From c38588d66605e8345664ff7fd935aafbf27237f9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Feb 2014 09:14:23 +0100 Subject: first short changes for BRZ *use different SystemConfigParam for moa-id-proxy *allow legacy request with no SL-template (use it from OA config) Bugfix: *general PVP2 config is not reloaded from database *use idp entityID in as issuer in AuthnResponse --- .../StartAuthentificationParameterParser.java | 10 +++++++- .../moa/id/config/ConfigurationProvider.java | 7 ++++++ .../config/proxy/ProxyConfigurationProvider.java | 2 +- .../protocols/pvp2x/config/PVPConfiguration.java | 29 ++++++++++------------ .../pvp2x/requestHandler/AuthnRequestHandler.java | 4 ++- .../XMLLoginParameterResolverEncryptedData.java | 2 +- .../moa/id/util/ParamValidatorUtils.java | 6 +++-- 7 files changed, 38 insertions(+), 22 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 67433dde7..bcd7cdc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -22,6 +22,8 @@ ******************************************************************************/ package at.gv.egovernment.moa.id.auth.parser; +import iaik.util.logging.Log; + import java.io.UnsupportedEncodingException; import java.util.List; @@ -238,6 +240,12 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setBkuURL(bkuURL); + if (MiscUtil.isEmpty(templateURL)) { + templateURL = oaParam.getTemplateURL().get(0).getURL(); + Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")"); + + } + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); moasession.setTemplateURL(templateURL); @@ -275,7 +283,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 84265f4ba..3432a19b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -76,6 +76,13 @@ public class ConfigurationProvider { public static final String CONFIG_PROPERTY_NAME = "moa.id.configuration"; + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String PROXY_CONFIG_PROPERTY_NAME = + "moa.id.proxy.configuration"; + /** * The name of the generic configuration property giving the certstore directory path. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index ecde454dd..93de902ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -116,7 +116,7 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { */ public static synchronized ProxyConfigurationProvider reload() throws ConfigurationException { - String fileName = System.getProperty(CONFIG_PROPERTY_NAME); + String fileName = System.getProperty(PROXY_CONFIG_PROPERTY_NAME); if (fileName == null) { throw new ConfigurationException("config.01", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 769e36fc1..5d71b915f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config; import iaik.x509.X509Certificate; import java.io.File; -import java.io.IOException; import java.net.URL; -import java.net.URLClassLoader; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; @@ -50,7 +48,6 @@ import org.opensaml.saml2.metadata.TelephoneNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; -import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -111,12 +108,12 @@ public class PVPConfiguration { private static String moaIDVersion = null; - PVP2 generalpvpconfigdb; + //PVP2 generalpvpconfigdb; Properties props; private PVPConfiguration() { try { - generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); + //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); } catch (ConfigurationException e) { @@ -124,8 +121,8 @@ public class PVPConfiguration { } } - public String getIDPPublicPath() { - String publicPath = generalpvpconfigdb.getPublicURLPrefix(); + public String getIDPPublicPath() throws ConfigurationException { + String publicPath = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getPublicURLPrefix(); if(publicPath != null) { if(publicPath.endsWith("/")) { int length = publicPath.length(); @@ -135,15 +132,15 @@ public class PVPConfiguration { return publicPath; } - public String getIDPSSOPostService() { + public String getIDPSSOPostService() throws ConfigurationException { return getIDPPublicPath() + PVP2_POST; } - public String getIDPSSORedirectService() { + public String getIDPSSORedirectService() throws ConfigurationException { return getIDPPublicPath() + PVP2_REDIRECT; } - public String getIDPSSOMetadataService() { + public String getIDPSSOMetadataService() throws ConfigurationException { return getIDPPublicPath() + PVP2_METADATA; } @@ -171,13 +168,13 @@ public class PVPConfiguration { return props.getProperty(IDP_KEY_PASSASSERTION); } - public String getIDPIssuerName() { + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { moaIDVersion = parseMOAIDVersionFromManifest(); } - return generalpvpconfigdb.getIssuerName() + moaIDVersion; + return AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getIssuerName() + moaIDVersion; } public List getMetadataFiles() { @@ -250,10 +247,10 @@ public class PVPConfiguration { } } - public List getIDPContacts() { + public List getIDPContacts() throws ConfigurationException { List list = new ArrayList(); - List contacts = generalpvpconfigdb.getContact(); + List contacts = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getContact(); if (contacts != null) { @@ -344,10 +341,10 @@ public class PVPConfiguration { return list; } - public Organization getIDPOrganisation() { + public Organization getIDPOrganisation() throws ConfigurationException { Organization org = SAML2Utils.createSAMLObject(Organization.class); - at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization(); + at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getOrganization(); String org_name = null; String org_dispname = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index f4b48ece3..21c0d85a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -96,7 +96,9 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 86da34e1c..9f3de08aa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -267,7 +267,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes //make file name absolut (if it is relative to main config file) //TODO MOAID XMLLPR check - String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); + String moaIDConfigFileName = System.getProperty(ConfigurationProvider.PROXY_CONFIG_PROPERTY_NAME); String rootConfigFileDir = new File(moaIDConfigFileName).getParent(); this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 3b6e001bf..327170054 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -266,7 +266,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ // if non parameter is given return true if (StringUtils.isEmpty(template)) { Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null"); - return true; + return false; } // check if template is a valid URL @@ -524,7 +524,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{ return false; } - if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + if (StringUtils.isEmpty(oaURL) + //|| StringUtils.isEmpty(templateURL) + || StringUtils.isEmpty(bkuURL) ) return false; else return true; -- cgit v1.2.3 From f9b31bdc4781d6eca20bc2d993f08f6a4eb462f2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Feb 2014 09:15:59 +0100 Subject: new depenency management for moa-id-configuration to avoid problems with HeapSpace --- id/ConfigWebTool/pom.xml | 31 +++++++++++++++++++++++++++++-- id/server/idserverlib/pom.xml | 16 +++++++--------- 2 files changed, 36 insertions(+), 11 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index ae8b62645..15228a30e 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -51,13 +51,40 @@ MOA.id.server moa-id-lib + + + * + * + + - + at.gv.util egovutils 1.0.4 - + + + com.sun + * + + + + + + + org.opensaml + opensaml + + + org.opensaml + xmltooling + + + + javax.mail + mail + org.apache.struts diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 81213f721..68acb8841 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -175,17 +175,15 @@ --> - + org.opensaml opensaml - 2.6.0 - - - - org.opensaml - xmltooling - 1.4.0 - + + + org.opensaml + xmltooling + + regexp regexp -- cgit v1.2.3 From 1c567f6eb16fa10d3811fbaaf70c4ab04fb08077 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 6 Feb 2014 15:42:53 +0100 Subject: BRZ: -add SAML1 SourceID parameter in moa-id general Bugfix: -SSO target had an error in case of business-service -OA with business-service whichout single sign-on produce an error --- .../moa/id/configuration/Constants.java | 16 ++++++ .../id/configuration/data/GeneralMOAIDConfig.java | 53 +++++++++++------ .../struts/action/EditGeneralConfigAction.java | 66 +++++++++++++++++----- .../configuration/struts/action/EditOAAction.java | 1 + .../validation/moaconfig/MOAConfigValidator.java | 43 +++++++++----- .../main/resources/applicationResources.properties | 4 +- .../src/main/webapp/jsp/editMOAConfig.jsp | 13 +++++ .../moa/id/auth/AuthenticationServer.java | 22 ++++++-- .../moa/id/auth/MOAIDAuthConstants.java | 2 + .../moa/id/config/ConfigurationProvider.java | 21 ------- .../id/config/auth/AuthConfigurationProvider.java | 44 +++++++++------ .../id/config/legacy/BuildFromLegacyConfig.java | 24 +++++--- .../src/main/resources/config/moaid_config_2.0.xsd | 46 ++++++++------- 13 files changed, 233 insertions(+), 122 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index e309eaadd..7b02883bb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -22,6 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration; +import java.util.Collection; +import java.util.Hashtable; +import java.util.Map; + +import edu.emory.mathcs.backport.java.util.Collections; + public class Constants { public static final String FILEPREFIX = "file:"; @@ -78,4 +84,14 @@ public class Constants { public static final String IDENIFICATIONTYPE_BASEID_ZVR = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_ZVR; public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + + public static final Map BUSINESSSERVICENAMES; + static { + Hashtable tmp = new Hashtable(); + tmp.put(IDENIFICATIONTYPE_FN, "Firmenbuchnummer"); + tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer"); + tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl"); + + BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index c6b9b984a..d81d03780 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; +import at.gv.egovernment.moa.util.MiscUtil; public class GeneralMOAIDConfig { @@ -90,6 +91,8 @@ public class GeneralMOAIDConfig { private boolean legacy_saml1 = false; private boolean legacy_pvp2 = false; + private String saml1SourceID = null; + private String pvp2PublicUrlPrefix = null; private String pvp2IssuerName = null; private String pvp2OrgName = null; @@ -214,6 +217,11 @@ public class GeneralMOAIDConfig { SAML1 saml1 = protocols.getSAML1(); if (saml1 != null) { protocolActiveSAML1 = saml1.isIsActive(); + saml1SourceID = saml1.getSourceID(); + + //TODO: could removed in a later version + if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) + saml1SourceID = alternativeSourceID; } @@ -263,13 +271,21 @@ public class GeneralMOAIDConfig { if (sso != null) { ssoFriendlyName = sso.getFriendlyName(); - IdentificationNumber idl = sso.getIdentificationNumber(); - if (idl != null) - ssoIdentificationNumber = idl.getValue(); +// IdentificationNumber idl = sso.getIdentificationNumber(); +// if (idl != null) +// ssoIdentificationNumber = idl.getValue(); ssoPublicUrl = sso.getPublicURL(); ssoSpecialText = sso.getSpecialText(); - ssoTarget = sso.getTarget(); + + if (MiscUtil.isNotEmpty(sso.getTarget()) && + sso.getTarget().startsWith(Constants.PREFIX_WPBK)) { + ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()). + replace("+", ""); + + } else + ssoTarget = sso.getTarget(); + } } @@ -319,20 +335,6 @@ public class GeneralMOAIDConfig { this.szrgwURL = szrgwURL; } - /** - * @return the alternativeSourceID - */ - public String getAlternativeSourceID() { - return alternativeSourceID; - } - - /** - * @param alternativeSourceID the alternativeSourceID to set - */ - public void setAlternativeSourceID(String alternativeSourceID) { - this.alternativeSourceID = alternativeSourceID; - } - /** * @return the certStoreDirectory */ @@ -913,6 +915,21 @@ public class GeneralMOAIDConfig { public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { this.protocolActiveOAuth = protocolActiveOAuth; } + + /** + * @return the saml1SourceID + */ + public String getSaml1SourceID() { + return saml1SourceID; + } + + /** + * @param saml1SourceID the saml1SourceID to set + */ + public void setSaml1SourceID(String saml1SourceID) { + this.saml1SourceID = saml1SourceID; + } + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 3c8c0e18d..67750e765 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.id.util.Random; @@ -229,12 +230,12 @@ public class EditGeneralConfigAction extends ActionSupport if (oldauth != null) oldauthgeneral = oldauth.getGeneralConfiguration(); - if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) - dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); - else { - if (oldauthgeneral != null) - dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); - } +// if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) +// dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); +// else { +// if (oldauthgeneral != null) +// dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); +// } if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); @@ -287,6 +288,15 @@ public class EditGeneralConfigAction extends ActionSupport } saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) { + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } else { + if (MiscUtil.isNotEmpty(saml1.getSourceID())) + saml1.setSourceID(moaconfig.getSaml1SourceID()); + + } + OAuth oauth= dbprotocols.getOAuth(); if (oauth == null) { oauth = new OAuth(); @@ -356,17 +366,43 @@ public class EditGeneralConfigAction extends ActionSupport if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); - if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) - dbsso.setTarget(moaconfig.getSsoTarget()); - - if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { - IdentificationNumber ssoid = dbsso.getIdentificationNumber(); - if (ssoid == null) { - ssoid = new IdentificationNumber(); - dbsso.setIdentificationNumber(ssoid); + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) { + + if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) { + String num = moaconfig.getSsoTarget().replaceAll(" ", ""); + String pre = null; + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + pre = Constants.IDENIFICATIONTYPE_FN; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) { + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + pre = Constants.IDENIFICATIONTYPE_ZVR; + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){ + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + pre = Constants.IDENIFICATIONTYPE_ERSB; + } + + dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num); + + } else { + dbsso.setTarget(moaconfig.getSsoTarget()); + } - ssoid.setValue(moaconfig.getSsoIdentificationNumber()); } +// if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { +// IdentificationNumber ssoid = dbsso.getIdentificationNumber(); +// if (ssoid == null) { +// ssoid = new IdentificationNumber(); +// dbsso.setIdentificationNumber(ssoid); +// } +// ssoid.setValue(moaconfig.getSsoIdentificationNumber()); +// } DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); if (dbbkus == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 775443689..25c3f24b9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -763,6 +763,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, IdentificationNumber idnumber = new IdentificationNumber(); idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); authoa.setIdentificationNumber(idnumber); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 1ea51652a..d7d97e5d4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -32,10 +32,12 @@ import java.util.Map; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -51,11 +53,11 @@ public class MOAConfigValidator { log.debug("Validate general MOA configuration"); - String check = form.getAlternativeSourceID(); + String check = form.getSaml1SourceID(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AlternativeSourceID contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.AlternativeSourceID", + log.warn("SAML1 SourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); } } @@ -282,14 +284,14 @@ public class MOAConfigValidator { } } - check = form.getSsoIdentificationNumber(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.info("SSO IdentificationNumber is not valid: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - } - } +// check = form.getSsoIdentificationNumber(); +// if (MiscUtil.isNotEmpty(check)) { +// if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { +// log.info("SSO IdentificationNumber is not valid: " + check); +// errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", +// new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); +// } +// } check = form.getSsoPublicUrl(); if (MiscUtil.isNotEmpty(check)) { @@ -315,8 +317,23 @@ public class MOAConfigValidator { } else { if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + + String num = check.replaceAll(" ", ""); + + if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) || + num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) || + num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { + + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + } + } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 216f74850..0da6b1ec8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -129,6 +129,8 @@ webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren webpages.moaconfig.protocols.legacy.saml1=SAML1 webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 webpages.moaconfig.protocols.oauth=OpenID Connect +webpages.moaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.moaconfig.protocols.saml1.sourceID=SourceID webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name @@ -298,7 +300,7 @@ validation.edituser.password.valid=Das Passwort konnte nicht in einen g\u00FClti validation.edituser.password.equal=Die Passw\u00F6rter sind nicht identisch. validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} -validation.general.AlternativeSourceID=Die AlternaticeSourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 41702cbbb..2e0e5ea2a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -300,6 +300,19 @@
+
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.saml1.header", request) %>

+ + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 06d5b01bd..a5e92c701 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; +import iaik.util.logging.Log; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -250,16 +251,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { String infoboxReadRequest = ""; + String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim(); + if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { + //do not use SSO if no Target is set + Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); + session.setSsoRequested(false); + + } + if (session.isSsoRequested()) { //load identityLink with SSO Target boolean isbuisness = false; - String domainIdentifier = ""; - IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); - if (ssobusiness != null) { + + if (domainIdentifier.startsWith(PREFIX_WPBK)) { + + isbuisness = false; + + } else { isbuisness = true; - domainIdentifier = ssobusiness.getValue(); + } - + //build ReadInfobox request infoboxReadRequest = new InfoboxReadRequestBuilder().build( isbuisness, domainIdentifier); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index f555cfb9a..060dc2248 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -104,6 +104,8 @@ public interface MOAIDAuthConstants { // /** the number of the certifcate extension for party organ representatives */ // public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; + /** OW */ public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index 3432a19b1..dc5ec430e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -135,27 +135,6 @@ public class ConfigurationProvider { return rootConfigFileDir; } - /** - * Returns the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map getGenericConfiguration() { - return genericConfiguration; - } - - /** - * Returns the value of a parameter from the generic configuration section. - * - * @return the parameter value; null if no such parameter - */ - public String getGenericConfigurationParameter(String parameter) { - if (! genericConfiguration.containsKey(parameter)) - return null; - return (String)genericConfiguration.get(parameter); - } - /** * Return the chaining mode for a given trust anchor. * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1804b5fd5..304b63de0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -519,6 +519,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (protocols.getSAML1() != null) { allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + + //load alternative sourceID + if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) + alternativesourceid = protocols.getSAML1().getSourceID(); + } if (protocols.getOAuth() != null) { @@ -562,8 +567,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } //set alternativeSourceID - if (auth.getGeneralConfiguration() != null) - alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + if (auth.getGeneralConfiguration() != null) + + //TODO: can be removed in a further version, because it is moved to SAML1 config + if (MiscUtil.isEmpty(alternativesourceid)) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); // sets