/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.config.auth;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer;
import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
*
*
Configuration data is read from an XML file, whose location is given by
* the moa.id.configuration
system property.
* This class implements the Singleton pattern. The reload()
* method can be used to update the configuration data. Therefore, it is not
* guaranteed that consecutive calls to getInstance()
will return
* the same AuthConfigurationProvider
all the time. During the
* processing of a web service request, the current
* TransactionContext
should be used to obtain the
* AuthConfigurationProvider
local to that request.
*
* @author Patrick Peck
* @author Stefan Knirsch
*
* @version $Id$
*/
public class AuthConfigurationProvider extends ConfigurationProvider {
// /** DEFAULT_ENCODING is "UTF-8" */
// private static final String DEFAULT_ENCODING="UTF-8";
/**
* The name of the generic configuration property giving the authentication session time out.
*/
public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
"AuthenticationSession.TimeOut";
/**
* The name of the generic configuration property giving the authentication data time out.
*/
public static final String AUTH_DATA_TIMEOUT_PROPERTY =
"AuthenticationData.TimeOut";
/**
* BKUSelectionType HTMLComplete, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
"HTMLComplete";
/**
* BKUSelectionType HTMLSelect, according to schema type BKUSelectionType
*/
public static final String BKU_SELECTION_TYPE_HTMLSELECT =
"HTMLSelect";
/**
* The name of the generic configuration property allowing https connection to
* the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
*/
public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
"FrontendServlets.EnableHTTPConnection";
/**
* The name of the generic configuration property allowing to set a individual
* DATA URL used to communicate with the BKU (SecurityLayer)
*/
public static final String INDIVIDUAL_DATA_URL_PREFIX =
"FrontendServlets.DataURLPrefix";
/** Singleton instance. null
, if none has been created. */
private static AuthConfigurationProvider instance;
//
// configuration data
//
private static MOAIDConfiguration moaidconfig = null;
private static Properties props = null;
private static STORKConfig storkconfig = null;
private static TimeOuts timeouts = null;
private static PVP2 pvp2general = null;
private static String alternativesourceid = null;
private static List legacyallowedprotocols = new ArrayList();
private static ProtocolAllowed allowedProtcols = null;
private static VerifyAuthBlock verifyidl = null;
private static ConnectionParameter MoaSpConnectionParameter = null;
private static ConnectionParameter ForeignIDConnectionParameter = null;
private static ConnectionParameter OnlineMandatesConnectionParameter = null;
private static String MoaSpIdentityLinkTrustProfileID = null;
private static List TransformsInfos = null;
private static List IdentityLinkX509SubjectNames = new ArrayList();
private static Map SLRequestTemplates = new HashMap();
private static Map DefaultBKUURLs = new HashMap();
private static SSO ssoconfig = null;
private static Date date = null;
private String publicURLPreFix = null;
/**
* Return the single instance of configuration data.
*
* @return AuthConfigurationProvider The current configuration data.
* @throws ConfigurationException
*/
public static synchronized AuthConfigurationProvider getInstance()
throws ConfigurationException {
if (instance == null) {
reload();
}
return instance;
}
public static Date getTimeStamp() {
return date;
}
/**
* Reload the configuration data and set it if successful.
*
* @return AuthConfigurationProvider The loaded configuration data.
* @throws ConfigurationException Failure to load the configuration data.
*/
public static synchronized AuthConfigurationProvider reload()
throws ConfigurationException {
String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
if (fileName == null) {
throw new ConfigurationException("config.01", null);
}
Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
instance = new AuthConfigurationProvider(fileName);
return instance;
}
/**
* Constructor for AuthConfigurationProvider.
* @param fileName
* @throws ConfigurationException
*/
public AuthConfigurationProvider(String fileName)
throws ConfigurationException {
load(fileName);
}
/**
* Load the configuration data from XML file with the given name and build
* the internal data structures representing the MOA ID configuration.
*
* @param fileName The name of the XML file to load.
* @throws ConfigurationException The MOA configuration could not be
* read/built.
