package at.gv.egovernment.moa.id.config.auth;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.pki.revocation.RevocationSourceTypes;
/**
* A class providing access to the Auth Part of the MOA-ID configuration data.
*/
public class PropertyBasedAuthConfigurationProvider extends ConfigurationProviderImpl implements AuthConfiguration {
private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true;
private MOAIDConfiguration configuration;
private boolean requireJDBCBackupImplementation = false;
public PropertyBasedAuthConfigurationProvider(String configFileName) throws ConfigurationException, EAAFConfigurationException {
super(configFileName);
// try {
Logger.info("Loading MOA-ID-AUTH configuration " + getConfigurationFilePath().toString());
initialize();
// } catch (URISyntaxException e){
// Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e);
// throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, configFileName});
//
// }
}
//TODO: add EAAFCore configuration prefix if required
@Override
public String getApplicationSpecificKeyPrefix() {
return null;
}
@Override
protected String getBackupConfigPath() {
return System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
}
/**
* Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component.
*
* @param oaURL URL requested for an online application
* @return an OAAuthParameter, or null if none is applicable
*/
@Override
@Transactional
public ISPConfiguration getServiceProviderConfiguration(String spIdentifier) throws EAAFConfigurationException {
Map oa = getActiveOnlineApplication(spIdentifier);
if (oa == null) {
return null;
}
return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
}
/**
* Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component.
*
* @param oaURL URL requested for an online application
* @return an OAAuthParameter, or null if none is applicable
*/
@SuppressWarnings("unchecked")
@Override
@Transactional
public T getServiceProviderConfiguration(String spIdentifier, final Class decorator) throws EAAFConfigurationException {
ISPConfiguration spConfig = getServiceProviderConfiguration(spIdentifier);
if (spConfig != null && decorator != null) {
if (decorator.isInstance(spConfig))
return (T)spConfig;
else
Logger.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName());
}
return null;
}
/**
* Set the {@link Configuration} for this class.
* @param configuration the configuration
*/
@Autowired
public void setConfiguration(MOAIDConfiguration configuration) {
this.configuration = configuration;
}
/**
* Method that avoids iterating over a {@link Collection} of type {@code T} which is actual {@code null}.
* @param item the collection
* @return the given {@link Collection} {@code item} if it is not {@code null}, or an empty {@link List} otherwise.
*/
@SuppressWarnings("unchecked")
public static > T nullGuard(T item) {
if (item == null) {
return (T) Collections.emptyList();
} else {
return item;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)
*/
@Override
@Transactional
public Map getConfigurationWithPrefix(String Prefix) {
try {
return configuration.getPropertySubset(Prefix);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Loading property with Prefix " + Prefix + " FAILED.", e);
return new HashMap();
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertiesWithPrefix(java.lang.String)
*/
@Override
@Transactional
public Map getConfigurationWithWildCard(String key) {
try {
return configuration.searchPropertiesWithWildcard(key);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Loading property with searchKey " + key + " FAILED.", e);
return new HashMap();
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)
*/
@Override
@Transactional
public String getConfigurationWithKey(String key) {
try {
String value = configuration.getStringValue(key);
if (value != null)
return value.trim();
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {}
return null;
}
/**
* Returns the general pvp2 properties config. NOTE: may be empty but never {@code null}.
* @return the general pvp2 properties config.
*/
@Transactional
public Properties getGeneralPVP2ProperiesConfig() {
return this.getGeneralProperiesConfig("protocols.pvp2.");
}
/**
* Returns the general oauth20 properties config. NOTE: may be empty but never {@code null}.
* @return the general oauth20 properties config.
*/
@Transactional
public Properties getGeneralOAuth20ProperiesConfig() {
return this.getGeneralProperiesConfig("protocols.oauth20.");
}
/**
* Returns the allowed protocols. NOTE: may return {@code null}.
*
* @return the allowed protocols or {@code null}.