the authentication session and authentication data time outs BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated(); @@ -744,7 +752,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } public ProtocolAllowed getAllowedProtocols() { - return this.allowedProtcols; + return allowedProtcols; } public PVP2 getGeneralPVP2DBConfig() { @@ -895,27 +903,27 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } } - public boolean isSSOBusinessService() throws ConfigurationException { - - if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) - return true; - else - return false; - } +// public boolean isSSOBusinessService() throws ConfigurationException { +// +// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) +// return true; +// else +// return false; +// } - public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + public String getSSOTagetIdentifier() throws ConfigurationException { if (ssoconfig != null) - return ssoconfig.getIdentificationNumber(); + return ssoconfig.getTarget(); else return null; } - public String getSSOTarget() throws ConfigurationException { - if (ssoconfig!= null) - return ssoconfig.getTarget(); - - return null; - } +// public String getSSOTarget() throws ConfigurationException { +// if (ssoconfig!= null) +// return ssoconfig.getTarget(); +// +// return null; +// } public String getSSOFriendlyName() { if (ssoconfig!= null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index f515ea6bd..7ecd7dde8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -58,11 +58,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; @@ -141,11 +143,7 @@ public class BuildFromLegacyConfig { //Load generic Config Map genericConfiguration = builder.buildGenericConfiguration(); GeneralConfiguration authGeneral = new GeneralConfiguration(); - - if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) - authGeneral.setAlternativeSourceID( - (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); - + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) authGeneral.setTrustManagerRevocationChecking( Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); @@ -179,6 +177,19 @@ public class BuildFromLegacyConfig { final List PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + //set SAML1 config + SAML1 saml1 = new SAML1(); + saml1.setIsActive(true); + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + saml1.setSourceID((String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + auth_protocols.setSAML1(saml1); + + //set OAuth config + OAuth oauth = new OAuth(); + oauth.setIsActive(true); + auth_protocols.setOAuth(oauth); + + //set PVP2.1 config PVP2 prot_pvp2 = new PVP2(); auth_protocols.setPVP2(prot_pvp2); prot_pvp2.setPublicURLPrefix("https://...."); @@ -188,7 +199,7 @@ public class BuildFromLegacyConfig { prot_pvp2.setOrganization(pvp2_org); pvp2_org.setDisplayName("OrganisationDisplayName"); pvp2_org.setName("OrganisatioName"); - pvp2_org.setURL("http://www.egiz.gv.at"); + pvp2_org.setURL("http://testorganisation.at"); List pvp2_contacts = new ArrayList(); prot_pvp2.setContact(pvp2_contacts); @@ -357,7 +368,6 @@ public class BuildFromLegacyConfig { // oa_auth.setUseIFrame(false); // oa_auth.setUseUTC(oa.getUseUTC()); - //BKUURLs BKUURLS bkuurls = new BKUURLS(); bkuurls.setOnlineBKU(oldbkuonline); diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 33ad5c990..7944a7321 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -79,8 +79,8 @@ - - + + @@ -281,6 +281,9 @@ + + + @@ -860,10 +863,10 @@ - + - + @@ -926,15 +929,14 @@ - - + + - - - + + + - + @@ -997,17 +999,13 @@ - - - - - - - - - - - - - + + + + + + + + + -- cgit v1.2.3 From 42e2547a52439611b52e6a42c6e1098acff997c6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Feb 2014 12:46:53 +0100 Subject: * use MOADefaultBootstrap to set SHA256 as default security parameter * SAMLEngine: deaktivate DefaultBootStrap. --- .../id/demoOA/servlet/pvp2/DemoApplication.java | 13 ++++++----- .../moa/id/auth/AuthenticationServer.java | 4 ++-- .../id/config/auth/AuthConfigurationProvider.java | 4 +++- .../moa/id/protocols/pvp2x/MetadataAction.java | 26 ++++++++++++++++++++-- .../moa/id/protocols/pvp2x/PVPConstants.java | 9 ++++++++ .../protocols/pvp2x/config/PVPConfiguration.java | 4 +++- .../pvp2x/requestHandler/AuthnRequestHandler.java | 23 ++++++++----------- .../java/eu/stork/peps/auth/engine/SAMLEngine.java | 13 ++++++----- 8 files changed, 65 insertions(+), 31 deletions(-) (limited to 'id') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index 0b30d7d86..dcd478864 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; +import java.security.Key; import java.security.KeyStore; import java.util.ArrayList; import java.util.List; @@ -55,6 +56,7 @@ import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; @@ -149,6 +151,11 @@ public class DemoApplication extends HttpServlet { Logger.info("PVP2 Assertion is valid"); + //set assertion + org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); + String assertion = DOMUtils.serializeNode(doc); + bean.setAssertion(assertion); + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { List saml2assertions = new ArrayList(); @@ -177,7 +184,7 @@ public class DemoApplication extends HttpServlet { encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); Decrypter samlDecrypter = - new Decrypter(null, skicr, encryptedKeyResolver); + new Decrypter(null, skicr, encryptedKeyResolver); for (EncryptedAssertion encAssertion : encryAssertionList) { saml2assertions.add(samlDecrypter.decrypt(encAssertion)); @@ -219,10 +226,6 @@ public class DemoApplication extends HttpServlet { } } - org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse); - String assertion = DOMUtils.serializeNode(doc); - - bean.setAssertion(assertion); bean.setDateOfBirth(birthday); bean.setFamilyName(familyName); bean.setGivenName(givenName); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a5e92c701..d8d375db2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -265,10 +265,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (domainIdentifier.startsWith(PREFIX_WPBK)) { - isbuisness = false; + isbuisness = true; } else { - isbuisness = true; + isbuisness = false; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 304b63de0..c0f47d781 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -365,7 +366,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //Initialize OpenSAML for STORK Logger.info("Starting initialization of OpenSAML..."); - DefaultBootstrap.bootstrap(); + MOADefaultBootstrap.bootstrap(); + //DefaultBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 78fe43daa..7e6d1e2c7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -36,6 +36,7 @@ import javax.xml.transform.stream.StreamResult; import org.joda.time.DateTime; import org.opensaml.Configuration; +import org.opensaml.common.impl.SAMLObjectContentReference; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.metadata.ContactPerson; @@ -45,12 +46,15 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.ContentReference; import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; @@ -114,13 +118,31 @@ public class MetadataAction implements IAction { Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential(); Signature