package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; /** * A class providing access to the Auth Part of the MOA-ID configuration data. * *

Configuration data is read from an XML file, whose location is given by * the moa.id.configuration system property.

*

This class implements the Singleton pattern. The reload() * method can be used to update the configuration data. Therefore, it is not * guaranteed that consecutive calls to getInstance() will return * the same AuthConfigurationProvider all the time. During the * processing of a web service request, the current * TransactionContext should be used to obtain the * AuthConfigurationProvider local to that request.

* * @author Patrick Peck * @author Stefan Knirsch * * @version $Id$ */ public class AuthConfigurationProvider extends ConfigurationProvider { /** DEFAULT_ENCODING is "UTF-8" */ private static final String DEFAULT_ENCODING="UTF-8"; /** * The name of the generic configuration property giving the authentication session time out. */ public static final String AUTH_SESSION_TIMEOUT_PROPERTY = "AuthenticationSession.TimeOut"; /** * The name of the generic configuration property giving the authentication data time out. */ public static final String AUTH_DATA_TIMEOUT_PROPERTY = "AuthenticationData.TimeOut"; /** * BKUSelectionType HTMLComplete, according to schema type BKUSelectionType */ public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = "HTMLComplete"; /** * BKUSelectionType HTMLSelect, according to schema type BKUSelectionType */ public static final String BKU_SELECTION_TYPE_HTMLSELECT = "HTMLSelect"; /** * The name of the generic configuration property allowing https connection to * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) */ public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = "FrontendServlets.EnableHTTPConnection"; /** * The name of the generic configuration property allowing to set a individual * DATA URL used to communicate with the BKU (SecurityLayer) */ public static final String INDIVIDUAL_DATA_URL_PREFIX = "FrontendServlets.DataURLPrefix"; /** Singleton instance. null, if none has been created. */ private static AuthConfigurationProvider instance; // // configuration data // /** * main configuration file directory name used to configure MOA-ID */ private String rootConfigFileDir; /** * configuration files containing transformations for rendering in the * secure viewer of the security layer implementation; * multiple files can be given for different mime types */ private String[] transformsInfoFileNames; /** * transformations for rendering in the secure viewer of the security layer implementation, * read from {@link transformsInfoFileNames}; * multiple transformation can be given for different mime types */ private String[] transformsInfos; /** * parameters for connection to MOA SP component */ private ConnectionParameter moaSpConnectionParameter; /** * trust profile ID to be used for verifying the identity link signature via MOA ID SP */ private String moaSpIdentityLinkTrustProfileID; /** * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP */ private String moaSpAuthBlockTrustProfileID; /** * transformations to be used for verifying the AUTH block signature via MOA ID SP */ private String[] moaSpAuthBlockVerifyTransformsInfoIDs; /** * X509 SubjectNames which will be trusted */ private String[] identityLinkX509SubjectNames; /** * configuration parameters for online applications */ private OAAuthParameter[] onlineApplicationAuthParameters; /** * the Selection Type of the bku Selection Element */ private String bKUSelectionType; /** * is the bku Selection Element present? */ private boolean bKUSelectable; /** * the bku Selection Connection Parameters */ private ConnectionParameter bKUConnectionParameter; /** * Return the single instance of configuration data. * * @return AuthConfigurationProvider The current configuration data. * @throws ConfigurationException */ public static synchronized AuthConfigurationProvider getInstance() throws ConfigurationException { if (instance == null) { reload(); } return instance; } /** * Reload the configuration data and set it if successful. * * @return AuthConfigurationProvider The loaded configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized AuthConfigurationProvider reload() throws ConfigurationException { String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); if (fileName == null) { throw new ConfigurationException("config.01", null); } Logger.info("Loading MOA-ID-AUTH configuration " + fileName); instance = new AuthConfigurationProvider(fileName); return instance; } /** * Constructor for AuthConfigurationProvider. * @param fileName * @throws ConfigurationException */ public AuthConfigurationProvider(String fileName) throws ConfigurationException { load(fileName); } /** * Load the configuration data from XML file with the given name and build * the internal data structures representing the MOA ID configuration. * * @param fileName The name of the XML file to load. * @throws ConfigurationException The MOA configuration could not be * read/built. */ private void load(String fileName) throws ConfigurationException { InputStream stream = null; Element configElem; ConfigurationBuilder builder; try { // load the main config file stream = new BufferedInputStream(new FileInputStream(fileName)); configElem = DOMUtils.parseXmlValidating(stream); } catch (Throwable t) { throw new ConfigurationException("config.03", null, t); } finally { try { if (stream != null) { stream.close(); } } catch (IOException e) { } } try { // determine the directory of the root config file rootConfigFileDir = new File(fileName).getParent(); try { rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); bKUSelectable = (bKUConnectionParameter!=null); bKUSelectionType = builder.buildAuthBKUSelectionType(); genericConfiguration = builder.buildGenericConfiguration(); transformsInfoFileNames = builder.buildTransformsInfoFileNames(); loadTransformsInfos(); moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(); identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); trustedCACertificates = builder.getTrustedCACertificates(); trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } /** * Loads the transformsInfos from files. * @throws Exception on any exception thrown */ private void loadTransformsInfos() throws Exception { transformsInfos = new String[transformsInfoFileNames.length]; for (int i = 0; i < transformsInfoFileNames.length; i++) { String fileURL = transformsInfoFileNames[i]; //if fileURL is relative to rootConfigFileDir make it absolute fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); transformsInfos[i] = transformsInfo; } } /** * Return a string array with all filenames leading * to the Transforms Information for the Security Layer * @return String[] of filenames to the Security Layer Transforms Information */ public String[] getTransformsInfoFileNames() { return transformsInfoFileNames; } /** * Build an array of the OnlineApplication Parameters containing information * about the authentication component * @return An OAProxyParameter array containing beans * with all relevant information for theauthentication component of the online * application */ public OAAuthParameter[] getOnlineApplicationParameters() { return onlineApplicationAuthParameters; } /** * Provides configuration information regarding the online application behind * the given URL, relevant to the MOA-ID Auth component. * * @param oaURL URL requested for an online application * @return an OAAuthParameter, or null * if none is applicable */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { OAAuthParameter[] oaParams = getOnlineApplicationParameters(); for (int i = 0; i < oaParams.length; i++) { OAAuthParameter oaParam = oaParams[i]; if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) return oaParam; } return null; } /** * Return a string with a url-reference to the VerifyAuthBlock trust * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID */ public String getMoaSpAuthBlockTrustProfileID() { return moaSpAuthBlockTrustProfileID; } /** * Return a string array with references to all verify transform info * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs */ public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { return moaSpAuthBlockVerifyTransformsInfoIDs; } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element */ public ConnectionParameter getMoaSpConnectionParameter() { return moaSpConnectionParameter; } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID */ public String getMoaSpIdentityLinkTrustProfileID() { return moaSpIdentityLinkTrustProfileID; } /** * Returns the transformsInfos. * @return String[] */ public String[] getTransformsInfos() { return transformsInfos; } /** * Returns the identityLinkX509SubjectNames. * @return String[] */ public String[] getIdentityLinkX509SubjectNames() { return identityLinkX509SubjectNames; } /** * Returns the bKUConnectionParameter. * @return ConnectionParameter */ public ConnectionParameter getBKUConnectionParameter() { return bKUConnectionParameter; } /** * Returns the bKUSelectable. * @return boolean */ public boolean isBKUSelectable() { return bKUSelectable; } /** * Returns the bKUSelectionType. * @return String */ public String getBKUSelectionType() { return bKUSelectionType; } }