/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; import java.util.List; import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; public class OAOAuth20Config implements IOnlineApplicationData{ private final Logger log = Logger.getLogger(OAOAuth20Config.class); private String clientId = null; private String clientSecret = null; private String redirectUri = null; public OAOAuth20Config() { this.generateClientSecret(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() */ @Override public String getName() { return "OAOpenIDConnect"; } public List parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { List errors = new ArrayList(); HttpSession session = request.getSession(); AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { // set client id to public url prefix this.clientId = dbOAConfig.getPublicURLPrefix(); OAOAUTH20 config = authdata.getOAOAUTH20(); if (config != null) { // validate secret if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { this.clientSecret = config.getOAuthClientSecret(); } else { this.generateClientSecret(); } // validate redirectUri if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { this.redirectUri = config.getOAuthRedirectUri(); } else { errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } } else { this.generateClientSecret(); } } session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) */ @Override public List validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request) { return new OAOAUTH20ConfigValidation().validate(this, request); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) */ @Override public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA authoa = dbOA.getAuthComponentOA(); if (authoa == null) { authoa = new AuthComponentOA(); dbOA.setAuthComponentOA(authoa); } log.debug("Saving OAuth 2.0 configuration:"); OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); if (oaOAuth20 == null) { oaOAuth20 = new OAOAUTH20(); authoa.setOAOAUTH20(oaOAuth20); } oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); oaOAuth20.setOAuthRedirectUri(getRedirectUri()); log.debug("client id: " + getClientId()); log.debug("client secret: " + getClientSecret()); log.debug("redirect uri:" + getRedirectUri()); oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); return null; } public String getClientId() { return clientId; } public void setClientId(String clientId) { this.clientId = clientId; } public String getClientSecret() { return clientSecret; } public void setClientSecret(String clientSecret) { this.clientSecret = clientSecret; } public String getRedirectUri() { return redirectUri; } public void setRedirectUri(String redirectUri) { this.redirectUri = redirectUri; } public void generateClientSecret() { this.clientSecret = UUID.randomUUID().toString(); } }