signature = CredentialProvider .getIDPSignature(metadataSigningCredential); + + idpEntitiesDescriptor.setSignature(signature); + +// //set SignatureMethode +// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); +// +// //set DigestMethode +// List contentList = signature.getContentReferences(); +// for (ContentReference content : contentList) { +// +// if (content instanceof SAMLObjectContentReference) { +// +// SAMLObjectContentReference el = (SAMLObjectContentReference) content; +// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); +// +// } +// } + // KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); // KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); // //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); // signature.setKeyInfo(metadataKeyInfo ); - idpEntitiesDescriptor.setSignature(signature); + IDPSSODescriptor idpSSODescriptor = SAML2Utils .createSAMLObject(IDPSSODescriptor.class); @@ -222,7 +244,7 @@ public class MetadataAction implements IAction { String metadataXML = sw.toString(); - //System.out.println("METADATA: " + metadataXML); + System.out.println("METADATA: " + metadataXML); httpResp.setContentType("text/xml"); httpResp.getOutputStream().write(metadataXML.getBytes()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 0172cce2d..7946c7596 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -22,8 +22,17 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import org.opensaml.xml.encryption.EncryptionConstants; +import org.opensaml.xml.signature.SignatureConstants; + public interface PVPConstants { + public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; + public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; + public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128; + public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP; + + public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/"; public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index 5d71b915f..bf82efb79 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -33,6 +33,7 @@ import java.util.Properties; import java.util.jar.Attributes; import java.util.jar.Manifest; +import org.opensaml.Configuration; import org.opensaml.saml2.metadata.Company; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; @@ -45,6 +46,7 @@ import org.opensaml.saml2.metadata.OrganizationName; import org.opensaml.saml2.metadata.OrganizationURL; import org.opensaml.saml2.metadata.SurName; import org.opensaml.saml2.metadata.TelephoneNumber; +import org.opensaml.xml.security.SecurityConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; @@ -115,7 +117,7 @@ public class PVPConfiguration { try { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); - + } catch (ConfigurationException e) { e.printStackTrace(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 21c0d85a1..229158778 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; import java.util.ArrayList; import java.util.List; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -45,7 +44,6 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCredentialResolver; import org.opensaml.security.MetadataCriteria; import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.encryption.EncryptionException; import org.opensaml.xml.encryption.EncryptionParameters; import org.opensaml.xml.encryption.KeyEncryptionParameters; @@ -57,6 +55,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria; import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; import org.opensaml.xml.security.x509.X509Credential; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -125,12 +124,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { AssertionConsumerService consumerService = spSSODescriptor .getAssertionConsumerServices().get(idx); - if (consumerService == null) { - //TODO: maybe use default ConsumerService - + if (consumerService == null) { throw new InvalidAssertionConsumerServiceException(idx); } + String oaURL = consumerService.getLocation(); //check, if metadata includes an encryption key @@ -158,19 +156,19 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { try { EncryptionParameters dataEncParams = new EncryptionParameters(); - dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); - + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + List keyEncParamList = new ArrayList(); KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() .getKeyInfoGeneratorManager().getDefaultManager() .getFactory(encryptionCredentials); keyEncParam.setKeyInfoGenerator(kigf.newInstance()); keyEncParamList.add(keyEncParam); - + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); samlEncrypter.setKeyPlacement(KeyPlacement.PEER); @@ -178,7 +176,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { EncryptedAssertion encryptAssertion = null; encryptAssertion = samlEncrypter.encrypt(assertion); - + authResponse.getEncryptedAssertions().add(encryptAssertion); } catch (EncryptionException e1) { @@ -191,10 +189,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { authResponse.getAssertions().add(assertion); } - - - - + IEncoder binding = null; if (consumerService.getBinding().equals( diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java index 48718242b..e993c0e46 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/SAMLEngine.java @@ -143,12 +143,13 @@ public class SAMLEngine { LOG.info("SAMLEngine: Initialize OpenSAML"); - try { - DefaultBootstrap.bootstrap(); - } catch (ConfigurationException e) { - LOG.error("Problem initializing the OpenSAML library."); - throw new STORKSAMLEngineRuntimeException(e); - } + //TLenz: MOA-ID uses an own Bootstrap +// try { +// DefaultBootstrap.bootstrap(); +// } catch (ConfigurationException e) { +// LOG.error("Problem initializing the OpenSAML library."); +// throw new STORKSAMLEngineRuntimeException(e); +// } LOG.debug("Read all file configurations. (instances of SAMLEngine)"); try { -- cgit v1.2.3 From 9b67dbb64ed665be5430c213607854c8c7e3584b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Feb 2014 08:07:20 +0100 Subject: change metadata validto area to 24 hours --- .../moa/id/configuration/auth/pvp2/BuildMetadata.java | 8 ++++++++ .../egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 7 +++++++ .../gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java | 10 +++------- 3 files changed, 18 insertions(+), 7 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java index 56f593ce7..9a0f73a1f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -45,6 +45,7 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.apache.log4j.Logger; +import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; @@ -87,6 +88,8 @@ public class BuildMetadata extends HttpServlet { private static final Logger log = Logger.getLogger(BuildMetadata.class); + private static final int VALIDUNTIL_IN_HOURS = 24; + /** * @see HttpServlet#HttpServlet() */ @@ -118,6 +121,9 @@ public class BuildMetadata extends HttpServlet { EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. createSAMLObject(EntitiesDescriptor.class); + DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { log.info("NO Metadata EntitiesName configurated"); @@ -130,6 +136,8 @@ public class