git a/spss/server/pom.xml b/spss/server/pom.xml index eb37775c1..362f2e1b2 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -13,7 +13,7 @@ MOA SP/SS Server - tools + serverlib serverws diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index cafd8341b..3437f84db 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,29 +9,33 @@ MOA.spss.server moa-spss-lib jar - ${moa-spss-version} + 2.0.5 MOA SP/SS API ${basedir}/../../../repository - + axis axis + 1.0_IAIK_1.2 org.apache.axis axis-jaxrpc + 1.4 org.apache.axis axis-saaj + 1.4 axis axis-wsdl4j + 1.5.1 commons-discovery @@ -56,6 +60,7 @@ log4j log4j + 1.2.17 org.postgresql @@ -63,7 +68,7 @@ javax.servlet - servlet-api + javax.servlet-api provided @@ -127,8 +132,8 @@ true - MOA - moa-common + MOA.id.server + moa-id-commons jar - MOA - moa-common + MOA.id.server + moa-id-commons iaik.prod @@ -118,6 +118,7 @@ log4j log4j + 1.2.17