From 4c59c85ac46957ed4610b9f2c19467cf8026705d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 28 Aug 2017 16:05:54 +0200 Subject: catch possible NullPointerException --- .../moa/id/protocols/pvp2x/verification/EntityVerifier.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 2ded32bac..d05d180e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -55,6 +55,12 @@ public class EntityVerifier { try { IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID); + if (oa == null) { + Logger.debug("No OnlineApplication with EntityID: " + entityID); + return null; + + } + String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); if (MiscUtil.isNotEmpty(certBase64)) { return Base64Utils.decode(certBase64, false); -- cgit v1.2.3 From 6af6c5fdffb071ce407a303cf3fd307359df1ef1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 28 Aug 2017 16:29:40 +0200 Subject: update IAIK libs --- .../java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java index f37ae0b0b..d30ce4924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java @@ -44,9 +44,9 @@ import iaik.security.ec.common.ECParameterSpec; import iaik.security.ec.common.ECPublicKey; import iaik.security.ec.common.ECStandardizedParameterFactory; import iaik.security.ec.common.EllipticCurve; +import iaik.security.ec.math.field.AbstractPrimeField; import iaik.security.ec.math.field.Field; import iaik.security.ec.math.field.FieldElement; -import iaik.security.ec.math.field.PrimeField; public class ECDSAKeyValueConverter { @@ -221,7 +221,7 @@ public class ECDSAKeyValueConverter // Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10)); // publicKeyPointX = field.newElement(xValue); - PrimeField pf = (PrimeField) field; + AbstractPrimeField pf = (AbstractPrimeField) field; publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10)); // Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10)); // publicKeyPointY = field.newElement(yValue); -- cgit v1.2.3 From 211fd182136ba3def6b31f6acd86b91c1521d092 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 12:38:50 +0200 Subject: update StatisticLogger to handle unknown BKUTypes --- .../gv/egovernment/moa/id/advancedlogging/StatisticLogger.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index b57e6ed69..55b1a7c9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -69,6 +69,7 @@ public class StatisticLogger implements IStatisticLogger{ private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request"; private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/"; + private static final String GENERIC_ONLINE_BKU = "bkuonline"; private static final String MANTATORTYPE_JUR = "jur"; private static final String MANTATORTYPE_NAT = "nat"; @@ -422,8 +423,13 @@ public class StatisticLogger implements IStatisticLogger{ return IOAAuthParameters.HANDYBKU; } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); - return IOAAuthParameters.ONLINEBKU; + if (bkuURL.contains(GENERIC_ONLINE_BKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); + return IOAAuthParameters.ONLINEBKU; + } + + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); + return IOAAuthParameters.AUTHTYPE_OTHERS; } } -- cgit v1.2.3 From 41275a296c73a5ecb29d52829116f4b6e99ce006 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 12:39:48 +0200 Subject: add xsd schema for eIDAS specific SAML2 extensions --- .../java/at/gv/egovernment/moa/util/Constants.java | 9 ++++++- .../resources/schemas/eIDAS_saml_extensions.xsd | 31 ++++++++++++++++++++++ .../auth/modules/eidas/utils/SAMLEngineUtils.java | 4 +++ .../resources/schema/eIDAS_saml_extensions.xsd | 31 ++++++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 129478270..2a4e3b362 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -394,6 +394,12 @@ public interface Constants { public static final String SAML2_METADATA_SCHEMA_LOCATION = SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd"; + + /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ + public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; + public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; + public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; + /** * Contains all namespaces and local schema locations for XML schema * definitions relevant for MOA. For use in validating XML parsers. @@ -427,7 +433,8 @@ public interface Constants { + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ") - + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION); + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION) + + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); /** URN prefix for bPK and wbPK. */ public static final String URN_PREFIX = "urn:publicid:gv.at"; diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd new file mode 100644 index 000000000..76b82a267 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/eIDAS_saml_extensions.xsd @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index d469ca28c..02a5df098 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -28,6 +28,7 @@ import java.net.URL; import java.util.HashMap; import java.util.Map; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; @@ -107,6 +108,9 @@ public class SAMLEngineUtils { //overwrite eIDAS response validator suite because Condition-Valitator has not time jitter initOpenSAMLConfig("own-saml-eidasnode-config.xml"); + //add eIDAS specific SAML2 extensions to eIDAS Schema validatior + SAMLSchemaBuilder.addExtensionSchema( + at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); eIDASEngine = engine; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd b/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd new file mode 100644 index 000000000..76b82a267 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/schema/eIDAS_saml_extensions.xsd @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From e36b3381215d1e29ba83658314e22085a3daff14 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 14:30:42 +0200 Subject: fix wrong entries in eIDAS metadata extensions --- .../moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'id/server') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java index d0c003b31..bb52d2ffe 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/NewMoaEidasMetadata.java @@ -168,12 +168,12 @@ public class NewMoaEidasMetadata { } private void generateDigest(Extensions eidasExtensions) throws EIDASSAMLEngineException { - if (!(StringUtils.isEmpty(this.params.getDigestMethods()))) { - Set signatureMethods = EIDASUtil.parseSemicolonSeparatedList(this.params.getDigestMethods()); + if (!(StringUtils.isEmpty(this.params.getSigningMethods()))) { + Set signatureMethods = EIDASUtil.parseSemicolonSeparatedList(this.params.getSigningMethods()); Set digestMethods = new HashSet(); for (String signatureMethod : signatureMethods) { digestMethods.add(CertificateUtil.validateDigestAlgorithm(signatureMethod)); - } + } for (String digestMethod : digestMethods) { DigestMethod dm = (DigestMethod) BuilderFactoryUtil.buildXmlObject(DigestMethod.DEF_ELEMENT_NAME); if (dm != null) { @@ -203,7 +203,7 @@ public class NewMoaEidasMetadata { generateDigest(eidasExtensions); if (!(StringUtils.isEmpty(this.params.getSigningMethods()))) { - Set signMethods = EIDASUtil.parseSemicolonSeparatedList(this.params.getDigestMethods()); + Set signMethods = EIDASUtil.parseSemicolonSeparatedList(this.params.getSigningMethods()); for (String signMethod : signMethods) { SigningMethod sm = (SigningMethod) BuilderFactoryUtil .buildXmlObject(SigningMethod.DEF_ELEMENT_NAME); -- cgit v1.2.3 From cfc0d2f6db21b4a07ef80ec31d589cbeb1f32a92 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 14:31:25 +0200 Subject: add static variable and update demo OA --- .../java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java | 1 + 1 file changed, 1 insertion(+) (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 971e401ca..bba6d0541 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -43,6 +43,7 @@ public interface IOAAuthParameters { public static final String LOCALBKU = "local"; public static final String INDERFEDERATEDIDP = "interfederated"; public static final String EIDAS = "eIDAS"; + public static final String AUTHTYPE_OTHERS = "others"; /** * Get the full key/value configuration for this online application -- cgit v1.2.3 From 98e5c09745c58ef1b04132a9c92c60143332540e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Sep 2017 14:32:27 +0200 Subject: switch to eIDAS SAML-engine 1.4.0-RC1 --- id/server/modules/moa-id-module-eIDAS/pom.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'id/server') diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml index 5bdead8b2..f3d8eeb36 100644 --- a/id/server/modules/moa-id-module-eIDAS/pom.xml +++ b/id/server/modules/moa-id-module-eIDAS/pom.xml @@ -12,11 +12,11 @@ ${basedir}/../../../../repository - 1.3.0 - 1.3.0 - 1.3.0 - 1.3.0 - 1.3.0 + 1.4.0-SNAPSHOT + 1.4.0-SNAPSHOT + 1.4.0-SNAPSHOT + 1.4.0-SNAPSHOT + 1.4.0-SNAPSHOT -- cgit v1.2.3 From 656b8b4910798dec7b253ea8f4b7dbec77715012 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Sep 2017 14:32:14 +0200 Subject: update eIDAS bPK target validation --- .../moa/id/auth/modules/eidas/Constants.java | 2 ++ .../moa/id/protocols/eidas/EIDASProtocol.java | 33 ++++++++++++++++++---- 2 files changed, 30 insertions(+), 5 deletions(-) (limited to 'id/server') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index c0101b553..d975b6e0a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -69,6 +69,8 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".metadata.url"; + public static final String CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".bpk.target."; + //timeouts and clock skews diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 940b91b44..4b67370d6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -56,6 +56,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; @@ -283,14 +284,22 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } else { String[] splittedTarget = eIDASTarget.split("\\+"); if (!splittedTarget[2].equalsIgnoreCase(reqCC)) { - Logger.error("Configuration for eIDAS-node:" + samlReq.getIssuer() + Logger.debug("Configuration for eIDAS-node:" + samlReq.getIssuer() + " Destination Country from request (" + reqCC - + ") does not match to configuration:" + eIDASTarget); - throw new MOAIDException("eIDAS.01", - new Object[]{"Destination Country from request does not match to configuration"}); + + ") does not match to configuration:" + eIDASTarget + + " --> Perform additional organisation check ..."); + + //check if eIDAS domain for bPK calculation is a valid target + if (!iseIDASTargetAValidOrganisation(reqCC, splittedTarget[2])) { + throw new MOAIDException("eIDAS.01", + new Object[]{"Destination Country from request does not match to configuration"}); + + } + } - Logger.debug("CountryCode from request matches eIDAS-node configuration target"); + Logger.debug("CountryCode from request matches eIDAS-node configuration target: " + eIDASTarget); + } @@ -439,6 +448,20 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { return false; } + + private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { + if (MiscUtil.isNotEmpty(reqCC)) { + List allowedOrganisations = KeyValueUtils.getListOfCSVValues( + authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + if (allowedOrganisations.contains(bPKTargetArea)) { + Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); + return true; + } + } + + Logger.info("OrganisationIdentifier: " + bPKTargetArea + " is not allowed for country: " + reqCC); + return false; + } } -- cgit v1.2.3 From 77c0e0bf1c565766eb2cecfb31b509b51c92b3d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Sep 2017 14:33:54 +0200 Subject: update error handling for wrong encoded BKU error responses --- .../moa/id/auth/parser/ErrorResponseParser.java | 39 +++++++++++++++++----- .../id/auth/parser/InfoboxReadResponseParser.java | 1 + 2 files changed, 31 insertions(+), 9 deletions(-) (limited to 'id/server') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java index a09f0a2a8..602914229 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java @@ -46,10 +46,16 @@ package at.gv.egovernment.moa.id.auth.parser; +import java.io.IOException; + +import javax.xml.transform.TransformerException; + import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.util.DOMUtils; /** * Parses an <ErrorResponse>. @@ -84,15 +90,30 @@ public class ErrorResponseParser { */ public ErrorResponseParser(Element errorElement) throws ParseException { if (errorElement != null) { - String namespace = errorElement.getNamespaceURI(); - NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode"); - if (nl.getLength() == 1) { - errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); - } - nl = errorElement.getElementsByTagNameNS(namespace, "Info"); - if (nl.getLength() == 1) { - errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); - } + try { + String namespace = errorElement.getNamespaceURI(); + NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode"); + if (nl.getLength() == 1) { + errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + } + nl = errorElement.getElementsByTagNameNS(namespace, "Info"); + if (nl.getLength() == 1 && ((Element)nl.item(0)).getFirstChild() != null) { + errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue(); + + } + } catch ( Exception e) { + try { + if (Logger.isDebugEnabled()) + Logger.warn("Can not extract error code from BKU response. Full-response: " + DOMUtils.serializeNode(errorElement), e) ; + else + Logger.warn("Can not extract error code from BKU response. Exception: " + e.getMessage()) ; + + } catch (TransformerException | IOException e1) { + Logger.warn("Can not extract error code from BKU response.", e); + Logger.warn("Can not serialize error response.", e1); + + } + } } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 275a85129..154092b03 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -150,6 +150,7 @@ public class InfoboxReadResponseParser { if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { infoBoxElem_ = responseElem; + } else { ErrorResponseParser erp = new ErrorResponseParser(responseElem); throw new BKUException("auth.08", -- cgit v1.2.3 From eb32c9b2cc8720c69090e9fd82fbd6861429b599 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 8 Sep 2017 14:34:10 +0200 Subject: remove unused code --- .../moa/id/commons/utils/ssl/SSLUtils.java | 27 ++++++++++------------ 1 file changed, 12 insertions(+), 15 deletions(-) (limited to 'id/server') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 109390132..abf2d211c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -49,7 +49,6 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.Security; import java.util.HashMap; import java.util.Map; @@ -66,8 +65,6 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.DefaultPKIConfiguration; import iaik.pki.PKIException; import iaik.pki.PKIFactory; -//import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; /** @@ -83,18 +80,18 @@ public class SSLUtils { /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ private static Map sslSocketFactories = new HashMap(); - /** - * Initializes the SSLSocketFactory store. - */ - public static void initialize() { - sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit - //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - Security.addProvider(new IAIK()); - //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - - - } +// /** +// * Initializes the SSLSocketFactory store. +// */ +// public static void initialize() { +// sslSocketFactories = new HashMap(); +// // JSSE Abhängigkeit +// //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); +// Security.addProvider(new IAIK()); +// //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); +// +// +// } /** * IAIK PKI module and MOA-SIG uses a ThreadLocal variable for logging -- cgit v1.2.3 From 91cf10d88f06b1ff26721c8796deb8d6510c1df7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Sep 2017 15:52:52 +0200 Subject: update eIDAS country selector --- .../builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server') diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java index 63df81b3c..8244d630d 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -97,10 +97,11 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam != null) { params.put(PARAM_OANAME, oaParam.getFriendlyName()); - - + if (oaParam.isShowStorkLogin()) addCountrySelection(params, oaParam); + else + params.put(PARAM_COUNTRYLIST, ""); FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); -- cgit v1.2.3 From 9b0dd388aca4bea80055284e558b6c16edefcec6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Sep 2017 15:53:07 +0200 Subject: update wrong log message --- .../modules/eidas/tasks/GenerateAuthnRequestTask.java | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'id/server') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 6f1d75bfe..3e7a4e875 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -22,16 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; +import java.awt.PageAttributes.MediaType; import java.io.StringWriter; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.StringUtils; import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -41,8 +42,7 @@ import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; - -import com.google.common.net.MediaType; +import org.springframework.util.StringUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -53,16 +53,8 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.CPEPS; -import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; @@ -306,7 +298,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { context.put("RelayState", pendingReq.getRequestID()); - Logger.debug("Using assertion consumer url as action: " + authnReqEndpoint.getLocation()); + Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Starting template merge"); -- cgit v1.2.3 From 22ccfa1baf256635268a3a65ac59d5a415d19356 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Sep 2017 14:28:36 +0200 Subject: update TransactionUtis for MDC logging and add unique OA identifier as additional MDC variable --- id/server/data/deploy/conf/moa-id/log4j.properties | 7 ++-- id/server/doc/handbook/install/install.html | 9 +++-- .../moa/id/advancedlogging/TransactionIDUtils.java | 45 +++++++++++++++++++--- .../moa/id/auth/AuthenticationSessionCleaner.java | 14 +++++-- .../moa/id/auth/servlet/AbstractController.java | 7 ++-- .../AbstractProcessEngineSignalController.java | 9 +---- .../UniqueSessionIdentifierInterceptor.java | 6 +-- .../moa/id/data/ExceptionContainer.java | 24 ++++++++++-- .../moa/id/moduls/AuthenticationManager.java | 15 +++++--- .../egovernment/moa/id/moduls/RequestStorage.java | 5 +-- .../moa/id/commons/MOAIDAuthConstants.java | 2 + 11 files changed, 102 insertions(+), 41 deletions(-) (limited to 'id/server') diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index d83e8e550..f37100a5b 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -19,8 +19,7 @@ log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c | %10t | %m%n -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n # configure the rolling file appender (R) log4j.appender.R=org.apache.log4j.RollingFileAppender @@ -28,7 +27,7 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log log4j.appender.R.MaxFileSize=10000KB log4j.appender.R.MaxBackupIndex=1 log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n # configure the rolling file appender (R) log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender @@ -36,4 +35,4 @@ log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log log4j.appender.CONFIGTOOL.MaxFileSize=10000KB log4j.appender.CONFIGTOOL.MaxBackupIndex=1 log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout -log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n \ No newline at end of file +log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n \ No newline at end of file diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html index aa4114539..db96cda3c 100644 --- a/id/server/doc/handbook/install/install.html +++ b/id/server/doc/handbook/install/install.html @@ -235,8 +235,8 @@ https://<host>:<port>/egiz-configuration-webapp/
2.1.3.1 Format der Log-Meldungen

