/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.config.auth;
import iaik.security.cipher.AESKeyGenerator;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.vidp.messages.common.STORKBootstrap;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
*
*
Configuration data is read from an XML file, whose location is given by
* the moa.id.configuration
system property.
* This class implements the Singleton pattern. The reload()
* method can be used to update the configuration data. Therefore, it is not
* guaranteed that consecutive calls to getInstance()
will return
* the same AuthConfigurationProvider
all the time. During the
* processing of a web service request, the current
* TransactionContext
should be used to obtain the
* AuthConfigurationProvider
local to that request.
*
* @author Patrick Peck
* @author Stefan Knirsch
*
* @version $Id$
*/
public class AuthConfigurationProvider extends ConfigurationProvider {
/** DEFAULT_ENCODING is "UTF-8" */
private static final String DEFAULT_ENCODING="UTF-8";
/**
* The name of the generic configuration property giving the authentication session time out.
*/
public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
"AuthenticationSession.TimeOut";
/**
* The name of the generic configuration property giving the authentication data time out.
*/
public static final String AUTH_DATA_TIMEOUT_PROPERTY =
"AuthenticationData.TimeOut";
/**
* BKUSelectionType HTMLComplete, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
"HTMLComplete";
/**
* BKUSelectionType HTMLSelect, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLSELECT =
"HTMLSelect";
/**
* The name of the generic configuration property allowing https connection to
* the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
*/
public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
"FrontendServlets.EnableHTTPConnection";
/**
* The name of the generic configuration property allowing to set a individual
* DATA URL used to communicate with the BKU (SecurityLayer)
*/
public static final String INDIVIDUAL_DATA_URL_PREFIX =
"FrontendServlets.DataURLPrefix";
/** Singleton instance. null
, if none has been created. */
private static AuthConfigurationProvider instance;
//
// configuration data
//
private static MOAIDConfiguration moaidconfig = null;
private static Properties props = null;
private static STORKConfig storkconfig = null;
private static TimeOuts timeouts = null;
private static PVP2 pvp2general = null;
private static String alternativesourceid = null;
private static List legacyallowedprotocols = new ArrayList();
private static VerifyAuthBlock verifyidl = null;
private static ConnectionParameter MoaSpConnectionParameter = null;
private static ConnectionParameter ForeignIDConnectionParameter = null;
private static ConnectionParameter OnlineMandatesConnectionParameter = null;
private static String MoaSpIdentityLinkTrustProfileID = null;
private static List TransformsInfos = null;
private static List IdentityLinkX509SubjectNames = new ArrayList();
private static Map SLRequestTemplates = new HashMap();
private static SSO ssoconfig = null;
private static Date date = null;
/**
* Return the single instance of configuration data.
*
* @return AuthConfigurationProvider The current configuration data.
* @throws ConfigurationException
*/
public static synchronized AuthConfigurationProvider getInstance()
throws ConfigurationException {
if (instance == null) {
reload();
}
return instance;
}
public static Date getTimeStamp() {
return date;
}
/**
* Reload the configuration data and set it if successful.
*
* @return AuthConfigurationProvider The loaded configuration data.
* @throws ConfigurationException Failure to load the configuration data.
*/
public static synchronized AuthConfigurationProvider reload()
throws ConfigurationException {
String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
if (fileName == null) {
throw new ConfigurationException("config.01", null);
}
Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
instance = new AuthConfigurationProvider(fileName);
return instance;
}
/**
* Constructor for AuthConfigurationProvider.
* @param fileName
* @throws ConfigurationException
*/
public AuthConfigurationProvider(String fileName)
throws ConfigurationException {
load(fileName);
}
/**
* Load the configuration data from XML file with the given name and build
* the internal data structures representing the MOA ID configuration.
*
* @param fileName The name of the XML file to load.
* @throws ConfigurationException The MOA configuration could not be
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
date = new Date();
//Load MOAID-2.0 properties file
File propertiesFile = new File(fileName);
FileInputStream fis;
props = new Properties();
// determine the directory of the root config file
rootConfigFileDir = new File(fileName).getParent();
try {
rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
try {
fis = new FileInputStream(propertiesFile);
props.load(fis);
//TODO: maybe some general hibnerate config!!!