*/
@Transactional
public ProtocolAllowed getAllowedProtocols() {
try {
ProtocolAllowed allowedProtcols = new ProtocolAllowed();
allowedProtcols.setOAUTHActive(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED, true));
allowedProtcols.setSAML1Active(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED, false));
allowedProtcols.setPVP21Active(
configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED, true));
return allowedProtcols;
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.error("Can not load protocol enabled information from configuration.", e);
return null;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getTransactionTimeOut()
*/
@Override
@Transactional
public int getTransactionTimeOut() {
try {
return configuration.getIntegerValue(
MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUTS_TRANSACTION, 300);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("No transaction timeout defined. Use default values", e);
return 300;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOCreatedTimeOut()
*/
@Override
@Transactional
public int getSSOCreatedTimeOut() {
try {
return configuration.getIntegerValue(
MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_CREATE, 2700);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("No SSO created timeout defined. Use default values", e);
return 2700;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getSSOUpdatedTimeOut()
*/
@Override
@Transactional
public int getSSOUpdatedTimeOut() {
try {
return configuration.getIntegerValue(
MOAIDConfigurationConstants.GENERAL_AUTH_TIMEOUS_SSO_UPDATE, 1200);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("No SSO updated timeout defined. Use default values", e);
return 1200;
}
}
/**
* Returns an alternative source ID. NOTE: may return {@code null}.
*
* @return an alternative source ID or {@code null}.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
@Transactional
public String getAlternativeSourceID() throws ConfigurationException {
try {
return configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("SAML1 SourceID can not be read from configuration.", e);
return null;
}
}
/**
* Returns a list of legacy allowed protocols. NOTE: may return an empty list but never {@code null}.
*
* @return the list of protocols.
*/
@Transactional
public List getLegacyAllowedProtocols() {
List legacy = new ArrayList();
try {
if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY, false)) {
try {
Class saml1Protocol = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol");
legacy.add(saml1Protocol.getName());
} catch (ClassNotFoundException e) {
Logger.warn("SAML1 Protocol implementation is not found, but SAML1 legacy-mode is active.. ");
}
}
if (configuration.getBooleanValue(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY, false))
legacy.add(PVP2XProtocol.NAME);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Load legacy protocol configuration property FAILED.", e);
}
return legacy;
}
/**
* Returns a string with a url-reference to the VerifyAuthBlock trust profile id within the moa-sp part of the authentication component.
*
* @return a string with a url-reference to the VerifyAuthBlock trust profile ID.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
*/
@Transactional
public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
if (useTestTrustStore)
return getMoaSpAuthBlockTestTrustProfileID();
else
return getMoaSpAuthBlockTrustProfileID();
}
private String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("AuthBlock validation trustprofile can not be read from configuration.", e);
return null;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpAuthBlockTestTrustProfileID()
*/
private String getMoaSpAuthBlockTestTrustProfileID()
throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_TEST);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Test-AuthBlock validation trustprofile can not be read from configuration.", e);
return null;
}
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTestTrustProfileID()
*/
private String getMoaSpIdentityLinkTestTrustProfileID()
throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_TEST);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Test-IdentityLink validation trustprofile can not be read from configuration.", e);
return null;
}
}
/**
* Returns a list of strings with references to all verify transform info IDs within the moa-sp part of the authentication component.
*
* @return a list of strings containing all urls to the verify transform info IDs.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
*/
@Transactional
public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
try {
return Arrays.asList(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM));
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("AuthBlock transformation can not be read from configuration.", e);
return null;
}
}
/**
* Returns a ConnectionParameter bean containing all information of the authentication component moa-sp element.
*
* @return ConnectionParameter of the authentication component moa-sp element.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
*/
@Transactional
public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException {
ConnectionParameter result = null;
String moaspURL;
try {
moaspURL = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL);
if (moaspURL != null) {
result =
new ConnectionParameterMOASP(moaspURL, getFullConfigurationProperties(), getRootConfigFileDir());
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Loading MOA-SP Service URL from configuration FAILED.", e);
}
return result;
}
// /**
// * Returns the {@link ConnectionParameter} for the ForeignID. NOTE: may return {@code null}.
// *
// * @return the connection parameter.
// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}.