*/
private void load(String fileName) throws ConfigurationException {
try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
File propertiesFile = new File(fileName);
FileInputStream fis = null;
props = new Properties();
// determine the directory of the root config file
rootConfigFileDir = new File(fileName).getParent();
try {
rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
try {
fis = new FileInputStream(propertiesFile);
props.load(fis);
// read MOAID Session Hibernate properties
Properties moaSessionProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "moasession.";
if (key.toString().startsWith(propPrefix+"hibernate")) {
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
}
}
// read Config Hibernate properties
Properties configProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "configuration.";
if (key.toString().startsWith(propPrefix+"hibernate")) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
}
}
// read advanced logging properties
Properties statisticProps = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "advancedlogging.";
if (key.toString().startsWith(propPrefix+"hibernate")) {
String propertyName = key.toString().substring(propPrefix.length());
statisticProps.put(propertyName, props.get(key.toString()));
}
}
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
//Initial config Database
ConfigurationDBUtils.initHibernate(configProp);
//initial MOAID Session Database
Configuration config = new Configuration();
config.addAnnotatedClass(AssertionStore.class);
config.addAnnotatedClass(AuthenticatedSessionStore.class);
config.addAnnotatedClass(OASessionStore.class);
config.addAnnotatedClass(OldSSOSessionIDStore.class);
config.addAnnotatedClass(ExceptionStore.class);
config.addAnnotatedClass(InterfederationSessionStore.class);
config.addProperties(moaSessionProp);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
//initial advanced logging
if (isAdvancedLoggingActive()) {
Logger.info("Advanced statistic log is activated, starting initialization process ...");
Configuration statisticconfig = new Configuration();
statisticconfig.addAnnotatedClass(StatisticLog.class);
statisticconfig.addProperties(statisticProps);
StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
Logger.info("Advanced statistic log is initialized.");
}
}
Logger.trace("Hibernate initialization finished.");
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.03", null, e);
} catch (IOException e) {
throw new ConfigurationException("config.03", null, e);
} catch (ExceptionInInitializerError e) {
throw new ConfigurationException("config.17", null, e);
} finally {
if (fis != null)
fis.close();
}
//Initialize OpenSAML for STORK
Logger.info("Starting initialization of OpenSAML...");
MOADefaultBootstrap.bootstrap();
//DefaultBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
String legacyconfig = props.getProperty("configuration.xml.legacy");
String xmlconfig = props.getProperty("configuration.xml");
// String xmlconfigout = props.getProperty("configuration.xml.out");
//check if XML config should be used
if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
if (moaidconfig != null)
ConfigurationDBUtils.delete(moaidconfig);
List oas = ConfigurationDBRead.getAllOnlineApplications();
if (oas != null && oas.size() > 0) {
for (OnlineApplication oa : oas)
ConfigurationDBUtils.delete(oa);
}
}
//load legacy config if it is configured
if (MiscUtil.isNotEmpty(legacyconfig)) {
Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!");
MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null);
List oas = moaconfig.getOnlineApplication();
for (OnlineApplication oa : oas)
ConfigurationDBUtils.save(oa);
moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.save(moaconfig);
Logger.info("Legacy Configuration load is completed.");
}
//load MOA-ID 2.x config from XML
if (MiscUtil.isNotEmpty(xmlconfig)) {
Logger.warn("Load configuration from MOA-ID 2.x XML configuration");
try {
JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
Unmarshaller m = jc.createUnmarshaller();
File file = new File(xmlconfig);
MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file);
//ConfigurationDBUtils.save(moaconfig);
List importoas = moaconfig.getOnlineApplication();
for (OnlineApplication importoa : importoas) {
ConfigurationDBUtils.saveOrUpdate(importoa);
}
moaconfig.setOnlineApplication(null);
ConfigurationDBUtils.saveOrUpdate(moaconfig);
} catch (Exception e) {
Logger.warn("MOA-ID XML configuration can not be loaded from File.", e);
throw new ConfigurationException("config.02", null);
}
Logger.info("XML Configuration load is completed.");
}