Anhand einer konkreten Log-Meldung wird das Format der MOA SP/SS Log-Meldungen erläutert: 

-INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=node1 
-  MSG=Starte neue Transaktion: TID=1049225059594-100, Service=SignatureVerification
+ INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur 
+      | ajp-nio-28109-exec-7 | No SSO Session cookie found

Der Wert INFO besagt, dass die Log-Meldung im Log-Level INFO entstanden ist. Folgende Log-Levels existieren:

    @@ -257,7 +257,10 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=node1

Der nächste Wert 01 21:25:26,540 gibt den Zeitpunkt an, zu dem die Log-Meldung generiert wurde (in diesem Fall den 1. Tag im aktuellen Monat, sowie die genaue Uhrzeit).

-

Der Wert Thread-3 bezeichnet den Thread, von dem die Anfrage bearbeitet wird.

+

Der Wert SID-7947921060553739539 bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch über mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels %X{sessionId} in der log4j Konfiguration gesetzt werden

+

Der Wert TID-4708232418268334030 bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels %X{transactionId} in der log4j Konfiguration gesetzt werden

+

Der Wert https://sso.demosp.at/handysignatur bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) für welchen dieser Authentifizierungsrequest durchgeführt wird. Das Loggen des OA Identifiers kann mittels %X{oaId} in der log4j Konfiguration gesetzt werden

+

Der Wert ajp-nio-28109-exec-7 bezeichnet den Thread, von dem die Anfrage bearbeitet wird.

Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist häufig ein Java Stack-Trace angefügt, der eine genauere Ursachen-Forschung ermöglicht.

2.1.3.2 Wichtige Log-Meldungen

Neben den im Abschnitt 2.1.2.4.3 beschriebenen Log-Meldungen, die anzeigen, ob das Service ordnungsgemäß gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss über die Abarbeitung von Anfragen.