// read MOAID Session Hibernate properties
Properties moaSessionProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "moasession.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
}
}
// read Config Hibernate properties
Properties configProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "configuration.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
}
}
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
//Initial config Database
ConfigurationDBUtils.initHibernate(configProp);
//initial MOAID Session Database
Configuration config = new Configuration();
config.addAnnotatedClass(AssertionStore.class);
config.addAnnotatedClass(AuthenticatedSessionStore.class);
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
}
Logger.trace("Hibernate initialization finished.");
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.03", null, e);
} catch (IOException e) {
throw new ConfigurationException("config.03", null, e);
} catch (ExceptionInInitializerError e) {
throw new ConfigurationException("config.17", null, e);
}
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
String legacyconfig = props.getProperty("configuration.xml.legacy");
String xmlconfig = props.getProperty("configuration.xml");
// String xmlconfigout = props.getProperty("configuration.xml.out");
//check if XML config should be used
if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
if (moaidconfig != null)
ConfigurationDBUtils.delete(moaidconfig);
List oas = ConfigurationDBRead.getAllOnlineApplications();
if (oas != null && oas.size() > 0) {
for (OnlineApplication oa : oas)
ConfigurationDBUtils.delete(oa);
}
}
//load legacy config if it is configured
if (MiscUtil.isNotEmpty(legacyconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
List oas = moaconfig.getOnlineApplication();
for (OnlineApplication oa : oas)
ConfigurationDBUtils.save(oa);
moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.save(moaconfig);
Logger.info("Legacy Configuration load is completed.");
}
//load MOA-ID 2.x config from XML
if (MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
try {
JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
Unmarshaller m = jc.createUnmarshaller();
File file = new File(xmlconfig);
MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
//ConfigurationDBUtils.save(moaconfig);
List importoas = moaconfig.getOnlineApplication();
for (OnlineApplication importoa : importoas) {
ConfigurationDBUtils.saveOrUpdate(importoa);
}
moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.saveOrUpdate(moaconfig);
} catch (Exception e) {
Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
throw new ConfigurationException("config.02", null);
}
Logger.info("XML Configuration load is completed.");
}
reloadDataBaseConfig();
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
public synchronized void reloadDataBaseConfig() throws ConfigurationException {
Logger.info("Read MOA-ID 2.0 configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
Logger.info("MOA-ID 2.0 is loaded.");
if (moaidconfig == null) {
Logger.warn("NO MOA-ID configuration found.");
throw new ConfigurationException("config.18", null);
}
// //TODO: only for Testing!!!
// if (MiscUtil.isNotEmpty(xmlconfigout)) {
// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
// Marshaller m = jc.createMarshaller();
// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
// File test = new File(xmlconfigout);
// m.marshal(moaidconfig, test);
//
// }
//build STORK Config
AuthComponentGeneral auth = getAuthComponentGeneral();
ForeignIdentities foreign = auth.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
} else
storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
ChainingModes cm = moaidconfig.getChainingModes();
if (cm != null) {
defaultChainingMode = cm.getSystemDefaultMode().value();
List tas = cm.getTrustAnchor();
chainingModes = new HashMap();
for (TrustAnchor ta : tas) {
IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
chainingModes.put(is, ta.getMode().value());
}
} else {
Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
throw new ConfigurationException("config.02", null);
}
//set Trusted CA certs directory
trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
//set CertStoreDirectory
setCertStoreDirectory();
//set TrustManagerRevocationChecking
setTrustManagerRevocationChecking();
//set TimeOuts
if (auth.getGeneralConfiguration() != null) {
if (auth.getGeneralConfiguration().getTimeOuts() != null) {
timeouts = new TimeOuts();
if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
timeouts.setAssertion(new BigInteger("120"));
else
timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
timeouts.setMOASessionCreated(new BigInteger("2700"));
else
timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
timeouts.setMOASessionUpdated(new BigInteger("1200"));
else
timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
}
}
else {
Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
throw new ConfigurationException("config.02", null);
}
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
if (protocols.getPVP2() != null) {
PVP2 el = protocols.getPVP2();;
pvp2general = new PVP2();
pvp2general.setIssuerName(el.getIssuerName());
pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
if (el.getOrganization() != null) {
Organization org = new Organization();
pvp2general.setOrganization(org);
org.setDisplayName(el.getOrganization().getDisplayName());
