Java tutorial
/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ /* * Copyright 2003 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.config.auth; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; import javax.xml.bind.JAXBContext; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.config.EgovUtilPropertiesConfiguration; /** * A class providing access to the Auth Part of the MOA-ID configuration data. * * <p>Configuration data is read from an XML file, whose location is given by * the <code>moa.id.configuration</code> system property.</p> * <p>This class implements the Singleton pattern. The <code>reload()</code> * method can be used to update the configuration data. Therefore, it is not * guaranteed that consecutive calls to <code>getInstance()</code> will return * the same <code>AuthConfigurationProvider</code> all the time. During the * processing of a web service request, the current * <code>TransactionContext</code> should be used to obtain the * <code>AuthConfigurationProvider</code> local to that request.</p> * * @author Patrick Peck * @author Stefan Knirsch * * @version $Id$ */ public class AuthConfigurationProvider extends ConfigurationProvider { // /** DEFAULT_ENCODING is "UTF-8" */ // private static final String DEFAULT_ENCODING="UTF-8"; /** * The name of the generic configuration property giving the authentication session time out. */ public static final String AUTH_SESSION_TIMEOUT_PROPERTY = "AuthenticationSession.TimeOut"; /** * The name of the generic configuration property giving the authentication data time out. */ public static final String AUTH_DATA_TIMEOUT_PROPERTY = "AuthenticationData.TimeOut"; /** * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code> */ public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE = "HTMLComplete"; /** * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code> */ public static final String BKU_SELECTION_TYPE_HTMLSELECT = "HTMLSelect"; /** * The name of the generic configuration property allowing https connection to * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets) */ public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY = "FrontendServlets.EnableHTTPConnection"; /** * The name of the generic configuration property allowing to set a individual * DATA URL used to communicate with the BKU (SecurityLayer) */ public static final String INDIVIDUAL_DATA_URL_PREFIX = "FrontendServlets.DataURLPrefix"; /** Singleton instance. <code>null</code>, if none has been created. */ private static AuthConfigurationProvider instance; // // configuration data // private static MOAIDConfiguration moaidconfig = null; private static Properties props = null; private static STORKConfig storkconfig = null; private static TimeOuts timeouts = null; private static PVP2 pvp2general = null; private static String alternativesourceid = null; private static List<String> legacyallowedprotocols = new ArrayList<String>(); private static ProtocolAllowed allowedProtcols = null; private static VerifyAuthBlock verifyidl = null; private static ConnectionParameter MoaSpConnectionParameter = null; private static ConnectionParameter ForeignIDConnectionParameter = null; private static ConnectionParameter OnlineMandatesConnectionParameter = null; private static String MoaSpIdentityLinkTrustProfileID = null; private static List<String> TransformsInfos = null; private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>(); private static SSO ssoconfig = null; private EgovUtilPropertiesConfiguration eGovUtilsConfig = null; private static Date date = null; private String publicURLPreFix = null; /** * Return the single instance of configuration data. * * @return AuthConfigurationProvider The current configuration data. * @throws ConfigurationException */ public static synchronized AuthConfigurationProvider getInstance() throws ConfigurationException { if (instance == null) { reload(); } return instance; } public static Date getTimeStamp() { return date; } /** * Reload the configuration data and set it if successful. * * @return AuthConfigurationProvider The loaded configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized AuthConfigurationProvider reload() throws ConfigurationException { String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME); if (fileName == null) { throw new ConfigurationException("config.01", null); } Logger.info("Loading MOA-ID-AUTH configuration " + fileName); instance = new AuthConfigurationProvider(fileName); return instance; } /** * Constructor for AuthConfigurationProvider. * @param fileName * @throws ConfigurationException */ public AuthConfigurationProvider(String fileName) throws ConfigurationException { load(fileName); } /** * Load the configuration data from XML file with the given name and build * the internal data structures representing the MOA ID configuration. * * @param fileName The name of the XML file to load. * @throws ConfigurationException The MOA configuration could not be * read/built. */ private void load(String fileName) throws