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java index 6d53fd510..0b066f3b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -23,10 +23,8 @@ package at.gv.egovernment.moa.id.advancedlogging; -import java.util.Date; - import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.id.commons.api.IRequest; /** * @author tlenz @@ -34,6 +32,43 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class TransactionIDUtils { + /** + * Set all MDC variables from pending request to this threat context
+ * These includes SessionID, TransactionID, and unique service-provider identifier + * + * @param pendingRequest + */ + public static void setAllLoggingVariables(IRequest pendingRequest) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix()); + + } + + /** + * Remove all MDC variables from this threat context + * + */ + public static void removeAllLoggingVariables() { + removeSessionId(); + removeTransactionId(); + removeServiceProviderId(); + + } + + + public static void setServiceProviderId(String oaUniqueId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId); + + } + + public static void removeServiceProviderId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID); + + } + public static void setTransactionId(String pendingRequestID) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, "TID-" + pendingRequestID); @@ -50,9 +85,9 @@ public class TransactionIDUtils { public static void setSessionId(String uniqueSessionId) { org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, - "TID-" + uniqueSessionId); + "SID-" + uniqueSessionId); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index bbb322a4f..34d0d4be1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -74,20 +74,26 @@ public class AuthenticationSessionCleaner implements Runnable { ExceptionContainer exContainer = (ExceptionContainer) entry; if (exContainer.getExceptionThrown() != null) { - //add session and transaction ID to log if exists + //add session, transaction, and service-provider IDs into logging context if exists if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + if (MiscUtil.isNotEmpty(exContainer.getUniqueServiceProviderId())) + TransactionIDUtils.setServiceProviderId(exContainer.getUniqueServiceProviderId()); + //log exception to technical log logExceptionToTechnicalLog(exContainer.getExceptionThrown()); //remove session and transaction ID from thread - TransactionIDUtils.removeSessionId(); - TransactionIDUtils.removeTransactionId(); - } + TransactionIDUtils.removeAllLoggingVariables(); + + } else { + Logger.warn("Receive an ExceptionContainer that includes no 'Exception' object. Somethinge is suspect!!!!!"); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 1431911a3..353261085 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; @@ -139,13 +140,11 @@ public abstract class AbstractController extends MOAIDAuthConstants { if (pendingReq != null) { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); transactionStorage.put(key, - new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), loggedException),-1); + new ExceptionContainer(pendingReq, loggedException),-1); } else { transactionStorage.put(key, - new ExceptionContainer(null, - null, loggedException),-1); + new ExceptionContainer(null, loggedException),-1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 0ce7b0050..32f103ca7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -45,11 +45,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont //change pending-request ID requestStorage.changePendingRequestID(pendingReq); pendingRequestID = pendingReq.getRequestID(); - - //add transactionID and unique sessionID to Logger - TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); - TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); - + // process instance is mandatory if (pendingReq.getProcessInstanceId() == null) { throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."}); @@ -64,8 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } finally { //MOASessionDBUtils.closeSession(); - TransactionIDUtils.removeTransactionId(); - TransactionIDUtils.removeSessionId(); + TransactionIDUtils.removeAllLoggingVariables(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index bedc67513..466364adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -57,8 +57,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); if (MiscUtil.isEmpty(uniqueSessionIdentifier)) uniqueSessionIdentifier = Random.nextRandom(); - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; @@ -79,8 +79,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { - // TODO Auto-generated method stub - + TransactionIDUtils.removeAllLoggingVariables(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java index 1c6fdcb65..4820b6fdc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.data; import java.io.Serializable; +import at.gv.egovernment.moa.id.commons.api.IRequest; + /** * @author tlenz * @@ -34,13 +36,21 @@ public class ExceptionContainer implements Serializable { private Throwable exceptionThrown = null; private String uniqueSessionID = null; private String uniqueTransactionID = null; + private String uniqueServiceProviderId = null; /** * */ - public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) { - this.uniqueSessionID = uniqueSessionID; - this.uniqueTransactionID = uniqueTransactionID; + public ExceptionContainer(IRequest pendingReq, Throwable exception) { + if (pendingReq != null) { + this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier(); + this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier(); + + if (pendingReq.getOnlineApplicationConfiguration() != null) + this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix(); + + } + this.exceptionThrown = exception; } @@ -62,6 +72,14 @@ public class ExceptionContainer implements Serializable { public String getUniqueTransactionID() { return uniqueTransactionID; } + + /** + * @return the uniqueServiceProviderId + */ + public String getUniqueServiceProviderId() { + return uniqueServiceProviderId; + } + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index ab0a1ec40..60b8b31de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -47,6 +47,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; @@ -202,6 +203,14 @@ public class AuthenticationManager extends MOAIDAuthConstants { public AuthenticationSession doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { + //load OA configuration from pending request + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + //set logging context and log unique OA identifier to revision log + TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); + revisionsLogger.logEvent(oaParam, + pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); + //generic authentication request validation if (pendingReq.isPassiv() && pendingReq.forceAuth()) { @@ -236,12 +245,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); // check if Service-Provider allows SSO sessions - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); - + //if a legacy request is used SSO should not be allowed in case of mandate authentication boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index eec48e0f3..90ccb3c27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -52,9 +52,8 @@ public class RequestStorage implements IRequestStorage{ } //set transactionID and sessionID to Logger - TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier()); - + TransactionIDUtils.setAllLoggingVariables(pendingRequest); + return pendingRequest; } catch (MOADatabaseException | NullPointerException e) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java index b16941f51..d8d3dbeee 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -171,8 +171,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; + //MDC variables for logging public static final String MDC_TRANSACTION_ID = "transactionId"; public static final String MDC_SESSION_ID = "sessionId"; + public static final String MDC_SERVICEPROVIDER_ID = "oaId"; //AuthnRequest IssueInstant validation public static final int TIME_JITTER = 5; //all 5 minutes time jitter -- cgit v1.2.3 From 3c81d3fef06204f2259b6c0377c8a2a00974c614 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 12:15:20 +0200 Subject: make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application --- .../htmlTemplates/pvp_postbinding_template.html | 46 ++++ id/server/doc/handbook/config/config.html | 44 ++-- .../tasks/GenerateBKUSelectionFrameTask.java | 8 +- .../GenerateSSOConsentEvaluatorFrameTask.java | 8 +- .../id/auth/servlet/GUILayoutBuilderServlet.java | 22 +- .../moa/id/moduls/AuthenticationManager.java | 4 +- .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java | 114 ++++++++++ .../id/protocols/pvp2x/AttributQueryAction.java | 6 +- .../id/protocols/pvp2x/AuthenticationAction.java | 8 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 8 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 4 +- .../moa/id/protocols/pvp2x/binding/IEncoder.java | 7 +- .../id/protocols/pvp2x/binding/PostBinding.java | 53 +++-- .../protocols/pvp2x/binding/RedirectBinding.java | 7 +- .../id/protocols/pvp2x/binding/SoapBinding.java | 7 +- .../pvp2x/builder/PVPAuthnRequestBuilder.java | 9 +- .../pvp2x/builder/SingleLogOutBuilder.java | 11 +- .../resources/templates/ParepMinTemplate.html | 193 ----------------- .../resources/templates/ParepTemplate.html | 235 --------------------- .../resources/resources/templates/fetchGender.html | 16 -- .../templates/oasis_dss_webform_binding.vm | 36 ---- .../templates/pvp_postbinding_template.html | 48 ----- .../templates/pvp_postbinding_template.html | 46 ++++ .../config/ConfigurationMigrationUtils.java | 7 +- .../config/MOAIDConfigurationConstants.java | 3 + .../dao/config/deprecated/OnlineApplication.java | 34 +++ ...roviderSpecificGUIFormBuilderConfiguration.java | 187 ++++++++++++++++ .../auth/frontend/builder/GUIFormBuilderImpl.java | 45 ++-- .../id/auth/frontend/builder/IGUIFormBuilder.java | 1 + ...PSpecificGUIBuilderConfigurationWithDBLoad.java | 82 +++++++ ...cGUIBuilderConfigurationWithFileSystemLoad.java | 110 ++++++++++ ...roviderSpecificGUIFormBuilderConfiguration.java | 187 ---------------- .../eidas/tasks/GenerateAuthnRequestTask.java | 12 +- .../tasks/SelectMandateServiceTask.java | 15 +- 34 files changed, 814 insertions(+), 809 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html create mode 100644 id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java (limited to 'id/server') diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html new file mode 100644 index 000000000..4ea9a4873 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html @@ -0,0 +1,46 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ + + +
+
+ #if($RelayState) #end + #if($SAMLRequest) #end + #if($SAMLResponse) #end +
+ +
+ + + \ No newline at end of file diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 0361442ac..52eb21ab3 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -1724,20 +1724,6 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der X Über diese Funktion können drei zusätzliche SecurtityLayer-Request Templates für diese Online-Applikation definiert werden. Diese hier definierten Templates dienen als zusätzliche WhiteList für Templates welche im „StartAuthentication“ Request mit dem Parameter „template“ übergeben werden. Sollte im „StartAuthentication“ Request der Parameter „template“ fehlen, es wurde jedoch eine „bkuURL“ übergeben, dann wird für den Authentifizierungsvorgang das erste Template in dieser Liste verwendet. Detailinformationen zum Legacy Request finden Sie im Kapitel Protokolle. - - BKU-Selection Template -   - X - X - Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates für die Bürgerkartenauswahl. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus Kapitel 4.1 umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle für Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. - - - Send-Assertion Template -   - X - X - Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates für die zusätzliche Anmeldeabfrage im Falle einer Single Sign-On Anmeldung. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus Kapitel 4.2 umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle für Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. -

3.2.3 Test Identitäten

In diesem Abschnitt können für diese Online-Applikation Testidentitäten erlaubt werden. Diese Testidentitäten können auch bei produktiven Instanzen freigeschalten werden, da die Unterschiedung zwischen Produkt- und Testidentität anhand einer speziellen OID im Signaturzertifikat der Testidentität getroffen wird. Folgende Konfigurationsparameter stehen hierfür zur Verfügung.