org.setName(el.getOrganization().getName());
org.setURL(el.getOrganization().getURL());
}
if (el.getContact() != null) {
List cont = new ArrayList();
pvp2general.setContact(cont);
for (Contact e : el.getContact()) {
Contact c = new Contact();
c.setCompany(e.getCompany());
c.setGivenName(e.getGivenName());
c.setMail(e.getMail());
c.setPhone(e.getPhone());
c.setSurName(e.getSurName());
c.setType(e.getType());
}
}
}
} else {
Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
}
//set alternativeSourceID
if (auth.getGeneralConfiguration() != null)
alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
// sets the authentication session and authentication data time outs
BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
if (param != null) {
long sessionTimeOut = param.longValue();
if (sessionTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsSessionTimeOutCreated(sessionTimeOut);
}
param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
if (param != null) {
long sessionTimeOut = param.longValue();
if (sessionTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsSessionTimeOutUpdated(sessionTimeOut);
}
param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
if (param != null) {
long authDataTimeOut = param.longValue();
if (authDataTimeOut > 0)
AuthenticationServer.getInstance()
.setSecondsAuthDataTimeOut(authDataTimeOut);
}
else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
}
//set LegacyAllowedProtocols
try {
if (auth.getProtocols() != null) {
Protocols procols = auth.getProtocols();
if (procols.getLegacyAllowed() != null) {
LegacyAllowed legacy = procols.getLegacyAllowed();
legacyallowedprotocols = new ArrayList(legacy.getProtocolName());
}
}
} catch (Exception e) {
Logger.info("No protocols found with legacy allowed flag!");
}
//set VerifyAuthBlockConfig
MOASP moasp = getMOASPConfig(auth);
VerifyAuthBlock el = moasp.getVerifyAuthBlock();
if (el != null) {
verifyidl = new VerifyAuthBlock();
verifyidl.setTrustProfileID(el.getTrustProfileID());
verifyidl.setVerifyTransformsInfoProfileID(new ArrayList(el.getVerifyTransformsInfoProfileID()));
}
else {
Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
throw new ConfigurationException("config.02", null);
}
//set MOASP connection parameters
if (moasp.getConnectionParameter() != null)
MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
else
MoaSpConnectionParameter = null;
//set ForeignIDConnectionParameters
if (foreign != null) {
ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
} else {
Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
}
//set OnlineMandateConnectionParameters
OnlineMandates ovs = auth.getOnlineMandates();
if (ovs != null) {
OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
} else {
Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
}
//set MOASP IdentityLink Trust-ProfileID
VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
if (verifyidl != null)
MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
else {
Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
throw new ConfigurationException("config.02", null);
}
//set SL transformation infos
SecurityLayer seclayer = auth.getSecurityLayer();
if (seclayer == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
throw new ConfigurationException("config.02", null);
} else {
TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
}
//set IdentityLinkSignerSubjectNames
IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
if (idlsigners != null) {
IdentityLinkX509SubjectNames = new ArrayList(idlsigners.getX509SubjectName());
} else {
Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found.");
}
//set SLRequestTemplates
SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
if (templ == null) {
Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found");
throw new ConfigurationException("config.02", null);
} else {
SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU());
SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU());
SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
}
//set SSO Config
if (auth.getSSO()!= null) {
ssoconfig = new SSO();
ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName());
ssoconfig.setPublicURL(auth.getSSO().getPublicURL());
ssoconfig.setSpecialText(auth.getSSO().getSpecialText());
ssoconfig.setTarget(auth.getSSO().getTarget());
if (auth.getSSO().getIdentificationNumber() != null) {
IdentificationNumber value = new IdentificationNumber();
value.setType(auth.getSSO().getIdentificationNumber().getType());
value.setValue(auth.getSSO().getIdentificationNumber().getValue());
ssoconfig.setIdentificationNumber(value);
}
} else {
Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
}
//close Database
ConfigurationDBUtils.closeSession();
}
public Properties getGeneralPVP2ProperiesConfig() {
Properties configProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "protocols.pvp2.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
}
}
return configProp;
}
public PVP2 getGeneralPVP2DBConfig() {
return pvp2general;
}
public TimeOuts getTimeOuts() throws ConfigurationException {
return timeouts;
}
public String getAlternativeSourceID() throws ConfigurationException {
return alternativesourceid;
}
public List getLegacyAllowedProtocols() {
return legacyallowedprotocols;
}
/**
* Provides configuration information regarding the online application behind
* the given URL, relevant to the MOA-ID Auth component.