BuildMetadata extends HttpServlet { EntityDescriptor spEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); String serviceURL = config.getPublicUrlPreFix(request); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index 652960bbc..4c9bc6d76 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -82,6 +82,8 @@ import at.iaik.commons.util.MiscUtil; public class BuildMetadata extends HttpServlet { private static final long serialVersionUID = 1L; + private static final int VALIDUNTIL_IN_HOURS = 24; + /** * @see HttpServlet#HttpServlet() */ @@ -111,6 +113,9 @@ public class BuildMetadata extends HttpServlet { EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. createSAMLObject(EntitiesDescriptor.class); + DateTime date = new DateTime(); + spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); + String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { Logger.info("NO Metadata EntitiesName configurated"); @@ -128,6 +133,8 @@ public class BuildMetadata extends HttpServlet { EntityDescriptor spEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); + spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); //set OA-ID (PublicURL Prefix) as identifier diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 7e6d1e2c7..1668c31ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -36,7 +36,6 @@ import javax.xml.transform.stream.StreamResult; import org.joda.time.DateTime; import org.opensaml.Configuration; -import org.opensaml.common.impl.SAMLObjectContentReference; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.metadata.ContactPerson; @@ -46,15 +45,12 @@ import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; -import org.opensaml.xml.signature.ContentReference; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; @@ -70,7 +66,7 @@ import at.gv.egovernment.moa.logging.Logger; public class MetadataAction implements IAction { - private static final int VALIDUNTIL_IN_DAYES = 30; + private static final int VALIDUNTIL_IN_HOURS = 24; public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { @@ -85,7 +81,7 @@ public class MetadataAction implements IAction { DateTime date = new DateTime(); - idpEntitiesDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES)); + idpEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS)); EntityDescriptor idpEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); @@ -99,7 +95,7 @@ public class MetadataAction implements IAction { idpEntityDescriptor .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); - idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_DAYES)); + idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS)); List persons = PVPConfiguration.getInstance() .getIDPContacts(); -- cgit v1.2.3 From f86ebab09aad5971c86dce3827d46a0d41003994 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Feb 2014 08:09:48 +0100 Subject: customize OpenSAML bootstrap to use SHA256 by default --- .../pvp2x/config/MOADefaultBootstrap.java | 61 ++++++++++ .../MOADefaultSecurityConfigurationBootstrap.java | 129 +++++++++++++++++++++ 2 files changed, 190 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java new file mode 100644 index 000000000..80789cd12 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java @@ -0,0 +1,61 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder; +import org.opensaml.xml.ConfigurationException; + +/** + * @author tlenz + * + */ +public class MOADefaultBootstrap extends DefaultBootstrap { + + public static synchronized void bootstrap() throws ConfigurationException { + + initializeXMLSecurity(); + + initializeXMLTooling(); + + initializeArtifactBuilderFactories(); + + initializeGlobalSecurityConfiguration(); + + initializeParserPool(); + + initializeESAPI(); + + } + + + + /** + * Initializes the default global security configuration. + */ + protected static void initializeGlobalSecurityConfiguration() { + Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig()); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java new file mode 100644 index 000000000..1563ba9be --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java @@ -0,0 +1,129 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import org.opensaml.xml.encryption.EncryptionConstants; +import org.opensaml.xml.security.BasicSecurityConfiguration; +import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap; +import org.opensaml.xml.signature.SignatureConstants; + +/** + * @author tlenz + * + */ +public class MOADefaultSecurityConfigurationBootstrap extends + DefaultSecurityConfigurationBootstrap { + + public static BasicSecurityConfiguration buildDefaultConfig() { + BasicSecurityConfiguration config = new BasicSecurityConfiguration(); + + populateSignatureParams(config); + populateEncryptionParams(config); + populateKeyInfoCredentialResolverParams(config); + populateKeyInfoGeneratorManager(config); + populateKeyParams(config); + + return config; + } + + protected static void populateSignatureParams( + BasicSecurityConfiguration config) { + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("RSA", + SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + config.registerSignatureAlgorithmURI("DSA", + "http://www.w3.org/2000/09/xmldsig#dsa-sha1"); + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("EC", + SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256); + + //use SHA256 instead of SHA1 + config.registerSignatureAlgorithmURI("AES", + SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); + + + config.registerSignatureAlgorithmURI("DESede", + SignatureConstants.ALGO_ID_MAC_HMAC_SHA256); + + config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#"); + config.setSignatureHMACOutputLength(null); + + //use SHA256 instead of SHA1 + config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); + } + + protected static void populateEncryptionParams( + BasicSecurityConfiguration config) { + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), + "http://www.w3.org/2001/04/xmlenc#aes128-cbc"); + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), + "http://www.w3.org/2001/04/xmlenc#aes192-cbc"); + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), + "http://www.w3.org/2001/04/xmlenc#aes256-cbc"); + + //support GCM mode + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM); + + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM); + + config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), + EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM); + + + config.registerDataEncryptionAlgorithmURI("DESede", + Integer.valueOf(168), + "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + config.registerDataEncryptionAlgorithmURI("DESede", + Integer.valueOf(192), + "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + + config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES", + "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + + config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, + "DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"); + + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(128), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes128"); + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(192), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes192"); + config.registerKeyTransportEncryptionAlgorithmURI("AES", + Integer.valueOf(256), null, + "http://www.w3.org/2001/04/xmlenc#kw-aes256"); + config.registerKeyTransportEncryptionAlgorithmURI("DESede", + Integer.valueOf(168), null, + "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); + config.registerKeyTransportEncryptionAlgorithmURI("DESede", + Integer.valueOf(192), null, + "http://www.w3.org/2001/04/xmlenc#kw-tripledes"); + + config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc"); + } +} -- cgit v1.2.3 From b905c43b4630d290026d03e744413b20f1b73551 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 11 Feb 2014 08:13:51 +0100 Subject: * add OA specific BKU selection template * add OA specific send-assertion template * add OA specific applet height and width configuration * add PVP2.x reload checkbox in PVP2.x OA configuration * add new elements to MOA-ID configuration --- .../moa/id/configuration/Constants.java | 4 +- .../configuration/data/FormularCustomization.java | 42 +++++- .../id/configuration/data/oa/OAGeneralConfig.java | 154 +++++++++++++++++++++ .../moa/id/configuration/data/oa/OAPVP2Config.java | 16 +++ .../configuration/struts/action/EditOAAction.java | 112 +++++++++++++-- .../configuration/struts/action/IndexAction.java | 17 ++- .../validation/FormularCustomizationValitator.java | 18 +++ .../validation/oa/OAFileUploadValidation.java | 90 ++++++++++++ .../main/resources/applicationResources.properties | 22 +++ id/ConfigWebTool/src/main/webapp/css/index.css | 11 +- .../src/main/webapp/jsp/editMOAConfig.jsp | 1 + .../src/main/webapp/jsp/editOAGeneral.jsp | 74 +++++++++- .../auth/builder/GetIdentityLinkFormBuilder.java | 8 +- .../moa/id/auth/builder/LoginFormBuilder.java | 18 ++- .../id/auth/builder/SendAssertionFormBuilder.java | 79 +++++++---- .../servlet/GenerateIFrameTemplateServlet.java | 11 +- .../moa/id/config/auth/OAAuthParameter.java | 27 ++++ .../moa/id/entrypoints/DispatcherServlet.java | 8 +- .../gv/egovernment/moa/id/util/FormBuildUtils.java | 2 + .../resources/properties/id_messages_de.properties | 2 + .../src/main/resources/config/moaid_config_2.0.xsd | 58 +------- 21 files changed, 656 insertions(+), 118 deletions(-) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 7b02883bb..7a9d91a5d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -51,7 +51,9 @@ public class Constants { public static final String SESSION_PVP2REQUESTID = "pvp2requestid"; public static final String SESSION_RETURNAREA = "returnarea"; public static final String SESSION_BKUFORMPREVIEW = "bkuformpreview"; - public static final String SESSION_OAUTH20SECRET = "oauth20secret"; + public static final String SESSION_OAUTH20SECRET = "oauth20secret"; + public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate"; + public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate"; public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit}; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index 49d556ba4..687925c18 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -49,7 +49,10 @@ public class FormularCustomization { private String button_BackGroundColor = null; private String button_BackGroundColorFocus = null; private String button_FrontColor = null; - + private String applet_height = null; + private String applet_width = null; + + private String appletRedirectTarget = null; public static List appletRedirectTargetList = null; @@ -79,6 +82,14 @@ public class FormularCustomization { onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); } + if (formcustom.getAppletHeight() != null) { + applet_height = formcustom.getAppletHeight(); + } + + if (formcustom.getAppletHeight() != null) { + applet_width = formcustom.getAppletWidth(); + } + if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) appletRedirectTarget = formcustom.getAppletRedirectTarget(); @@ -351,6 +362,35 @@ public class FormularCustomization { this.fontTypeListValue = fontTypeListValue; } + /** + * @return the applet_height + */ + public String getApplet_height() { + return applet_height; + } + + /** + * @param applet_height the applet_height to set + */ + public void setApplet_height(String applet_height) { + this.applet_height = applet_height; + } + + /** + * @return the applet_width + */ + public String getApplet_width() { + return applet_width; + } + + /** + * @param applet_width the applet_width to set + */ + public void setApplet_width(String applet_width) { + this.applet_width = applet_width; + } + + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 334124cfd..079e6807e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; +import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -87,6 +88,16 @@ public class OAGeneralConfig { private Map transformations; + private List bkuSelectionFileUpload = null; + private List bkuSelectionFileUploadContentType = null; + private List bkuSelectionFileUploadFileName = new ArrayList(); + + private List sendAssertionFileUpload = null; + private List sendAssertionFileUploadContentType = null; + private List sendAssertionFileUploadFileName = new ArrayList();; + + private boolean deleteBKUTemplate = false; + private boolean deleteSendAssertionTemplate = false; public OAGeneralConfig() { @@ -225,6 +236,16 @@ public class OAGeneralConfig { SLTemplates.add(el.getURL()); } } + + TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); + } + + TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); + } } if (SLTemplates != null && SLTemplates.size() > 0) @@ -602,7 +623,140 @@ public class OAGeneralConfig { */ public void setUseMandates(boolean useMandates) { this.useMandates = useMandates; + } + + + /** + * @return the bkuSelectionFileUpload + */ + public List getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + + /** + * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set + */ + public void setBkuSelectionFileUploadContentType( + List bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set + */ + public void setBkuSelectionFileUploadFileName( + List bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + + /** + * @return the sendAssertionFileUpload + */ + public List getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + + /** + * @return the sendAssertionFileUploadContentType + */ + public List getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + + /** + * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set + */ + public void setSendAssertionFileUploadContentType( + List sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + + /** + * @return the sendAssertionFileUploadFileName + */ + public List getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set + */ + public void setSendAssertionFileUploadFileName( + List sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index 0a03ac77b..843844e22 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -42,6 +42,8 @@ public class OAPVP2Config { private final Logger log = Logger.getLogger(OAPVP2Config.class); + private boolean reLoad = false; + private String metaDataURL = null; private String certificateDN = null; @@ -139,6 +141,20 @@ public class OAPVP2Config { public void setFileUploadFileName(String fileUploadFileName) { this.fileUploadFileName = fileUploadFileName; } + + /** + * @return the reLoad + */ + public boolean isReLoad() { + return reLoad; + } + + /** + * @param reLoad the reLoad to set + */ + public void setReLoad(boolean reLoad) { + this.reLoad = reLoad; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 25c3f24b9..b0de196ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -34,6 +34,7 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; @@ -63,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; -import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; @@ -85,6 +85,7 @@ import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; @@ -126,9 +127,12 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, private OAOAuth20Config oauth20OA = new OAOAuth20Config(); private OASTORKConfig storkOA = new OASTORKConfig(); private FormularCustomization formOA = new FormularCustomization(); - + private InputStream stream; + private Map sendAssertionForm = new HashMap(); + private Map bkuSelectionForm = new HashMap(); + // STRUTS actions public String inital() { HttpSession session = request.getSession(); @@ -365,6 +369,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); errors.addAll(validatior_pvp2.validate(pvp2OA)); @@ -374,6 +379,37 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, errors.addAll(validator_form.validate(formOA)); errors.addAll(validatior_oauth20.validate(oauth20OA)); + //validate BKU-selection template + List templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() + , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + + else + bkuSelectionForm = (Map) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate send-assertion template + templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() + , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + + else + sendAssertionForm = (Map) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + // Do not allow SSO in combination with special BKUSelection features if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); @@ -432,12 +468,26 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } } } + + //save OA configuration + String error = saveOAConfigToDatabase(onlineapplication, newentry); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + } + //set metadata reload flag if reload is required if (pvp2OA.getMetaDataURL() != null) { try { if (isMetaDataRefreshRequired - || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) + || pvp2OA.getFileUpload() != null + || pvp2OA.isReLoad()) { log.debug("Set PVP2 Metadata refresh flag."); MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); @@ -451,16 +501,6 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } } - - String error = saveOAConfigToDatabase(onlineapplication, newentry); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } } Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); @@ -495,9 +535,12 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } else addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); - request.getSession().setAttribute(Constants.SESSION_OAID, null); - ConfigurationDBUtils.closeSession(); + //remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; } @@ -808,6 +851,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } } + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); if (authUser.isAdmin()) { @@ -822,6 +866,41 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, authoa.setTemplates(templates); } + //store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if(generalOA.isDeleteBKUTemplate()) + templates.setBKUSelectionTemplate(null); + + if (generalOA.isDeleteSendAssertionTemplate()) + templates.setSendAssertionTemplate(null); + + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } + } + + + //store BKU-selection customization BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); if (bkuselectioncustom == null) { bkuselectioncustom = new BKUSelectionCustomizationType(); @@ -887,6 +966,9 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, bkuselectioncustom.setFontType(formOA.getFontType()); + bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); + bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); + } // set default transformation if it is empty diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index a488d919d..ee9b38f74 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -138,7 +138,19 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, public String authenticate() { - String key = null; + ConfigurationProvider config; + try { + config = ConfigurationProvider.getInstance(); + pvp2LoginActiv = config.isPVP2LoginActive(); + + } catch (ConfigurationException e1) { + log.warn("An internal error occurs.", e1); + pvp2LoginActiv = false; + } + + + + String key = null; if (MiscUtil.isNotEmpty(username)) { if (ValidationHelper.containsPotentialCSSCharacter(username, false)) { @@ -247,7 +259,8 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, try { ConfigurationProvider config = ConfigurationProvider.getInstance(); - + pvp2LoginActiv = config.isPVP2LoginActive(); + //Decode with HttpPost Binding HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); BasicSAMLMessageContext messageContext = new BasicSAMLMessageContext(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index 6a1eddb14..758aa7dc7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -148,6 +148,24 @@ public class FormularCustomizationValitator { } } + check = form.getApplet_height(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet height "+ check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + + check = form.getApplet_width(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Applet width "+ check + " is no valid number"); + errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + return errors; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java new file mode 100644 index 000000000..8887aeaad --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -0,0 +1,90 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.io.IOUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OAFileUploadValidation { + + private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); + + public List validate(List fileName, List files, String errorMsgPreFix, Map output) { + + List errors = new ArrayList(); + + if (fileName != null) { + + if (fileName.size() > 1) { + log.info("Only one BKU-selecten template file can be stored"); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected")); + } + + for (int i=0; i .wwgrp { + clear: none; } .oa_protocol_area >h4 { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 2e0e5ea2a..1bb429afa 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -399,6 +399,7 @@
+
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 4e8dfc259..fadf528d1 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -240,6 +240,49 @@ cssClass="textfield_long">
+ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %>

+ +
+ + +
+
+ +
+ + +
+ +
+ +
+
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %>

+ +
+ + +
+
+ +
+ + +
+ +
+ +
+ @@ -271,7 +314,7 @@
-

<%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %>

+

<%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %>

-
+ -
+ -
+