@@ -2074,7 +2060,37 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp X Wird diese Option gewählt wird im AuthBlock, welcher im Anmeldevorgang signiert wird, keine bPK oder wbPK dargestellt. + + BKU-Selection Template +   + X + X + Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates für die Bürgerkartenauswahl. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus Kapitel 4.1 umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle für Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. + + + Send-Assertion Template +   + X + X + Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates für die zusätzliche Anmeldeabfrage im Falle einer Single Sign-On Anmeldung. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus Kapitel 4.2 umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle für Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. + + + SAML2 Post-Binding Template +   + X + X + Pfad zum online-applikationsspezifischen Template für SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden. + + + Vollmachtenservice Auswahlseite Template +   + X + X + Pfad zum online-applikationsspezifischen Template zur Auswahl des gewünschten Vollmachtenservices. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden. + +
 
+
 
3.2.9.1 Login-Fenster Konfiguration

Diese Konfigurationsparameter bieten zusätzliche Einstellungen für eine Anpassung der Bürgerkartenauswahl welche von MOA-ID-Auth generiert wird. Zur besseren Handhabung werden die angegebenen Parameter direkt in einer Vorschau dargestellt. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index c582050ad..710008714 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); } - - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); guiBuilder.build(response, config, "BKU-Selection form"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index ca99e9ba3..475009cf2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas //store pending request requestStoreage.storePendingRequest(pendingReq); - //build consents evaluator form - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + //build consents evaluator form + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); guiBuilder.build(response, config, "SendAssertion-Evaluation"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 9b658d81b..416e787a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); //build GUI component @@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 60b8b31de..7c581d470 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -620,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); } else { //print SLO information directly @@ -656,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (pvpReq != null) { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java new file mode 100644 index 000000000..b05e60e94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java @@ -0,0 +1,114 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.opemsaml; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Writer; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.binding.SAMLMessageContext; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HTTPOutTransport; +import org.opensaml.ws.transport.http.HTTPTransportUtils; + +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOAIDHTTPPostEncoder extends HTTPPostEncoder { + + private VelocityEngine velocityEngine; + private IGUIBuilderConfiguration guiConfig; + private GUIFormBuilderImpl guiBuilder; + + /** + * @param engine + * @param templateId + */ + public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) { + super(engine, null); + this.velocityEngine = engine; + this.guiConfig = guiConfig; + this.guiBuilder = guiBuilder; + + } + + /** + * Base64 and POST encodes the outbound message and writes it to the outbound transport. + * + * @param messageContext current message context + * @param endpointURL endpoint URL to which to encode message + * + * @throws MessageEncodingException thrown if there is a problem encoding the message + */ + protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { + Logger.debug("Invoking Velocity template to create POST body"); + InputStream is = null; + try { + //build Velocity Context from GUI input paramters + VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig); + + //load template + is = guiBuilder.getTemplateInputStream(guiConfig); + + //populate velocity context with SAML2 parameters + populateVelocityContext(context, messageContext, endpointURL); + + //populate transport parameter + HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport(); + HTTPTransportUtils.addNoCacheHeaders(outTransport); + HTTPTransportUtils.setUTF8Encoding(outTransport); + HTTPTransportUtils.setContentType(outTransport, "text/html"); + + //evaluate template and write content to response + Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); + velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is))); + out.flush(); + + } catch (Exception e) { + Logger.error("Error invoking Velocity template", e); + throw new MessageEncodingException("Error creating output document", e); + + } finally { + if (is != null) { + try { + is.close(); + + } catch (IOException e) { + Logger.error("Can NOT close GUI-Template InputStream.", e); + } + } + + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 365a31fe1..643e30ac9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; @@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction { @Autowired private IDPCredentialProvider pvpCredentials; @Autowired private AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; private final static List DEFAULTSTORKATTRIBUTES = Arrays.asList( new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); @@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction { metadataProvider, issuerEntityID, attrQuery, date, assertion, authConfig.isPVP2AssertionEncryptionActive()); - SoapBinding decoder = new SoapBinding(); + SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class); decoder.encodeRespone(httpReq, httpResp, authResponse, null, null, - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), pendingReq); return null; } catch (MessageEncodingException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index aac49844e..9d60ae4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction { @Autowired IDPCredentialProvider pvpCredentials; @Autowired AuthConfiguration authConfig; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction { if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction { try { binding.encodeRespone(httpReq, httpResp, authResponse, consumerService.getLocation(), moaRequest.getRelayState(), - pvpCredentials.getIDPAssertionSigningCredential()); + pvpCredentials.getIDPAssertionSigningCredential(), req); //set protocol type sloInformation.setProtocolType(req.requestedModule()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index a7a249eed..216d7a8b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { IEncoder encoder = null; if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = new RedirectBinding(); + encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = new PostBinding(); + encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = new SoapBinding(); + encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); } if(encoder == null) { @@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential(); encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), - relayState, signCred); + relayState, signCred, protocolRequest); return true; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index ff703d585..f709da213 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } else { @@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction { //LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null); Logger.info("Sending SLO success message to requester ..."); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq); return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index 3b2fb3687..ccbef6e6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { @@ -43,12 +44,13 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the request object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException * @throws PVP2Exception */ public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; /** @@ -59,10 +61,11 @@ public interface IEncoder { * @param targetLocation URL, where the request should be transmit * @param relayState token for session handling * @param credentials Credential to sign the response object + * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null * @throws MessageEncodingException * @throws SecurityException */ public void encodeRespone(HttpServletRequest req, - HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials) + HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 9977e607b..c7688c14b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.app.VelocityEngine; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.binding.decoding.URIComparator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; @@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPPOSTBinding") public class PostBinding implements IDecoder, IEncoder { + + @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) GUIFormBuilderImpl guiBuilder; public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { @@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder { //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); @@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { try { -// X509Credential credentials = credentialProvider -// .getIDPAssertionSigningCredential(); - //load default PVP security configurations MOADefaultBootstrap.initializeDefaultPVPConfiguration(); Logger.debug("create SAML POSTBinding response"); - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - HTTPPostEncoder encoder = new HTTPPostEncoder(engine, - "resources/templates/pvp_postbinding_template.html"); + //initialize POST binding encoder with template decoration + IGUIBuilderConfiguration guiConfig = + new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + "pvp_postbinding_template.html", + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, + null, + authConfig.getRootConfigFileDir()); + MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder, + VelocityProvider.getClassPathVelocityEngine()); + + //set OpenSAML2 process parameter into binding context dao HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( resp, true); BasicSAMLMessageContext context = new BasicSAMLMessageContext(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 279038967..4f44a6202 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; @@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPRedirectBinding") public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { @@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder { public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, - Credential credentials) throws MessageEncodingException, SecurityException { + Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException { // try { // X509Credential credentials = credentialProvider // .getIDPAssertionSigningCredential(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 94d91694a..552b64ac6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.SignableXMLObject; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; @@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPSOAPBinding") public class SoapBinding implements IDecoder, IEncoder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; @@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder { } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation, String relayState, Credential credentials) + RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, - StatusResponseType response, String targetLocation, String relayState, Credential credentials) + StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException, PVP2Exception { // try { // Credential credentials = credentialProvider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java index 01ef4a43d..f29418853 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java @@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.commons.api.IRequest; @@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("PVPAuthnRequestBuilder") public class PVPAuthnRequestBuilder { + @Autowired(required=true) ApplicationContext springContext; /** * Build a PVP2.x specific authentication request @@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder { IEncoder binding = null; if (endpoint.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (endpoint.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } //encode message binding.encodeRequest(null, httpResp, authReq, - endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential()); + endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index de59e6055..4fef52aec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import org.w3c.dom.Document; @@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger; public class SingleLogOutBuilder { @Autowired(required=true) private MOAMetadataProvider metadataProvider; + @Autowired(required=true) ApplicationContext springContext; @Autowired private IDPCredentialProvider credentialProvider; + public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) { Status status = logOutResp.getStatus(); @@ -185,15 +188,15 @@ public class SingleLogOutBuilder { public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, - String relayState) throws MOAIDException { + String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException { IEncoder binding = null; if (consumerService.getBinding().equals( SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - binding = new RedirectBinding(); + binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class); } else if (consumerService.getBinding().equals( SAMLConstants.SAML2_POST_BINDING_URI)) { - binding = new PostBinding(); + binding = springContext.getBean("PVPPOSTBinding", PostBinding.class); } @@ -204,7 +207,7 @@ public class SingleLogOutBuilder { try { binding.encodeRespone(req, resp, sloResp, consumerService.getLocation(), relayState, - credentialProvider.getIDPAssertionSigningCredential()); + credentialProvider.getIDPAssertionSigningCredential(), pvpReq); } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html deleted file mode 100644 index f5bca7f1f..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html +++ /dev/null @@ -1,193 +0,0 @@ - - - - - - Berufsmäßige Parteieinvertretung - - - Berufsmäßige Parteienvertretung einer - natürlichen/juristischen Person -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vertreter:
Vorname Stern -
Name Stern -
Geburtsdatum Stern - -