*
* @param oaURL URL requested for an online application
* @return an OAAuthParameter
, or null
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
if (oa == null) {
Logger.warn("Online application with identifier " + oaURL + " is not found.");
return null;
}
return new OAAuthParameter(oa);
}
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
* @throws ConfigurationException
*/
public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
return verifyidl.getTrustProfileID();
}
/**
* Return a string array with references to all verify transform info
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
* @throws ConfigurationException
*/
public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
return verifyidl.getVerifyTransformsInfoProfileID();
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
* @throws ConfigurationException
*/
public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
return MoaSpConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component foreigid element
* @return ConnectionParameter of the authentication component foreignid element
* @throws ConfigurationException
*/
public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
return ForeignIDConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component OnlineMandates element
* @return ConnectionParameter of the authentication component OnlineMandates element
* @throws ConfigurationException
*/
public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
return OnlineMandatesConnectionParameter;
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
* @throws ConfigurationException
*/
public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
return MoaSpIdentityLinkTrustProfileID;
}
/**
* Returns the transformsInfos.
* @return String[]
* @throws ConfigurationException
*/
public List getTransformsInfos() throws ConfigurationException {
return TransformsInfos;
}
/**
* Returns the identityLinkX509SubjectNames.
* @return List
* @throws ConfigurationException
*/
public List getIdentityLinkX509SubjectNames() throws ConfigurationException {
return IdentityLinkX509SubjectNames;
}
public List getSLRequestTemplates() throws ConfigurationException {
return new ArrayList(SLRequestTemplates.values());
}
public String getSLRequestTemplates(String type) throws ConfigurationException {
String el = SLRequestTemplates.get(type);
if (MiscUtil.isNotEmpty(el))
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
return null;
}
}
public boolean isSSOBusinessService() throws ConfigurationException {
if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
return true;
else
return false;
}
public IdentificationNumber getSSOBusinessService() throws ConfigurationException {
if (ssoconfig != null)
return ssoconfig.getIdentificationNumber();
else
return null;
}
public String getSSOTarget() throws ConfigurationException {
if (ssoconfig!= null)
return ssoconfig.getTarget();
return null;
}
public String getSSOFriendlyName() {
if (ssoconfig!= null) {
if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
return ssoconfig.getFriendlyName();
}
return "Default MOA-ID friendly name for SSO";
}
public String getSSOSpecialText() {
if (ssoconfig!= null) {
String text = ssoconfig.getSpecialText();
if (MiscUtil.isEmpty(text))
text = new String();
return text;
}
return new String();
}
public String getSSOPublicUrl() {
if (ssoconfig!= null) {
String url = ssoconfig.getPublicURL();
if (MiscUtil.isEmpty(url))
url = new String();
return url;
}
return new String();
}
public String getMOASessionEncryptionKey() {
String prop = props.getProperty("configuration.moasession.key");
if (MiscUtil.isEmpty(prop))
return null;
else
return prop;
}
public boolean isIdentityLinkResigning() {
String prop = props.getProperty("configuration.resignidentitylink", "false");
if (Boolean.valueOf(prop))
return true;
else
return false;
}
public String getIdentityLinkResigningKey() {
String prop = props.getProperty("configuration.resignidentitylink.keygroup");
if (MiscUtil.isNotEmpty(prop))
return prop;
else
return null;
}
/**
* Retruns the STORK Configuration
* @return STORK Configuration
* @throws ConfigurationException
*/
public STORKConfig getStorkConfig() throws ConfigurationException {
return storkconfig;
}
private void setCertStoreDirectory() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
if (auth.getGeneralConfiguration() != null)
certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
else {
Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
throw new ConfigurationException("config.02", null);
}
}
private void setTrustManagerRevocationChecking() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
if (auth.getGeneralConfiguration() != null)
trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
else {
Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
throw new ConfigurationException("config.02", null);
}
}
private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
if (authgeneral == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
throw new ConfigurationException("config.02", null);
}
return authgeneral;
}
private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
MOASP moasp = authgeneral.getMOASP();
if (moasp == null) {
Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
throw new ConfigurationException("config.02", null);
}
return moasp;
}
}