reloadDataBaseConfig();
} catch (Throwable t) {
throw new ConfigurationException("config.02", null, t);
}
}
public synchronized void reloadDataBaseConfig() throws ConfigurationException {
Logger.info("Read MOA-ID 2.0 configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
Logger.info("MOA-ID 2.0 is loaded.");
if (moaidconfig == null) {
Logger.warn("NO MOA-ID configuration found.");
throw new ConfigurationException("config.18", null);
}
//build STORK Config
AuthComponentGeneral auth = getAuthComponentGeneral();
ForeignIdentities foreign = auth.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
} else
storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
ChainingModes cm = moaidconfig.getChainingModes();
if (cm != null) {
defaultChainingMode = cm.getSystemDefaultMode().value();
List tas = cm.getTrustAnchor();
chainingModes = new HashMap();
for (TrustAnchor ta : tas) {
IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber());
chainingModes.put(is, ta.getMode().value());
}
} else {
Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found.");
throw new ConfigurationException("config.02", null);
}
//set Trusted CA certs directory
trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
//set CertStoreDirectory
setCertStoreDirectory();
//set TrustManagerRevocationChecking
setTrustManagerRevocationChecking();
//set default timeouts
timeouts = new TimeOuts();
timeouts.setAssertion(new BigInteger("300"));
timeouts.setMOASessionCreated(new BigInteger("2700"));
timeouts.setMOASessionUpdated(new BigInteger("1200"));
//search timeouts in config
if (auth.getGeneralConfiguration() != null) {
if (auth.getGeneralConfiguration().getTimeOuts() != null) {
if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
} else {
Logger.info("No TimeOuts defined. Use default values");
}
}
// sets the authentication session and authentication data time outs
AuthenticationServer.getInstance()
.setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
AuthenticationServer.getInstance()
.setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
AuthenticationServer.getInstance()
.setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
allowedProtcols = new ProtocolAllowed();
if (protocols.getSAML1() != null) {
allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive());
//load alternative sourceID
if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID()))
alternativesourceid = protocols.getSAML1().getSourceID();
}
if (protocols.getOAuth() != null) {
allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive());
}
if (protocols.getPVP2() != null) {
PVP2 el = protocols.getPVP2();
allowedProtcols.setPVP21Active(el.isIsActive());
pvp2general = new PVP2();
pvp2general.setIssuerName(el.getIssuerName());
pvp2general.setPublicURLPrefix(el.getPublicURLPrefix());
if (el.getOrganization() != null) {
Organization org = new Organization();
pvp2general.setOrganization(org);
org.setDisplayName(el.getOrganization().getDisplayName());
org.setName(el.getOrganization().getName());
org.setURL(el.getOrganization().getURL());
}
if (el.getContact() != null) {
List cont = new ArrayList();
pvp2general.setContact(cont);
for (Contact e : el.getContact()) {
Contact c = new Contact();
c.setCompany(e.getCompany());
c.setGivenName(e.getGivenName());
c.getMail().addAll(e.getMail());
c.getPhone().addAll(e.getPhone());
c.setSurName(e.getSurName());
c.setType(e.getType());
cont.add(c);
}
}
}
} else {
Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found.");
}
//set alternativeSourceID
if (auth.getGeneralConfiguration() != null) {
//TODO: can be removed in a further version, because it is moved to SAML1 config
if (MiscUtil.isEmpty(alternativesourceid))
alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
else {
Logger.error("No Public URL Prefix configured.");
throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
}
} else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
}
//set LegacyAllowedProtocols
try {
if (auth.getProtocols() != null) {
Protocols procols = auth.getProtocols();
if (procols.getLegacyAllowed() != null) {
LegacyAllowed legacy = procols.getLegacyAllowed();
legacyallowedprotocols = new ArrayList(legacy.getProtocolName());
}
}
} catch (Exception e) {
Logger.info("No protocols found with legacy allowed flag!");
}
//set VerifyAuthBlockConfig
MOASP moasp = getMOASPConfig(auth);
VerifyAuthBlock el = moasp.getVerifyAuthBlock();
if (el != null) {
verifyidl = new VerifyAuthBlock();
verifyidl.setTrustProfileID(el.getTrustProfileID());
verifyidl.setVerifyTransformsInfoProfileID(new ArrayList(el.getVerifyTransformsInfoProfileID()));
}
else {
Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
throw new ConfigurationException("config.02", null);
}
//set MOASP connection parameters
if (moasp.getConnectionParameter() != null)
MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir);
else
MoaSpConnectionParameter = null;
//set ForeignIDConnectionParameters
if (foreign != null) {
ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir);
} else {
Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found");
}
//set OnlineMandateConnectionParameters
OnlineMandates ovs = auth.getOnlineMandates();
if (ovs != null) {
OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir);
} else {
Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found");
}
//set MOASP IdentityLink Trust-ProfileID
VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink();
if (verifyidl != null)
MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID();
else {
Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation.");
throw new ConfigurationException("config.02", null);
}
//set SL transformation infos
SecurityLayer seclayer = auth.getSecurityLayer();
if (seclayer == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
throw new ConfigurationException("config.02", null);
} else {
TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo());
if (TransformsInfos == null || TransformsInfos.size() == 0) {
Logger.error("No Security-Layer Transformation found.");
throw new ConfigurationException("config.05", new Object[]{"Security-Layer Transformation"});
}
}
//set IdentityLinkSignerSubjectNames
IdentityLinkX509SubjectNames = new ArrayList();
IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
if (idlsigners != null) {
Logger.debug("Load own IdentityLinkX509SubjectNames");
IdentityLinkX509SubjectNames.addAll(new ArrayList(idlsigners.getX509SubjectName()));
}
// now add the default identity link signers
String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
for (int i=0; i getLegacyAllowedProtocols() {
return legacyallowedprotocols;
}
/**
* Provides configuration information regarding the online application behind
* the given URL, relevant to the MOA-ID Auth component.
*
* @param oaURL URL requested for an online application
* @return an OAAuthParameter
, or null
* if none is applicable
*/
public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL);
if (oa == null) {
Logger.warn("Online application with identifier " + oaURL + " is not found.");
return null;
}
return new OAAuthParameter(oa);
}
/**
* Return a string with a url-reference to the VerifyAuthBlock trust
* profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyAuthBlock trust profile ID
* @throws ConfigurationException
*/
public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
return verifyidl.getTrustProfileID();
}
/**
* Return a string array with references to all verify transform info
* IDs within the moa-sp part of the authentication component
* @return A string array containing all urls to the
* verify transform info IDs
* @throws ConfigurationException
*/
public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
return verifyidl.getVerifyTransformsInfoProfileID();
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component moa-sp element
* @return ConnectionParameter of the authentication component moa-sp element
* @throws ConfigurationException
*/
public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
return MoaSpConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component foreigid element
* @return ConnectionParameter of the authentication component foreignid element
* @throws ConfigurationException
*/
public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException {
return ForeignIDConnectionParameter;
}
/**
* Return a ConnectionParameter bean containing all information
* of the authentication component OnlineMandates element
* @return ConnectionParameter of the authentication component OnlineMandates element
* @throws ConfigurationException
*/
public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException {
return OnlineMandatesConnectionParameter;
}
/**
* Return a string with a url-reference to the VerifyIdentityLink trust
* profile id within the moa-sp part of the authentication component
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
* @throws ConfigurationException
*/
public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
return MoaSpIdentityLinkTrustProfileID;
}
/**
* Returns the transformsInfos.
* @return String[]
* @throws ConfigurationException
*/
public List getTransformsInfos() throws ConfigurationException {
return TransformsInfos;
}
/**
* Returns the identityLinkX509SubjectNames.