Ich bin berufsmäßig - berechtigt für die nachfolgend genannte Person in deren Namen - mit der Bürgerkarte einzuschreiten.		 

Vertretene Person:
 natürliche - Person: 
Vorname Stern Info
Name Stern Info
Geburtsdatum Stern - -  Info
optional: -
Straße  
Hausnummer  Info
Einh. Nr.  Info
Postleitzahl  Info
Gemeinde  Info
 
 juristische - Person: 
Name Stern Info
 Stern Info
-
- -

- Bitte halten Sie Ihre Bürgerkartenumgebung bereit. -

-

- - -

-
- - - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html deleted file mode 100644 index cffc46981..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html +++ /dev/null @@ -1,235 +0,0 @@ - - - - - - - Berufsmäßige Parteieinvertretung - - - - - - - - - - -
- -   - - -
-
- E-Gov Logo -
-
-

Berufsmäßige Parteienvertretung

-
-
Bitte beachten Sie
-
-
- Stern  Feld muss - ausgefüllt sein -
-
- Info  Ausfüllhilfe -
-
- Rufezeichen  - Fehlerhinweis -
-
 
- -

Berufsmäßige Parteienvertretung einer - natürlichen/juristischen Person

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Vertreter:
Vorname Stern -
Name Stern -
Geburtsdatum Stern - -

Ich bin berufsmäßig - berechtigt für die nachfolgend genannte Person in deren - Namen mit der Bürgerkarte einzuschreiten.		 

Vertretene Person:
 natürliche - Person: 
Vorname Stern Info
Name Stern Info
Geburtsdatum Stern - -  Info
optional: -
Straße  
Hausnummer  Info -
Einh. Nr.  Info
Postleitzahl  Info
Gemeinde  Info
 
 juristische - Person: 
Name Stern Info
 Stern Info
-
- -

- Bitte halten Sie Ihre Bürgerkartenumgebung bereit. -

-

- - -

-
- -
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html b/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html deleted file mode 100644 index f47ee53ff..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/fetchGender.html +++ /dev/null @@ -1,16 +0,0 @@ - - - -
-
- -
-

Please indicate the gender of the represented.