// */
// @Transactional
// @Deprecated
// public ConnectionParameter getForeignIDConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
// String serviceURL = null;
// try {
// //load OA specific MIS service URL if OA configuration exists
// if (oaParameters != null)
// serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
//
// //get first entry from general configuration if no OA specific URL exists
// if (MiscUtil.isEmpty(serviceURL)) {
// List serviceURLs = KeyValueUtils.getListOfCSVValues(
// configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
// if (serviceURLs.size() > 0)
// serviceURL = serviceURLs.get(0);
//
// }
//
// if (MiscUtil.isNotEmpty(serviceURL))
// return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
//
// else
// throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"});
//
// } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
// Logger.warn("Initialize SZR-GW service connection parameters FAILED.", e);
// throw new ConfigurationException("service.09", new Object[]{e.getMessage()}, e);
//
// }
// }
/**
* Returns the {@link ConnectionParameter} for the OnlineMandates. NOTE: may return {@code null}.
*
* @return the connection parameter.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
@Transactional
public ConnectionParameter getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) throws ConfigurationException {
String serviceURL = null;
try {
//load OA specific MIS service URL if OA configuration exists
if (oaParameters != null)
serviceURL = oaParameters.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_MIS_SERVICE_URL);
//get first entry from general configuration if no OA specific URL exists
if (MiscUtil.isEmpty(serviceURL)) {
List serviceURLs = KeyValueUtils.getListOfCSVValues(
configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_OVS_URL));
if (serviceURLs.size() > 0)
serviceURL = serviceURLs.get(0);
}
if (MiscUtil.isNotEmpty(serviceURL))
return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
else
throw new ConfigurationException("service.06", new Object[]{"NO MIS Service URL"});
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Initialize MIS service connection parameters FAILED.", e);
throw new ConfigurationException("service.06", new Object[]{e.getMessage()}, e);
}
}
/**
* Returns a string with a url-reference to the VerifyIdentityLink trust profile id within the moa-sp part of the authentication component
*
* @return String with a url-reference to the VerifyIdentityLink trust profile ID
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link VerifyIdentityLink}.
*/
private String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("IdentityLink validation trustprofile can not be read from configuration.", e);
return null;
}
}
/**
* Returns a non-empty list of transform infos. NOTE: list is never {@code empty} or {@code null}.
*
* @return a list of transform infos.
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link SecurityLayer}.
*/
@Transactional
public List getTransformsInfos() throws ConfigurationException {
try {
String securityLayer = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64);
if (securityLayer != null) {
List result = ConfigurationUtils.getTransformInfos(securityLayer);
if (result == null || result.isEmpty()) {
Logger.error("No Security-Layer Transformation found.");
throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" });
}
return result;
} else {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found");
throw new ConfigurationException("config.02", null);
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.error("No Security-Layer Transformation found.");
throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" });
}
}
/**
* Returns a list of IdentityLinkX509SubjectNames. NOTE: may return an empty list but never {@code null}.
*
* @return the list of IdentityLinkX509SubjectNames.
*
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
@Transactional
public List getIdentityLinkX509SubjectNames() throws ConfigurationException {
ArrayList identityLinkX509SubjectNames = new ArrayList();
String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
for (int i = 0; i < identityLinkSignersWithoutOID.length; i++) {
String identityLinkSigner = identityLinkSignersWithoutOID[i];
if (!identityLinkX509SubjectNames.contains(identityLinkSigner)) {
identityLinkX509SubjectNames.add(identityLinkSigner);
}
}
return identityLinkX509SubjectNames;
}
/**
* Returns a list of default SLRequestTemplates. NOTE: may return an empty list but never {@code null}.
*
* @return list of default SLRequestTemplates.
* @throws ConfigurationException is never thrown
*/
@Transactional
public List getSLRequestTemplates() throws ConfigurationException {
List templatesList = new ArrayList();
try {
templatesList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL));
templatesList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD));
templatesList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY));
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e);
}
return templatesList;
}
/**
* Returns the type's default SLRequestTemplate. NOTE: may return {@code null}.
*
* @param type the type of BKU.
* @return the default SLRequestTemplate for the given type.
*
* @throws ConfigurationException is never thrown
*/
@Transactional
public String getSLRequestTemplates(String type) throws ConfigurationException {
String slRequestTemplate = null;
try {
switch (type) {
case IOAAuthParameters.THIRDBKU:
slRequestTemplate = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_THIRD);
break;
case IOAAuthParameters.LOCALBKU:
slRequestTemplate = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_LOCAL);
break;
case IOAAuthParameters.HANDYBKU:
slRequestTemplate = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_TEMPLATES_HANDY);
break;
default:
Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.THIRDBKU + " or " + IOAAuthParameters.HANDYBKU + " or "
+ IOAAuthParameters.LOCALBKU);
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("SecurtiyLayer request templates are not loadable from configuration.", e);
}
return slRequestTemplate;
}
/**
* Returns a list of default BKUURLs. NOTE: may return an empty list but never {@code null}.
