/* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.auth; import iaik.security.cipher.AESKeyGenerator; import iaik.util.logging.Log; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.net.MalformedURLException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Properties; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import javax.xml.bind.JAXBContext; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. * *
Configuration data is read from an XML file, whose location is given by
* the moa.id.configuration
system property.
This class implements the Singleton pattern. The reload()
* method can be used to update the configuration data. Therefore, it is not
* guaranteed that consecutive calls to getInstance()
will return
* the same AuthConfigurationProvider
all the time. During the
* processing of a web service request, the current
* TransactionContext
should be used to obtain the
* AuthConfigurationProvider
local to that request.
BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
"HTMLComplete";
/**
* BKUSelectionType HTMLSelect, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLSELECT =
"HTMLSelect";
/**
* The name of the generic configuration property allowing https connection to
* the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
*/
public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
"FrontendServlets.EnableHTTPConnection";
/**
* The name of the generic configuration property allowing to set a individual
* DATA URL used to communicate with the BKU (SecurityLayer)
*/
public static final String INDIVIDUAL_DATA_URL_PREFIX =
"FrontendServlets.DataURLPrefix";
/** Singleton instance. null
, if none has been created. */
private static AuthConfigurationProvider instance;
//
// configuration data
//
private static MOAIDConfiguration moaidconfig;
private static Properties props;
private static STORKConfig storkconfig;
/**
* Return the single instance of configuration data.
*
* @return AuthConfigurationProvider The current configuration data.
* @throws ConfigurationException
*/
public static synchronized AuthConfigurationProvider getInstance()
throws ConfigurationException {
if (instance == null) {
reload();
}
return instance;
}
/**
* Reload the configuration data and set it if successful.
*
* @return AuthConfigurationProvider The loaded configuration data.
* @throws ConfigurationException Failure to load the configuration data.
*/
public static synchronized AuthConfigurationProvider reload()
throws ConfigurationException {
String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
if (fileName == null) {
throw new ConfigurationException("config.01", null);
}
Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
instance = new AuthConfigurationProvider(fileName);
return instance;
}
/**
* Constructor for AuthConfigurationProvider.
* @param fileName
* @throws ConfigurationException
*/
public AuthConfigurationProvider(String fileName)
throws ConfigurationException {
load(fileName);
}
/**
* Load the configuration data from XML file with the given name and build
* the internal data structures representing the MOA ID configuration.
*
* @param fileName The name of the XML file to load.
* @throws ConfigurationException The MOA configuration could not be
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
File propertiesFile = new File(fileName);
FileInputStream fis;
props = new Properties();
// determine the directory of the root config file
rootConfigFileDir = new File(fileName).getParent();
try {
rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
try {
fis = new FileInputStream(propertiesFile);
props.load(fis);
//TODO: maybe some general hibnerate config!!!
// read MOAID Session Hibernate properties
Properties moaSessionProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "moasession.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
}
}
// read Config Hibernate properties
Properties configProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "configuration.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
}
}
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
//Initial config Database
ConfigurationDBUtils.initHibernate(configProp);
//initial MOAID Session Database
Configuration config = new Configuration();
config.addAnnotatedClass(AssertionStore.class);
config.addAnnotatedClass(AuthenticatedSessionStore.class);
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
}
Logger.trace("Hibernate initialization finished.");
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.03", null, e);
} catch (IOException e) {
throw new ConfigurationException("config.03", null, e);
} catch (ExceptionInInitializerError e) {
throw new ConfigurationException("config.17", null, e);
}
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
String legacyconfig = props.getProperty("configuration.xml.legacy");
String xmlconfig = props.getProperty("configuration.xml");
String xmlconfigout = props.getProperty("configuration.xml.out");
//check if XML config should be used
if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
if (moaidconfig != null)
ConfigurationDBUtils.delete(moaidconfig);
}
//load legacy config if it is configured
if (MiscUtil.isNotEmpty(legacyconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(legacyconfig, rootConfigFileDir, props);
ConfigurationDBUtils.save(moaconfig);
Logger.info("Legacy Configuration load is completed.");
}
//load MOA-ID 2.x config from XML
if (MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
try {
JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
Unmarshaller m = jc.createUnmarshaller();
File file = new File(xmlconfig);
MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
//ConfigurationDBUtils.save(moaconfig);
ConfigurationDBUtils.saveOrUpdate(moaconfig);
} catch (Exception e) {
Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
throw new ConfigurationException("config.02", null);
}
Logger.info("XML Configuration load is completed.");
}
Logger.info("Read MOA-ID 2.0 configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
Logger.info("MOA-ID 2.0 is loaded.");
//TODO: only for Testing!!!
if (MiscUtil.isNotEmpty(xmlconfigout)) {
Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
Marshaller m = jc.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
File test = new File(xmlconfigout);
m.marshal(moaidconfig, test);
}
//build STORK Config
AuthComponentGeneral authgeneral = getAuthComponentGeneral();
ForeignIdentities foreign = authgeneral.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
throw new ConfigurationException("config.02", null);
}
storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
ChainingModes cm = moaidconfig.getChainingModes();
if (cm != null) {
defaultChainingMode = cm.getSystemDefaultMode().value();
ListOAAuthParameter
, or null
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
if (oa == null) {
Logger.warn("Online application with identifier " + oaURL + " is not found.");
return null;
}
return new OAAuthParameter(oa);
}
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
* @throws ConfigurationException
*/
public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
MOASP moasp = getMOASPConfig(auth);
VerifyAuthBlock verifyidl = moasp.getVerifyAuthBlock();
if (verifyidl != null)
return verifyidl.getTrustProfileID();
Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
throw new ConfigurationException("config.02", null);
}
/**
* Return a string array with references to all verify transform info
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
* @throws ConfigurationException
*/
public List