-
- - -
-
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm b/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm deleted file mode 100644 index 7fcc1bb36..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/oasis_dss_webform_binding.vm +++ /dev/null @@ -1,36 +0,0 @@ -## -## Velocity Template for OASIS WEBFORM BINDING -## -## Velocity context may contain the following properties -## action - String - the action URL for the form -## signresponse - String - the Base64 encoded SAML Request -## verifyresponse - String - the Base64 encoded SAML Response -## clienturl - String - URL where the USer gets redirected after the signature process - - - - - - -
-
- #if($signrequest)#end - - #if($verifyrequest)#end - #if($clienturl)#end - -
- -
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html deleted file mode 100644 index 64e88a688..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html +++ /dev/null @@ -1,48 +0,0 @@ -## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity -##context may contain the following properties ## action - String - the -##action URL for the form ## RelayState - String - the relay state for the -##message ## SAMLRequest - String - the Base64 encoded SAML Request ## -##SAMLResponse - String - the Base64 encoded SAML Response - - - - - - - -
Your login is being processed. Thank you for - waiting.
- - - -
-
- #if($RelayState)#end #if($SAMLRequest)#end #if($SAMLResponse)#end - -
- -
- - - \ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html new file mode 100644 index 000000000..45c183215 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/templates/pvp_postbinding_template.html @@ -0,0 +1,46 @@ +## ## Velocity Template for SAML 2 HTTP-POST binding ## ## Velocity +##context may contain the following properties ## action - String - the +##action URL for the form ## RelayState - String - the relay state for the +##message ## SAMLRequest - String - the Base64 encoded SAML Request ## +##SAMLResponse - String - the Base64 encoded SAML Response + + + + + + + +
Your login is being processed. Thank you for + waiting.
+ + + +
+
+ #if($RelayState) #end + #if($SAMLRequest) #end + #if($SAMLResponse) #end +
+ +
+ + + \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index b8284c8f9..5091195d8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -143,7 +143,9 @@ public class ConfigurationMigrationUtils { if (MiscUtil.isNotEmpty(oa.getEventCodes())) { result.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, oa.getEventCodes()); } - + + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, oa.getMandateServiceSelectionTemplateURL()); + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, oa.getSaml2PostBindingTemplateURL()); //convert target String target_full = oa.getTarget(); @@ -769,6 +771,9 @@ public class ConfigurationMigrationUtils { } dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); + + dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); + dbOA.setSaml2PostBindingTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL)); if (Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE))) { dbOA.setType(MOA_CONFIG_BUSINESSSERVICE); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 9fe90daa4..b72034002 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -105,6 +105,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.hight"; public static final String SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH = SERVICE_AUTH_TEMPLATES_CUSTOMIZATION + ".applet.width"; + public static final String SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL = SERVICE_AUTH_TEMPLATES + ".saml2.postbinding.url"; + public static final String SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL = SERVICE_AUTH_TEMPLATES + ".elga.mandateserviceselection.url"; + private static final String SERVICE_AUTH_TESTCREDENTIALS = AUTH + "." + TESTCREDENTIALS; public static final String SERVICE_AUTH_TESTCREDENTIALS_ENABLED = SERVICE_AUTH_TESTCREDENTIALS + ".enabled"; public static final String SERVICE_AUTH_TESTCREDENTIALS_OIDs = SERVICE_AUTH_TESTCREDENTIALS + ".oids"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 4aee10bc1..196923ce6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -109,10 +109,44 @@ public class OnlineApplication @XmlTransient protected String selectedSZRGWServiceURL = null; + @XmlTransient + protected String saml2PostBindingTemplateURL = null; + + @XmlTransient + protected String mandateServiceSelectionTemplateURL = null; + /** + * @return the saml2PostBindingTemplateURL + */ + public String getSaml2PostBindingTemplateURL() { + return saml2PostBindingTemplateURL; + } + + /** + * @param saml2PostBindingTemplateURL the saml2PostBindingTemplateURL to set + */ + public void setSaml2PostBindingTemplateURL(String saml2PostBindingTemplateURL) { + this.saml2PostBindingTemplateURL = saml2PostBindingTemplateURL; + } + + /** + * @return the mandateServiceSelectionTemplateURL + */ + public String getMandateServiceSelectionTemplateURL() { + return mandateServiceSelectionTemplateURL; + } + + /** + * @param mandateServiceSelectionTemplateURL the mandateServiceSelectionTemplateURL to set + */ + public void setMandateServiceSelectionTemplateURL(String mandateServiceSelectionTemplateURL) { + this.mandateServiceSelectionTemplateURL = mandateServiceSelectionTemplateURL; + } + + /** * @return the selectedSZRGWServiceURL */ public String getSelectedSZRGWServiceURL() { diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java new file mode 100644 index 000000000..4bb4b0e27 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -0,0 +1,187 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { + + public static final String VIEW_BKUSELECTION = "loginFormFull.html"; + public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html"; + public static final String VIEW_TEMPLATE_CSS = "css_template.css"; + public static final String VIEW_TEMPLATE_JS = "javascript_tempalte.js"; + + public static final String PARAM_BKU_ONLINE = "bkuOnline"; + public static final String PARAM_BKU_HANDY = "bkuHandy"; + public static final String PARAM_BKU_LOCAL = "bkuLocal"; + + public static final String PARAM_OANAME = "OAName"; + public static final String PARAM_COUNTRYLIST = "countryList"; + + protected IRequest pendingReq = null; + + /** + * @param authURL PublicURLPrefix of the IDP but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, + String formSubmitEndpoint) { + super(authURL, viewName, formSubmitEndpoint); + + } + + /** + * @param Current processed pending-request DAO but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, + String formSubmitEndpoint) { + super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint); + this.pendingReq = pendingReq; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() + */ + @Override + public Map getSpecificViewParameters() { + Map params = new HashMap(); + params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU); + params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU); + params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU); + + if (pendingReq != null) { + params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); + + //add service-provider specific GUI parameters + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + if (oaParam != null) { + params.put(PARAM_OANAME, oaParam.getFriendlyName()); + + if (oaParam.isShowStorkLogin()) + addCountrySelection(params, oaParam); + else + params.put(PARAM_COUNTRYLIST, ""); + + FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); + + } else + FormBuildUtils.defaultLayoutBKUSelection(params); + + + } else { + //add default GUI parameters + FormBuildUtils.defaultLayoutBKUSelection(params); + + } + + return params; + } + + /** + * @param params + * @param oaParam + */ + private void addCountrySelection(Map params, IOAAuthParameters oaParam) { + String pepslist = ""; + try { + for (CPEPS current : oaParam.getPepsList()) { + String countryName = null; + if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()))) + countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()); + else + countryName = current.getFullCountryCode().toUpperCase(); + + pepslist += "\n"; + + } + params.put(PARAM_COUNTRYLIST, pepslist); + + } catch (NullPointerException e) { + Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage()); + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir() + */ + @Override + public String getClasspathTemplateDir() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) + */ + @Override + public InputStream getTemplate(String viewName) { + if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { + + byte[] oatemplate = null; + if (VIEW_BKUSELECTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); + + else if (VIEW_SENDASSERTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); + + // OA specific template requires a size of 8 bits minimum + if (oatemplate != null && oatemplate.length > 7) + return new ByteArrayInputStream(oatemplate); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType() + */ + @Override + public String getDefaultContentType() { + return null; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java index e8cd60afb..285c90163 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java @@ -78,24 +78,16 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder { build(httpResp, config, getInternalContentType(config), loggerName); } - - + @Override public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, String loggerName) throws GUIBuildException { InputStream is = null; try { - String viewName = config.getViewName(); + String viewName = config.getViewName(); + is = getTemplateInputStream(config); - //load Tempate - is = getInternalTemplate(config); - if (is == null) { - Logger.warn("No GUI with viewName:" + viewName + " FOUND."); - throw new GUIBuildException("No GUI with viewName:" + viewName + " FOUND."); - - } - //build Velocity Context from input paramters VelocityContext context = buildContextFromViewParams(config.getViewParameters()); @@ -137,6 +129,35 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder { } + /** + * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters + * + * @param config + * @return + */ + public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) { + return buildContextFromViewParams(config.getViewParameters()); + + } + + /** + * Load the template from different resources + * + * @param config + * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method + * @throws GUIBuildException + */ + public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException { + InputStream is = getInternalTemplate(config); + if (is == null) { + Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND."); + throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND."); + + } + return is; + + } + private String getInternalContentType(IGUIBuilderConfiguration config) { if (MiscUtil.isEmpty(config.getDefaultContentType())) return DEFAULT_CONTENT_TYPE; @@ -167,7 +188,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder { } catch (Exception e) { //load template from classpath as backup - Logger.info("GUI template:" + viewName + " is not found in configuration directory. " + Logger.debug("GUI template:" + viewName + " is not found in configuration directory. " + " Load template from project library ... "); try { pathLocation = getInternalClasspathTemplateDir(config) + viewName; diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java