/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.auth; import java.io.IOException; import java.security.PrivateKey; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import org.apache.commons.lang.SerializationUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationGatewayType; import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters; import at.gv.egovernment.moa.id.data.EncryptedData; import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; /** * Configuration parameters belonging to an online application, * to use with the MOA ID Auth component. * * @author Stefan Knirsch * @version $Id$ */ /** * * * @author Harald Bratko */ public class OAAuthParameter extends OAParameter implements IOAAuthParameters { private AuthComponentOA oa_auth; private String keyBoxIdentifier; private InterfederationIDPType inderfederatedIDP = null; private InterfederationGatewayType interfederatedGateway = null; public OAAuthParameter(OnlineApplication oa) { super(oa); this.oa_auth = oa.getAuthComponentOA(); this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); this.inderfederatedIDP = oa.getInterfederationIDP(); this.interfederatedGateway = oa.getInterfederationGateway(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ @Override public String getIdentityLinkDomainIdentifier() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); if (idnumber != null) return idnumber.getValue(); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ @Override public String getKeyBoxIdentifier() { return keyBoxIdentifier; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() */ @Override public List getTransformsInfos() { List transformations = oa_auth.getTransformsInfo(); return ConfigurationUtils.getTransformInfos(transformations); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() */ @Override public OASAML1 getSAML1Parameter() { return oa_auth.getOASAML1(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() */ @Override public OAPVP2 getPVP2Parameter() { return oa_auth.getOAPVP2(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ @Override public List getTemplateURL() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { if (templates.getTemplate() != null) { return templates.getTemplate(); } } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() */ @Override public String getAditionalAuthBlockText() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { return templates.getAditionalAuthBlockText(); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) */ @Override public String getBKUURL(String bkutype) { BKUURLS bkuurls = oa_auth.getBKUURLS(); if (bkuurls != null) { if (bkutype.equals(ONLINEBKU)) return bkuurls.getOnlineBKU(); else if (bkutype.equals(HANDYBKU)) return bkuurls.getHandyBKU(); else if (bkutype.equals(LOCALBKU)) return bkuurls.getLocalBKU(); } Logger.warn("BKU Type does not match: " + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() */ @Override public List getBKUURL() { BKUURLS bkuurls = oa_auth.getBKUURLS(); List list = new ArrayList(); if (bkuurls == null) { Logger.warn("BKU Type does not match: " + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); } else { list.add(bkuurls.getOnlineBKU()); list.add(bkuurls.getHandyBKU()); list.add(bkuurls.getLocalBKU()); } return list; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() */ @Override public boolean useSSO() { OASSO sso = oa_auth.getOASSO(); if (sso != null) return sso.isUseSSO(); else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() */ @Override public boolean useSSOQuestion() { OASSO sso = oa_auth.getOASSO(); if (sso != null) return sso.isAuthDataFrame(); else return true; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() */ @Override public String getSingleLogOutURL() { OASSO sso = oa_auth.getOASSO(); if (sso != null) return sso.getSingleLogOutURL(); else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ @Override public List getMandateProfiles() { Mandates mandates = oa_auth.getMandates(); List list = new ArrayList(); if (mandates != null) { String oldProfilList = mandates.getProfiles(); List profileList = mandates.getProfileNameItems(); for (MandatesProfileNameItem el : profileList) { list.add(el.getItem()); } //only for RC1 if (MiscUtil.isNotEmpty(oldProfilList)) { String profilesArray[] = oldProfilList.split(","); for(int i = 0; i < profilesArray.length; i++) { list.add(profilesArray[i].trim()); } } return list; } else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ @Override public String getIdentityLinkDomainIdentifierType() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); if (idnumber != null) return idnumber.getType(); return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() */ @Override public boolean isShowMandateCheckBox() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); if (bkuselection != null) { if (bkuselection.isMandateLoginButton() != null) return bkuselection.isMandateLoginButton(); } } return true; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() */ @Override public boolean isOnlyMandateAllowed() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); if (bkuselection != null) { if (bkuselection.isOnlyMandateLoginAllowed() != null) return bkuselection.isOnlyMandateLoginAllowed(); } } return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() */ @Override public boolean isShowStorkLogin() { try { return oa_auth.getOASTORK().isStorkLogonEnabled(); } catch (NullPointerException e) { return false; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() */ @Override public Map getFormCustomizaten() { TemplatesType templates = oa_auth.getTemplates(); Map map = new HashMap(); map.putAll(FormBuildUtils.getDefaultMap()); if (templates != null) { BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization(); if (bkuselection != null) { if (MiscUtil.isNotEmpty(bkuselection.getBackGroundColor())) map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, bkuselection.getBackGroundColor()); if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColor())) map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, bkuselection.getButtonBackGroundColor()); if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColorFocus())) map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, bkuselection.getButtonBackGroundColorFocus()); if (MiscUtil.isNotEmpty(bkuselection.getButtonFontColor())) map.put(FormBuildUtils.BUTTON_COLOR, bkuselection.getButtonFontColor()); if (MiscUtil.isNotEmpty(bkuselection.getFontType())) map.put(FormBuildUtils.FONTFAMILY, bkuselection.getFontType()); if (MiscUtil.isNotEmpty(bkuselection.getFrontColor())) map.put(FormBuildUtils.MAIN_COLOR, bkuselection.getFrontColor()); if (MiscUtil.isNotEmpty(bkuselection.getHeaderBackGroundColor())) map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, bkuselection.getHeaderBackGroundColor()); if (MiscUtil.isNotEmpty(bkuselection.getHeaderFrontColor())) map.put(FormBuildUtils.HEADER_COLOR, bkuselection.getHeaderFrontColor()); if (MiscUtil.isNotEmpty(bkuselection.getHeaderText())) map.put(FormBuildUtils.HEADER_TEXT, bkuselection.getHeaderText()); if (MiscUtil.isNotEmpty(bkuselection.getAppletRedirectTarget())) map.put(FormBuildUtils.REDIRECTTARGET, bkuselection.getAppletRedirectTarget()); if (MiscUtil.isNotEmpty(bkuselection.getAppletHeight())) map.put(FormBuildUtils.APPLET_HEIGHT, bkuselection.getAppletHeight()); if (MiscUtil.isNotEmpty(bkuselection.getAppletWidth())) map.put(FormBuildUtils.APPLET_WIDTH, bkuselection.getAppletWidth()); } } return map; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ @Override public Integer getQaaLevel() { if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null && oa_auth.getOASTORK().getQaa() >= 1 && oa_auth.getOASTORK().getQaa() <= 4) return oa_auth.getOASTORK().getQaa(); else return 4; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ @Override public List getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() */ @Override public boolean isRequireConsentForStorkAttributes() { try{ if (isSTORKPVPGateway()) return false; return oa_auth.getOASTORK().isRequireConsent(); }catch(Exception e) { e.printStackTrace(); Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'"); return true; } } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() */ @Override public List getStorkAPs() { if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getAttributeProviders() != null) return oa_auth.getOASTORK().getAttributeProviders(); else return new ArrayList(); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() */ @Override public byte[] getBKUSelectionTemplate() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null && templates.getBKUSelectionTemplate() != null) { return templates.getBKUSelectionTemplate().getTransformation(); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() */ @Override public byte[] getSendAssertionTemplate() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null && templates.getSendAssertionTemplate() != null) { return templates.getSendAssertionTemplate().getTransformation(); } return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() */ @Override public List getPepsList() { return new ArrayList(oa_auth.getOASTORK().getCPEPS()); } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() */ @Override public String getIDPAttributQueryServiceURL() { if (inderfederatedIDP != null) return inderfederatedIDP.getAttributeQueryURL(); else return null; } @Override public boolean isInboundSSOInterfederationAllowed() { if (inderfederatedIDP != null) return inderfederatedIDP.isInboundSSO(); else return false; } @Override public boolean isOutboundSSOInterfederationAllowed() { if (inderfederatedIDP != null) return inderfederatedIDP.isOutboundSSO(); else return false; } @Override public boolean isPassivRequestUsedForInterfederation() { if (inderfederatedIDP != null) return inderfederatedIDP.isPerformPassivRequest().booleanValue(); else return false; } @Override public boolean isPerformLocalAuthenticationOnInterfederationError() { if (inderfederatedIDP != null) return inderfederatedIDP.isPerformLocalAuthenticationOnError().booleanValue(); else return false; } @Override public boolean isInterfederationSSOStorageAllowed() { if (inderfederatedIDP != null) return inderfederatedIDP.isStoreSSOSession().booleanValue(); else return false; } public boolean isIDPPublicService() { return !getBusinessService(); } public String getSTORKPVPForwardEntity() { if (interfederatedGateway != null) { return interfederatedGateway.getForwardIDPIdentifier(); } else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() */ @Override public boolean isTestCredentialEnabled() { TestCredentials testing = oa_auth.getTestCredentials(); if (testing != null && testing.isEnableTestCredentials()) return true; else return false; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() */ @Override public List getTestCredentialOIDs() { TestCredentials testing = oa_auth.getTestCredentials(); if (testing != null && testing.getCredentialOID().size() > 0) return testing.getCredentialOID(); else return null; } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters() */ @Override public PrivateKey getBPKDecBpkDecryptionKey() { try { EncryptedData encdata = new EncryptedData( oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(), oa_auth.getEncBPKInformation().getBPKDecryption().getIv()); byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata); BPKDecryptionParameters data = (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData); return data.getPrivateKey(); } catch (BuildException e) { // TODO Auto-generated catch block Logger.error("Can not decrypt key information for bPK decryption", e); } catch (NullPointerException e) { Logger.error("No keyInformation found for bPK decryption"); } return null; } }