*
* @return list of default BKUURLs.
* @throws ConfigurationException is never thrown
*/
@Transactional
public List getDefaultBKUURLs() throws ConfigurationException {
List bkuurlsList = new ArrayList();
try {
bkuurlsList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD));
bkuurlsList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL));
bkuurlsList.add(configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY));
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("BKU URLs are not loadable from configuration.", e);
}
return bkuurlsList;
}
/**
* Returns the type's default BKUURL. NOTE: may return {@code null}.
*
* @param type the type of BKU.
* @return the default BKUURL for the given type.
*
* @throws ConfigurationException is never thrown
*/
@Transactional
public String getDefaultBKUURL(String type) throws ConfigurationException {
String defaultBKUUrl = null;
try {
switch (type) {
case IOAAuthParameters.THIRDBKU:
defaultBKUUrl = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_THIRD);
break;
case IOAAuthParameters.LOCALBKU:
defaultBKUUrl = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_LOCAL);
break;
case IOAAuthParameters.HANDYBKU:
defaultBKUUrl = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_DEFAULTS_BKU_HANDY);
break;
default:
Logger.warn("getDefaultBKUURL: BKU Type does not match: " + IOAAuthParameters.THIRDBKU + " or " + IOAAuthParameters.HANDYBKU + " or "
+ IOAAuthParameters.LOCALBKU);
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("BKU URLs are not loadable from configuration.", e);
}
return defaultBKUUrl;
}
/**
* Returns the SSOTagetIdentifier. NOTE: returns {@code null} if no SSOTargetIdentifier is set.
*
* @return the SSOTagetIdentifier or {@code null}
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
@Transactional
public String getSSOTagetIdentifier() throws ConfigurationException {
try {
String value = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET);
if (MiscUtil.isNotEmpty(value))
return value.trim();
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Single Sign-On Target can not be read from configuration.", e);
}
return null;
}
/**
* Returns the SSOFriendlyName. NOTE: never returns {@code null}, if no SSOFriendlyName is set, a default String is returned.
*
* @return the SSOFriendlyName or a default String
*/
@Transactional
public String getSSOFriendlyName() {
try {
return configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, "Default MOA-ID friendly name for SSO");
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Single Sign-On FriendlyName can not be read from configuration.", e);
return "Default MOA-ID friendly name for SSO";
}
}
/**
* Returns the SSOSpecialText. NOTE: never returns {@code null}, if no SSOSpecialText is set, an empty String is returned.
*
* @return the SSOSpecialText or an empty String
*/
@Transactional
public String getSSOSpecialText() {
try {
String text = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT);
return MiscUtil.isEmpty(text) ? new String() : text;
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("Single Sign-On AuthBlockText can not be read from configuration.", e);
return new String();
}
}
/**
* Returns the MOASessionEncryptionKey NOTE: returns {@code null} if no MOASessionEncryptionKey is set.
*
* @return the MOASessionEncryptionKey or {@code null}
*/
public String getMOASessionEncryptionKey() {
String prop = getFullConfigurationProperties().getProperty("configuration.moasession.key");
return MiscUtil.isNotEmpty(prop) ? prop : null;
}
/**
* Returns the MOAConfigurationEncryptionKey NOTE: returns {@code null} if no MOAConfigurationEncryptionKey is set.
*
* @return the MOAConfigurationEncryptionKey or {@code null}
*/
public String getMOAConfigurationEncryptionKey() {
String prop = getFullConfigurationProperties().getProperty("configuration.moaconfig.key");
return MiscUtil.isNotEmpty(prop) ? prop : null;
}
/**
* @return {@code true} if IdentityLinkResigning is set, {@code false} otherwise.
*/
public boolean isIdentityLinkResigning() {
String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.active", "false");
return Boolean.valueOf(prop);
}
/**
* Returns the IdentityLinkResigningKey. NOTE: returns {@code null} if no IdentityLinkResigningKey is set.