index 198220e97..8e8a63094 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java @@ -64,4 +64,5 @@ public interface IGUIFormBuilder { */ void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType, String loggerName) throws GUIBuildException; + } diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java new file mode 100644 index 000000000..13d8d3bb7 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java @@ -0,0 +1,82 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import at.gv.egovernment.moa.id.commons.api.IRequest; + +/** + * @author tlenz + * + */ +public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration { + + /** + * @param authURL PublicURLPrefix of the IDP but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public SPSpecificGUIBuilderConfigurationWithDBLoad(String authURL, String viewName, + String formSubmitEndpoint) { + super(authURL, viewName, formSubmitEndpoint); + + } + + /** + * @param Current processed pending-request DAO but never null + * @param viewName Name of the template (with suffix) but never null + * @param formSubmitEndpoint EndPoint on which the form should be submitted, + * or null if the form must not submitted + */ + public SPSpecificGUIBuilderConfigurationWithDBLoad(IRequest pendingReq, String viewName, + String formSubmitEndpoint) { + super(pendingReq, viewName, formSubmitEndpoint); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) + */ + @Override + public InputStream getTemplate(String viewName) { + if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { + + byte[] oatemplate = null; + if (VIEW_BKUSELECTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); + + else if (VIEW_SENDASSERTION.equals(viewName)) + oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); + + // OA specific template requires a size of 8 bits minimum + if (oatemplate != null && oatemplate.length > 7) + return new ByteArrayInputStream(oatemplate); + } + + return null; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java new file mode 100644 index 000000000..8bb6bc4e3 --- /dev/null +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java @@ -0,0 +1,110 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.frontend.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; + +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration { + + private String configKeyIdentifier = null; + private String configRootContextDir = null; + + /** + * @param authURL PublicURLPrefix of the IDP but never null + * @param viewName Name of the template (with suffix) but never null + * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template + * @param formSubmitEndpoint EndPoint on which the form should be submitted + * @param configRootContextDir Path to MOA-ID-Auth configuration root directory + * or null if the form must not submitted + */ + public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(String authURL, String viewName, + String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) { + super(authURL, viewName, formSubmitEndpoint); + this.configKeyIdentifier = configKeyIdentifier; + this.configRootContextDir = configRootContextDir; + + } + + /** + * @param Current processed pending-request DAO but never null + * @param viewName Name of the template (with suffix) but never null + * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template + * @param formSubmitEndpoint EndPoint on which the form should be submitted + * @param configRootContextDir Path to MOA-ID-Auth configuration root directory + */ + public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(IRequest pendingReq, String viewName, + String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) { + super(pendingReq, viewName, formSubmitEndpoint); + this.configKeyIdentifier = configKeyIdentifier; + this.configRootContextDir = configRootContextDir; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) + */ + @Override + public InputStream getTemplate(String viewName) { + if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && + configKeyIdentifier != null) { + try { + String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier); + if (MiscUtil.isNotEmpty(templateURL)) { + String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir); + if (!absURL.startsWith("file:")) { + Logger.warn("GUI template are only loadable from filesystem! " + + "(templateURL: " + absURL + ")"); + return null; + } + + Logger.debug("Load template URL for view: " + viewName + " from: " + absURL); + URI uri = new URL(absURL).toURI(); + return new FileInputStream(new File(uri)); + + } + } catch (FileNotFoundException | URISyntaxException | MalformedURLException e) { + Logger.warn("Template for view: " + viewName + " is NOT loadable! -> Switch to default template", e); + + } + } + + return null; + } + +} diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java deleted file mode 100644 index 8244d630d..000000000 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.frontend.builder; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.util.HashMap; -import java.util.Map; - -import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.CPEPS; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration { - - public static final String VIEW_BKUSELECTION = "loginFormFull.html"; - public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html"; - public static final String VIEW_TEMPLATE_CSS = "css_template.css"; - public static final String VIEW_TEMPLATE_JS = "javascript_tempalte.js"; - - public static final String PARAM_BKU_ONLINE = "bkuOnline"; - public static final String PARAM_BKU_HANDY = "bkuHandy"; - public static final String PARAM_BKU_LOCAL = "bkuLocal"; - - public static final String PARAM_OANAME = "OAName"; - public static final String PARAM_COUNTRYLIST = "countryList"; - - private IRequest pendingReq = null; - - /** - * @param authURL PublicURLPrefix of the IDP but never null - * @param viewName Name of the template (with suffix) but never null - * @param formSubmitEndpoint EndPoint on which the form should be submitted, - * or null if the form must not submitted - */ - public ServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, - String formSubmitEndpoint) { - super(authURL, viewName, formSubmitEndpoint); - - } - - /** - * @param Current processed pending-request DAO but never null - * @param viewName Name of the template (with suffix) but never null - * @param formSubmitEndpoint EndPoint on which the form should be submitted, - * or null if the form must not submitted - */ - public ServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, - String formSubmitEndpoint) { - super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint); - this.pendingReq = pendingReq; - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters() - */ - @Override - public Map getSpecificViewParameters() { - Map params = new HashMap(); - params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU); - params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU); - params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU); - - if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); - - //add service-provider specific GUI parameters - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - if (oaParam != null) { - params.put(PARAM_OANAME, oaParam.getFriendlyName()); - - if (oaParam.isShowStorkLogin()) - addCountrySelection(params, oaParam); - else - params.put(PARAM_COUNTRYLIST, ""); - - FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); - - } else - FormBuildUtils.defaultLayoutBKUSelection(params); - - - } else { - //add default GUI parameters - FormBuildUtils.defaultLayoutBKUSelection(params); - - } - - return params; - } - - /** - * @param params - * @param oaParam - */ - private void addCountrySelection(Map params, IOAAuthParameters oaParam) { - String pepslist = ""; - try { - for (CPEPS current : oaParam.getPepsList()) { - String countryName = null; - if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()))) - countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase()); - else - countryName = current.getFullCountryCode().toUpperCase(); - - pepslist += "\n"; - - } - params.put(PARAM_COUNTRYLIST, pepslist); - - } catch (NullPointerException e) { - Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage()); - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir() - */ - @Override - public String getClasspathTemplateDir() { - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String) - */ - @Override - public InputStream getTemplate(String viewName) { - if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) { - - byte[] oatemplate = null; - if (VIEW_BKUSELECTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate(); - - else if (VIEW_SENDASSERTION.equals(viewName)) - oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate(); - - // OA specific template requires a size of 8 bits minimum - if (oatemplate != null && oatemplate.length > 7) - return new ByteArrayInputStream(oatemplate); - } - - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType() - */ - @Override - public String getDefaultContentType() { - return null; - } - -} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 3e7a4e875..c55b5a749 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -22,12 +22,10 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; -import java.awt.PageAttributes.MediaType; import java.io.StringWriter; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -44,6 +42,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; +import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; @@ -53,8 +53,16 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 98f8d13c7..52970e240 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -30,7 +30,7 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -60,11 +61,13 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { //check if Service-Provider allows ELGA-mandates if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { Logger.trace("Build GUI for mandate-service selection ..."); - - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( - pendingReq, - ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, - GeneralProcessEngineSignalController.ENDPOINT_GENERIC); + + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithFileSystemLoad( + pendingReq, + ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, + MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, + GeneralProcessEngineSignalController.ENDPOINT_GENERIC, + authConfig.getRootConfigFileDir()); guiBuilder.build(response, config, "Mandate-Service selection"); -- cgit v1.2.3 From d4e3d5a75ae1922f576a9f28b6bf2267f4bd9ce6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 14:07:55 +0200 Subject: move some elements in OA configuration GUI --- id/server/doc/handbook/config/config.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'id/server') diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 52eb21ab3..84590aaee 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -1993,6 +1993,13 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der   Zertifikat mit dem die Metadaten der Online-Applikation signiert sind. Dieses wird benötigt um die Metadaten zu verifizieren. + + SAML2 Post-Binding Template +   + X + X + Pfad zum online-applikationsspezifischen Template für SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden. +
3.2.8.3 OpenID Connect