* @return List
* @throws ConfigurationException
*/
public List getIdentityLinkX509SubjectNames() throws ConfigurationException {
return IdentityLinkX509SubjectNames;
}
public List getSLRequestTemplates() throws ConfigurationException {
return new ArrayList(SLRequestTemplates.values());
}
public String getSLRequestTemplates(String type) throws ConfigurationException {
String el = SLRequestTemplates.get(type);
if (MiscUtil.isNotEmpty(el))
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
public List getDefaultBKUURLs() throws ConfigurationException {
return new ArrayList(DefaultBKUURLs.values());
}
public String getDefaultBKUURL(String type) throws ConfigurationException {
String el = DefaultBKUURLs.get(type);
if (MiscUtil.isNotEmpty(el))
return el;
else {
Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU);
return null;
}
}
// public boolean isSSOBusinessService() throws ConfigurationException {
//
// if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
// return true;
// else
// return false;
// }
public String getSSOTagetIdentifier() throws ConfigurationException {
if (ssoconfig != null)
return ssoconfig.getTarget();
else
return null;
}
// public String getSSOTarget() throws ConfigurationException {
// if (ssoconfig!= null)
// return ssoconfig.getTarget();
//
// return null;
// }
public String getSSOFriendlyName() {
if (ssoconfig!= null) {
if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName()))
return ssoconfig.getFriendlyName();
}
return "Default MOA-ID friendly name for SSO";
}
public String getSSOSpecialText() {
if (ssoconfig!= null) {
String text = ssoconfig.getSpecialText();
if (MiscUtil.isEmpty(text))
text = new String();
return text;
}
return new String();
}
public String getMOASessionEncryptionKey() {
String prop = props.getProperty("configuration.moasession.key");
if (MiscUtil.isEmpty(prop))
return null;
else
return prop;
}
public boolean isIdentityLinkResigning() {
String prop = props.getProperty("configuration.resignidentitylink.active", "false");
return Boolean.valueOf(prop);
}
public String getIdentityLinkResigningKey() {
String prop = props.getProperty("configuration.resignidentitylink.keygroup");
if (MiscUtil.isNotEmpty(prop))
return prop;
else
return null;
}
public boolean isMonitoringActive() {
String prop = props.getProperty("configuration.monitoring.active", "false");
return Boolean.valueOf(prop);
}
public String getMonitoringTestIdentityLinkURL() {
String prop = props.getProperty("configuration.monitoring.test.identitylink.url");
if (MiscUtil.isNotEmpty(prop))
return prop;
else
return null;
}
public String getMonitoringMessageSuccess() {
String prop = props.getProperty("configuration.monitoring.message.success");
if (MiscUtil.isNotEmpty(prop))
return prop;
else
return null;
}
public boolean isAdvancedLoggingActive() {
String prop = props.getProperty("configuration.advancedlogging.active", "false");
return Boolean.valueOf(prop);
}
public String getPublicURLPrefix() {
return publicURLPreFix;
}
public boolean isPVP2AssertionEncryptionActive() {
String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true");
return Boolean.valueOf(prop);
}
public boolean isCertifiacteQCActive() {
String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
return !Boolean.valueOf(prop);
}
/**
* Retruns the STORK Configuration
* @return STORK Configuration
* @throws ConfigurationException
*/
public STORKConfig getStorkConfig() throws ConfigurationException {
return storkconfig;
}
private void setCertStoreDirectory() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
if (auth.getGeneralConfiguration() != null)
certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory();
else {
Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
throw new ConfigurationException("config.02", null);
}
}
private void setTrustManagerRevocationChecking() throws ConfigurationException {
AuthComponentGeneral auth = getAuthComponentGeneral();
if (auth.getGeneralConfiguration() != null)
trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking();
else {
Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.");
throw new ConfigurationException("config.02", null);
}
}
private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
if (authgeneral == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
throw new ConfigurationException("config.02", null);
}
return authgeneral;
}
private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
MOASP moasp = authgeneral.getMOASP();
if (moasp == null) {
Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
throw new ConfigurationException("config.02", null);
}
return moasp;
}
}