From 6b38531ef2a829e3dab513ae8c679511a848421d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 16:30:49 +0200 Subject: untested, but without dependency problems --- .../attributes/OAuth20AttributeBuilder.java | 13 +++--- .../oauth20/protocol/OAuth20AuthAction.java | 16 +++---- .../oauth20/protocol/OAuth20AuthRequest.java | 8 ++-- .../oauth20/protocol/OAuth20Protocol.java | 49 ++++++++++------------ .../oauth20/protocol/OAuth20TokenAction.java | 8 ++-- .../oauth20/protocol/OAuth20TokenRequest.java | 25 +++++------ 6 files changed, 56 insertions(+), 63 deletions(-) (limited to 'id/server/modules/moa-id-module-openID/src/main/java/at') diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 46381fb3d..d97c8f7cf 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeB import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; @@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 0189bc97d..5d461afc8 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,11 +33,11 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -67,7 +67,7 @@ class OAuth20AuthAction implements IAction { IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 1528cfb28..40701d91d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -28,10 +28,10 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; @@ -180,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -192,7 +192,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index ff802136f..e04d719d9 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -19,8 +19,8 @@ import com.google.gson.JsonObject; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -30,7 +30,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -49,7 +48,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } @@ -68,22 +67,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e); } @@ -102,22 +101,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e); } @@ -149,18 +148,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 239665801..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,10 +31,10 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -55,7 +55,7 @@ class OAuth20TokenAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index cada39a3a..e14914512 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,16 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } -- cgit v1.2.3