From 6b38531ef2a829e3dab513ae8c679511a848421d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 16:30:49 +0200
Subject: untested, but without dependency problems

---
 .../attributes/OAuth20AttributeBuilder.java        | 13 +++---
 .../oauth20/protocol/OAuth20AuthAction.java        | 16 +++----
 .../oauth20/protocol/OAuth20AuthRequest.java       |  8 ++--
 .../oauth20/protocol/OAuth20Protocol.java          | 49 ++++++++++------------
 .../oauth20/protocol/OAuth20TokenAction.java       |  8 ++--
 .../oauth20/protocol/OAuth20TokenRequest.java      | 25 +++++------
 6 files changed, 56 insertions(+), 63 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 46381fb3d..d97c8f7cf 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeB
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
 	}
 	
 	public static void addScopeOpenId(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData, 
+			final ISPConfiguration oaParam, final IAuthData authData, 
 			final OAuth20AuthRequest oAuthRequest) {
 		addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
 	}
 	
 	public static void addScopeProfile(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeEID(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeEIDGov(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeMandate(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeSTORK(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
 	}
 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 0189bc97d..5d461afc8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -33,11 +33,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -67,7 +67,7 @@ class OAuth20AuthAction implements IAction {
 			IAuthData authData) throws MOAIDException {
 		
 		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;		
-		String responseType = oAuthRequest.getResponseType();
+		String responseType = oAuthRequest.getResponseType(); 
 		
 		revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
 		
@@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction {
 			
 			
 			//TODO: maybe add bPK / wbPK to SLO information
-			SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule());
+			SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule());
 			
 			return sloInformation;
 		}
@@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction {
 	
 	private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
 			throws MOAIDException, SignatureException {
-		IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration();
 		
-		OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
+		OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer());
 		OAuthJsonToken token = new OAuthJsonToken(signer);
 		
 		StringBuilder resultScopes = new StringBuilder();
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 1528cfb28..40701d91d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,10 +28,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
@@ -180,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
+			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -192,7 +192,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
 			
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index ff802136f..e04d719d9 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -19,8 +19,8 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -30,7 +30,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -49,7 +48,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 					PVPConstants.BPK_NAME
 			});
 		
-	public String getName() {
+	public String getName() { 
 		return NAME;
 	}
 	
@@ -68,22 +67,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//OpenID Connect auth request
 	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
-	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
-		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-			Logger.info("OpenID-Connect is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+//			Logger.info("OpenID-Connect is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//			
+//		}
 		
 		OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
 		try {			
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
 			pendingReq.populateParameters(req);
 			
-		} catch (OAuth20Exception e) {
+		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+			throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
 			
 		}
 		
@@ -102,22 +101,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//openID Connect tokken request
 	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
-	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
-		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-			Logger.info("OpenID-Connect is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+//			Logger.info("OpenID-Connect is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//			
+//		}
 		
 		OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
 		try {			
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
 			pendingReq.populateParameters(req);
 			
-		} catch (OAuth20Exception e) {
+		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+			throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
 			
 		}
 				
@@ -149,18 +148,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		String errorUri = protocolRequest.getAuthURL() 
 				+"/" + OAuth20Constants.ERRORPAGE;
 		String moaError = null;
-		
-		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
-		
+				
 		if (e instanceof OAuth20Exception) {
 			errorCode = ((OAuth20Exception) e).getErrorCode();
 			errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
-			moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+			moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
 			
 		} else {
 			errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
 			errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
-			moaError = errorUtils.getResponseErrorCode(e);
+			moaError = statusMessager.getResponseErrorCode(e);
 		}
 				
 		String paramRedirect = null;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 239665801..f3dcbd295 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -31,10 +31,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.gson.JsonObject;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -55,7 +55,7 @@ class OAuth20TokenAction implements IAction {
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws MOAIDException {
 		
-		
+		 
 		OAuth20SessionObject auth20SessionObject = null;
 		try {
 			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index cada39a3a..e14914512 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,19 +22,16 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
-import java.util.Collection;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 		// check if client id and secret are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
 			
 			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
 				throw new OAuth20AccessDeniedException();
@@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 			this.setOnlineApplicationConfiguration(oaParam);
 			
 		}
-		catch (ConfigurationException e) {
+		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
@@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 		this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		return null;
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		return null;
+//	}
 }
-- 
cgit v1.2.3