In diesem Bereich erfolgt die applikationsspezifische Konfiguration für OpenID Connect (OAuth 2.0).

@@ -2074,13 +2081,6 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp X Dieses Feld erlaubt die Konfiguration eines online-applikationsspezifischen Templates für die zusätzliche Anmeldeabfrage im Falle einer Single Sign-On Anmeldung. Dieses Template muss in die Konfiguration hochgeladen werden und muss die Mindestanforderungen aus Kapitel 4.2 umsetzen. Da diese Templates direkt in den Authentifizierungsprozess eingreifen und diese somit eine potentielle Angriffsstelle für Cross-Site Scripting (XSS) bieten wird die Verwendung von online-applikationsspezifischen Templates nicht empfohlen. - - SAML2 Post-Binding Template -   - X - X - Pfad zum online-applikationsspezifischen Template für SAML2 (PVP2 S-Profil) http POST-Binding. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Das Template kann ausschließlich aus dem Dateisystem geladen werden. - Vollmachtenservice Auswahlseite Template   -- cgit v1.2.3 From c498c2812a9f2b97da2356774527aaec0ae1f608 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Sep 2017 14:08:07 +0200 Subject: add log message --- .../builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server') diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java index 8bb6bc4e3..b5c50004b 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java @@ -103,7 +103,7 @@ public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends Abstrac } } - + Logger.trace("NO ServiceProvider specific template for view: " + viewName + " available"); return null; } -- cgit v1.2.3