*
* @return the IdentityLinkResigningKey or {@code null}
*/
public String getIdentityLinkResigningKey() {
String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.keygroup");
return MiscUtil.isNotEmpty(prop) ? prop : null;
}
/**
* @return {@code true} if MonitoringActive is set, {@code false} otherwise.
*/
public boolean isMonitoringActive() {
String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.active", "false");
return Boolean.valueOf(prop);
}
/**
* Returns the MonitoringTestIdentityLinkURL. NOTE: returns {@code null} if no MonitoringTestIdentityLinkURL is set.
*
* @return the MonitoringTestIdentityLinkURL or {@code null}
*/
public String getMonitoringTestIdentityLinkURL() {
String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.test.identitylink.url");
return MiscUtil.isNotEmpty(prop) ? prop : null;
}
/**
* Returns the MonitoringMessageSuccess. NOTE: returns {@code null} if no MonitoringMessageSuccess is set.
*
* @return the MonitoringMessageSuccess or {@code null}
*/
public String getMonitoringMessageSuccess() {
String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.message.success");
return MiscUtil.isNotEmpty(prop) ? prop : null;
}
/**
* @return {@code true} if AdvancedLoggingActive is set, {@code false} otherwise.
*/
public boolean isAdvancedLoggingActive() {
String prop = getFullConfigurationProperties().getProperty("configuration.advancedlogging.active", "false");
return Boolean.valueOf(prop);
}
@Transactional
public List getPublicURLPrefix() throws ConfigurationException{
try {
String publicURLPrefixList = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX);
List returnValues = new ArrayList();
if (publicURLPrefixList != null) {
publicURLPrefixList = KeyValueUtils.normalizeCSVValueString(publicURLPrefixList);
List publicURLPrefixArray = Arrays.asList(publicURLPrefixList.split(","));
Logger.trace("Found " + publicURLPrefixArray.size() + " PublicURLPrefix in configuration.");
for (String el : publicURLPrefixArray) {
try {
new URL(el);
if (el.endsWith("/"))
returnValues.add(el.substring(0, el.length()-1));
else
returnValues.add(el);
} catch (MalformedURLException e) {
Logger.warn("IDP PublicURLPrefix URL " + el + " is not a valid URL", e);
}
}
}
if (returnValues.size() > 0)
return returnValues;
else {
Logger.warn("MOA-ID PublicURLPrefix is not found in configuration.");
throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"});
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e);
throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}, e);
}
}
/**
* @return {@code true} if PVP2AssertionEncryptionActive is set, {@code false} otherwise.
*/
public boolean isPVP2AssertionEncryptionActive() {
String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true");
return Boolean.valueOf(prop);
}
/**
* @return {@code true} if CertifiacteQCActive is set, {@code false} otherwise.
*/
public boolean isCertifiacteQCActive() {
String prop = getFullConfigurationProperties().getProperty("configuration.validation.certificate.QC.ignore", "false");
return !Boolean.valueOf(prop);
}
/**
* Returns a STORK Configuration, NOTE: may return {@code null}.
*
* @return a new STORK Configuration or {@code null}
* @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
*/
@Transactional
public IStorkConfig getStorkConfig() throws ConfigurationException {
IStorkConfig result = null;
try {
Map storkProps = configuration.getPropertySubset(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK + ".");
if (storkProps == null) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
} else {
result = new STORKConfig(getFullConfigurationProperties(), this.getRootConfigFileDir());
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e);
}
return result;
}
// /**
// * Small helper method.
// *
// * @return the {@link AuthComponentGeneral} from the database
// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
// */
// private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
//
// AuthComponentGeneral authComponentGeneral = configuration.get(MOAIDConfigurationConstants.AUTH_COMPONENT_GENERAL_KEY, AuthComponentGeneral.class);
// if (authComponentGeneral == null) {
// Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
// throw new ConfigurationException("config.02", null);
// }
// return authComponentGeneral;
// }
// /**
// * Returns the {@link VerifyAuthBlock}.
// *
// * @return the {@link VerifyAuthBlock}.
// * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral} or in case of missing {@link MOASP}.
// */
// private VerifyAuthBlock getVerifyAuthBlock() throws ConfigurationException {
//
// AuthComponentGeneral authComponentGeneral = getAuthComponentGeneral();
// MOASP moasp = authComponentGeneral.getMOASP();
// if (moasp != null) {
// VerifyAuthBlock vab = moasp.getVerifyAuthBlock();
// if (vab != null) {
// VerifyAuthBlock verifyIdl = new VerifyAuthBlock();
// verifyIdl.setTrustProfileID(vab.getTrustProfileID());
// verifyIdl.setVerifyTransformsInfoProfileID(new ArrayList(vab.getVerifyTransformsInfoProfileID()));
// return verifyIdl;
// } else {
// Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation.");
// throw new ConfigurationException("config.02", null);
// }
// } else {
// Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found");
// throw new ConfigurationException("config.02", null);
// }
// }
/**
* Small helper method. NOTE: may return empty properties, but never {@code null}.
* @param propPrefix the prefix of the desired property.
* @return the {@link Properties}
*/
private Properties getGeneralProperiesConfig(final String propPrefix) {
Properties configProp = new Properties();
for (Object key : getFullConfigurationProperties().keySet()) {
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, getFullConfigurationProperties().get(key.toString()));
}
}
return configProp;
}
/**
* Returns whether the trust-manager revocation checking is enabled or not.
*
* @return {@code true} if enable, {@code false} if disabled
*/
@Override
@Transactional
public boolean isTrustmanagerrevoationchecking() {
try {
return configuration.getBooleanValue(
MOAIDConfigurationConstants.GENERAL_AUTH_REVOCATIONCHECKING,
TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT);
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
return TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT;
}
}
@Override
@Transactional
public String getTrustedCACertificates() {
try {
String path = getRootConfigFileDir() + configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL);
if (MiscUtil.isNotEmpty(path))
return path;
else {
Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.");
return null;
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException | ConfigurationException e) {
Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.", e);
return null;
}
}
/**
* Returns the active {@link OnlineApplication} with the given ID or {@code null} if either no matching online application is found or if the {@code id}
* matches more than one entry.
*
* @param id the id of the requested online application
* @return the requested online application or {@code null}
*/
@Transactional
public Map getActiveOnlineApplication(String id) {
Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
Map oaConfig = null;
try {
//Some databases do not allow the selection of a lob in SQL where expression
if (requireJDBCBackupImplementation)
oaConfig = configuration.getOnlineApplicationBackupVersion(id);
else
oaConfig = configuration.getOnlineApplication(id);
if (oaConfig != null) {
String isActiveString = oaConfig.get(MOAIDConfigurationConstants.SERVICE_ISACTIVE);
if (isActiveString != null && Boolean.valueOf(isActiveString))
return oaConfig;
else
Logger.info("Online application with identifier " + id + " is found, but NOT active.");
} else
Logger.info("Online application with identifier " + id + " is not found.");
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.error("Error during OnlineApplication load operationen (oaId=."
+ id + ")" , e);
}
return null;
}
//Load document service url from moa properties
public String getDocumentServiceUrl() {
String prop = getFullConfigurationProperties().getProperty("stork.documentservice.url", "false");
return prop;
}
public boolean isPVPSchemaValidationActive() {
String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.schemavalidation", "true");
return Boolean.valueOf(prop);
}
/**
* Checks if is fakeIdL is activated.
*
* @return true, if fake IdLs are available for stork
*/
public boolean isStorkFakeIdLActive() {
String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.active", "false");
return Boolean.valueOf(prop);
}
/**
* Gets the countries which will receive a fake IdL
*
* @return the countries
*/
public List getStorkFakeIdLCountries() {
String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.countries", "");
return Arrays.asList(prop.replaceAll(" ", "").split(","));
}
/**
* Gets the resigning key (group) for the stork fake IdL.
*
* @return the resigning key
*/
public String getStorkFakeIdLResigningKey() {
String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.keygroup");
if (MiscUtil.isNotEmpty(prop))
return prop;
else
return null;
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getStorkNoSignatureCountries()
*/
@Override
public List getStorkNoSignatureCountries() {
String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.noSignatureCountries", "");
return Arrays.asList(prop.replaceAll(" ", "").split(","));
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isHTTPAuthAllowed()
*/
@Override
@Deprecated
public boolean isHTTPAuthAllowed() {
String prop = getFullConfigurationProperties().getProperty("configuration.localhttpallowed.active", "false");
return Boolean.valueOf(prop);
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.commons.api.AuthConfiguration#getRevocationMethodOrder()
*/
@Override
public String[] getRevocationMethodOrder() {
final String[] DEFAULTORDER = new String[] {RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL};
List result = new ArrayList();
String prop = getFullConfigurationProperties().getProperty("configuration.ssl.validation.revocation.method.order");
if (MiscUtil.isNotEmpty(prop)) {
String[] configOrder = prop.split(",");
for (String el : configOrder) {
if (RevocationSourceTypes.ALL.contains(el.trim())) {
result.add(el.trim());
}
}
}
if (result.isEmpty())
return DEFAULTORDER;
else
return result.toArray(new String[result.size()]);
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getDefaultRevisionsLogEventCodes()
*/
@Override
@Transactional
public List getDefaultRevisionsLogEventCodes() {
try {
String eventcodes = configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES);
if (MiscUtil.isNotEmpty(eventcodes)) {
String[] codes = eventcodes.split(",");
List result = new ArrayList();
for (String el : codes) {
try {
result.add(Integer.parseInt(el));
} catch (NumberFormatException e) {
Logger.warn("EventCode: " + el + " is not a valid Integer.");
}
}
if (!result.isEmpty())
return result;
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.error("Error during revisions-code load operationen." , e);
}
return null;
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getMoaSpIdentityLinkTrustProfileID(boolean)
*/
@Override
@Transactional
public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore)
throws ConfigurationException {
if (useTestTrustStore)
return getMoaSpIdentityLinkTestTrustProfileID();
else
return getMoaSpIdentityLinkTrustProfileID();
}
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled()
*/
@Override
@Transactional
public boolean isVirtualIDPsEnabled() {
try {
String value = configuration.getStringValue(
MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED);
if (MiscUtil.isNotEmpty(value)) {
return Boolean.valueOf(value);
}
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.error("Error during 'isVirutalIDPsEnabled' load operationen." , e);
}
return false;
}
private void initialize() throws ConfigurationException {
try {
initial(getFullConfigurationProperties());
String dbDriver = getFullConfigurationProperties().getProperty("configuration.hibernate.connection.driver_class");
if (MiscUtil.isNotEmpty(dbDriver)) {
for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
if (dbDriver.startsWith(el)) {
requireJDBCBackupImplementation = true;
Logger.info("JDBC driver '" + dbDriver
+ "' is blacklisted --> Switch to alternative DB access methode implementation.");
}
}
}
} catch (org.opensaml.xml.ConfigurationException e) {
Logger.error("OpenSAML initilalization FAILED. ", e);
throw new ConfigurationException("config.23", null, e);
} catch (Exception e) {
Logger.error("General error during start-up process.", e);
throw new ConfigurationException("init.02", null, e);
}
}
@Override
public String validateIDPURL(URL requestedURL) throws EAAFException{
List configuredPublicURLPrefix = getPublicURLPrefix();
if (!isVirtualIDPsEnabled()) {
Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
return configuredPublicURLPrefix.get(0);
} else {
Logger.debug("Extract AuthenticationServiceURL: " + requestedURL);
URL resultURL = null;
for (String el : configuredPublicURLPrefix) {
try {
URL configuredURL = new URL(el);
//get Ports from URL
int configPort = configuredURL.getPort();
if (configPort == -1)
configPort = configuredURL.getDefaultPort();
int authURLPort = requestedURL.getPort();
if (authURLPort == -1)
authURLPort = requestedURL.getDefaultPort();
//check AuthURL against ConfigurationURL
if (configuredURL.getHost().equals(requestedURL.getHost()) &&
configPort == authURLPort &&
( configuredURL.getPath().equals(requestedURL.getPath())
|| requestedURL.getPath().startsWith(configuredURL.getPath()) )
&& configuredURL.getProtocol().equals(requestedURL.getProtocol()) ) {
Logger.debug("Select configurated PublicURLPrefix: " + configuredURL
+ " for authURL: " + requestedURL);
resultURL = configuredURL;
}
} catch (MalformedURLException e) {
Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
}
}
if (resultURL == null) {
Logger.warn("Extract AuthenticationServiceURL: " + requestedURL + " is NOT found in configuration.");
throw new ConfigurationException("config.25", new Object[]{requestedURL});
} else {
return resultURL.toExternalForm();
}
}
}
}