ConfigurationException { try { //Initial Hibernate Framework Logger.trace("Initializing Hibernate framework."); //Load MOAID-2.0 properties file File propertiesFile = new File(fileName); FileInputStream fis = null; props = new Properties(); // determine the directory of the root config file rootConfigFileDir = new File(fileName).getParent(); try { rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } try { fis = new FileInputStream(propertiesFile); props.load(fis); // read MOAID Session Hibernate properties Properties moaSessionProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "moasession."; if (key.toString().startsWith(propPrefix + "hibernate")) { String propertyName = key.toString().substring(propPrefix.length()); moaSessionProp.put(propertyName, props.get(key.toString())); } } // read Config Hibernate properties Properties configProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "configuration."; if (key.toString().startsWith(propPrefix + "hibernate")) { String propertyName = key.toString().substring(propPrefix.length()); configProp.put(propertyName, props.get(key.toString())); } } // read advanced logging properties Properties statisticProps = new Properties(); for (Object key : props.keySet()) { String propPrefix = "advancedlogging."; if (key.toString().startsWith(propPrefix + "hibernate")) { String propertyName = key.toString().substring(propPrefix.length()); statisticProps.put(propertyName, props.get(key.toString())); } } // initialize hibernate synchronized (AuthConfigurationProvider.class) { //Initial config Database ConfigurationDBUtils.initHibernate(configProp); //initial MOAID Session Database Configuration config = new Configuration(); config.addAnnotatedClass(AssertionStore.class); config.addAnnotatedClass(AuthenticatedSessionStore.class); config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); config.addAnnotatedClass(ExceptionStore.class); config.addAnnotatedClass(InterfederationSessionStore.class); config.addAnnotatedClass(ProcessInstanceStore.class); config.addProperties(moaSessionProp); MOASessionDBUtils.initHibernate(config, moaSessionProp); //initial advanced logging if (isAdvancedLoggingActive()) { Logger.info("Advanced statistic log is activated, starting initialization process ..."); Configuration statisticconfig = new Configuration(); statisticconfig.addAnnotatedClass(StatisticLog.class); statisticconfig.addProperties(statisticProps); StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps); Logger.info("Advanced statistic log is initialized."); } } Logger.trace("Hibernate initialization finished."); } catch (FileNotFoundException e) { throw new ConfigurationException("config.03", null, e); } catch (IOException e) { throw new ConfigurationException("config.03", null, e); } catch (ExceptionInInitializerError e) { throw new ConfigurationException("config.17", null, e); } finally { if (fis != null) fis.close(); } //Initialize OpenSAML for STORK Logger.info("Starting initialization of OpenSAML..."); MOADefaultBootstrap.bootstrap(); //DefaultBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); String legacyconfig = props.getProperty("configuration.xml.legacy"); String xmlconfig = props.getProperty("configuration.xml"); // String xmlconfigout = props.getProperty("configuration.xml.out"); //configure eGovUtils client implementations //read eGovUtils client configuration Properties eGovUtilsConfigProp = new Properties(); for (Object key : props.keySet()) { String propPrefix = "service."; if (key.toString().startsWith(propPrefix + "egovutil")) { String propertyName = key.toString().substring(propPrefix.length()); eGovUtilsConfigProp.put(propertyName, props.get(key.toString())); } } if (!eGovUtilsConfigProp.isEmpty()) { Logger.info("Start eGovUtils client implementation configuration ..."); eGovUtilsConfig = new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir); } //check if XML config should be used if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { Logger.warn( "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); if (moaidconfig != null) ConfigurationDBUtils.delete(moaidconfig); List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); if (oas != null && oas.size() > 0) { for (OnlineApplication oa : oas) ConfigurationDBUtils.delete(oa); } } //load legacy config if it is configured if (MiscUtil.isNotEmpty(legacyconfig)) { Logger.warn( "WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); List<OnlineApplication> oas = moaconfig.getOnlineApplication(); for (OnlineApplication oa : oas) ConfigurationDBUtils.save(oa); moaconfig.setOnlineApplication(null); ConfigurationDBUtils.save(moaconfig); Logger.info("Legacy Configuration load is completed."); } //load MOA-ID 2.x config from XML if (MiscUtil.isNotEmpty(xmlconfig)) { Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); try { JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); Unmarshaller m = jc.createUnmarshaller(); File file = new File(xmlconfig); MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); //ConfigurationDBUtils.save(moaconfig); List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); for (OnlineApplication importoa : importoas) { ConfigurationDBUtils.saveOrUpdate(importoa); } moaconfig.setOnlineApplication(null); ConfigurationDBUtils.saveOrUpdate(moaconfig); } catch (Exception e) { Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); throw new ConfigurationException("config.02", null); } Logger.info("XML Configuration load is completed."); } reloadDataBaseConfig(); } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } public synchronized void reloadDataBaseConfig() throws ConfigurationException { Logger.info("Read MOA-ID 2.0 configuration from database."); moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Logger.info("MOA-ID 2.0 is loaded."); if (moaidconfig == null) { Logger.warn("NO MOA-ID configuration found."); throw new ConfigurationException("config.18", null); } //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); ForeignIdentities foreign = auth.getForeignIdentities(); if (foreign == null) { Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); } else storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); //load Chaining modes ChainingModes cm = moaidconfig.getChainingModes(); if (cm != null) { defaultChainingMode = cm.getSystemDefaultMode().value(); List<TrustAnchor> tas = cm.getTrustAnchor(); chainingModes = new HashMap<IssuerAndSerial, String>(); for (TrustAnchor ta : tas) { IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); chainingModes.put(is, ta.getMode().value()); } } else { Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); throw new ConfigurationException("config.02", null); } //set Trusted CA certs directory trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); //set CertStoreDirectory setCertStoreDirectory(); //set TrustManagerRevocationChecking setTrustManagerRevocationChecking(); //set default timeouts timeouts = new TimeOuts(); timeouts.setAssertion(new BigInteger("300")); timeouts.setMOASessionCreated(new BigInteger("2700")); timeouts.setMOASessionUpdated(new BigInteger("1200")); //search timeouts in config if (auth.getGeneralConfiguration() != null) { if (auth.getGeneralConfiguration().getTimeOuts() != null) { if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null) timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null) timeouts.setMOASessionCreated( auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null) timeouts.setMOASessionUpdated( auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); } else { Logger.info("No TimeOuts defined. Use default values"); } } // sets the authentication session and authentication data time outs AuthenticationServer.getInstance() .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue()); AuthenticationServer.getInstance() .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue()); AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue()); //set PVP2 general config Protocols protocols = auth.getProtocols(); if (protocols != null) { allowedProtcols = new ProtocolAllowed(); if (protocols.getSAML1() != null) { allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); //load alternative sourceID if (MiscUtil.isNotEmpty(protocols.getSAML1().getSourceID())) alternativesourceid = protocols.getSAML1().getSourceID(); } if (protocols.getOAuth() != null) { allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); } if (protocols.getPVP2() != null) { PVP2 el = protocols.getPVP2(); allowedProtcols.setPVP21Active(el.isIsActive()); pvp2general = new PVP2(); pvp2general.setIssuerName(el.getIssuerName()); pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); if (el.getOrganization() != null) { Organization org = new Organization(); pvp2general.setOrganization(org); org.setDisplayName(el.getOrganization().getDisplayName()); org.setName(el.getOrganization().getName()); org.setURL(el.getOrganization().getURL()); } if (el.getContact() != null) { List<Contact> cont = new ArrayList<Contact>(); pvp2general.setContact(cont); for (Contact e : el.getContact()) { Contact c = new Contact(); c.setCompany(e.getCompany()); c.setGivenName(e.getGivenName()); c.getMail().addAll(e.getMail()); c.getPhone().addAll(e.getPhone()); c.setSurName(e.getSurName()); c.setType(e.getType()); cont.add(c); } } } } else { Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); } //set alternativeSourceID if (auth.getGeneralConfiguration() != null) { //TODO: can be removed in a further version, because it is moved to SAML1 config if (MiscUtil.isEmpty(alternativesourceid)) alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix())) publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix(); else { Logger.error("No Public URL Prefix configured."); throw new ConfigurationException("config.05", new Object[] { "Public URL Prefix" }); } } else { Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); throw new ConfigurationException("config.02", null); } //set LegacyAllowedProtocols try { if (auth.getProtocols() != null) { Protocols procols = auth.getProtocols(); if (procols.getLegacyAllowed() != null) { LegacyAllowed legacy = procols.getLegacyAllowed(); legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); } } } catch (Exception e) { Logger.info("No protocols found with legacy allowed flag!"); } //set VerifyAuthBlockConfig MOASP moasp = getMOASPConfig(auth); VerifyAuthBlock el = moasp.getVerifyAuthBlock(); if (el != null) { verifyidl = new VerifyAuthBlock(); verifyidl.setTrustProfileID(el.getTrustProfileID()); verifyidl .setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); } else { Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); throw new ConfigurationException("config.02", null); } //set MOASP connection parameters if (moasp.getConnectionParameter() != null) MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); else MoaSpConnectionParameter = null; //set ForeignIDConnectionParameters if (foreign != null) { ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); } else { Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); } //set OnlineMandateConnectionParameters OnlineMandates ovs = auth.getOnlineMandates(); if (ovs != null) { OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); } else { Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); } //set MOASP IdentityLink Trust-ProfileID VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); if (verifyidl != null) MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); else { Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); throw new ConfigurationException("config.02", null); } //set SL transformation infos SecurityLayer seclayer = auth.getSecurityLayer(); if (seclayer == null) { Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); throw new ConfigurationException("config.02", null); } else { TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); if (TransformsInfos == null || TransformsInfos.size() == 0) { Logger.error("No Security-Layer Transformation found."); throw new ConfigurationException("config.05", new Object[] { "Security-Layer Transformation" }); } } //set IdentityLinkSignerSubjectNames IdentityLinkX509SubjectNames = new ArrayList<String>(); IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); if (idlsigners != null) { Logger.debug("Load own IdentityLinkX509SubjectNames"); IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName())); } // now add the default identity link signers String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID; for (int i = 0; i < identityLinkSignersWithoutOID.length; i++) { String identityLinkSigner = identityLinkSignersWithoutOID[i]; if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) { IdentityLinkX509SubjectNames.add(identityLinkSigner); } } //set SLRequestTemplates SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); if (templ == null) { Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); throw new ConfigurationException("config.02", null); } else { SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); } //set Default BKU URLS DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); if (bkuuls != null) { DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); } //set SSO Config if (auth.getSSO() != null) { ssoconfig = new SSO(); ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); ssoconfig.setTarget(auth.getSSO().getTarget()); if (auth.getSSO().getIdentificationNumber() != null) { IdentificationNumber value = new IdentificationNumber(); value.setType(auth.getSSO().getIdentificationNumber().getType()); value.setValue(auth.getSSO().getIdentificationNumber().getValue()); ssoconfig.setIdentificationNumber(value); } } else { Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); } //close Database ConfigurationDBUtils.closeSession(); date = new Date(); } private Properties getGeneralProperiesConfig(final String propPrefix) { Properties configProp = new Properties(); for (Object key : props.keySet()) { if (key.toString().startsWith(propPrefix)) { String propertyName = key.toString().substring(propPrefix.length()); configProp.put(propertyName, props.get(key.toString())); } } return configProp; } public Properties getGeneralPVP2ProperiesConfig() { return this.getGeneralProperiesConfig("protocols.pvp2."); } public Properties getGeneralOAuth20ProperiesConfig() { return this.getGeneralProperiesConfig("protocols.oauth20."); } public ProtocolAllowed getAllowedProtocols() { return allowedProtcols; } public PVP2 getGeneralPVP2DBConfig() { return pvp2general; } public TimeOuts getTimeOuts() throws ConfigurationException { return timeouts; } public String getAlternativeSourceID() throws ConfigurationException { return alternativesourceid; } public List<String> getLegacyAllowedProtocols() { return legacyallowedprotocols; } /** * Provides configuration information regarding the online application behind * the given URL, relevant to the MOA-ID Auth component. * * @param oaURL URL requested for an online application * @return an <code>OAAuthParameter</code>, or <code>null</code> * if none is applicable */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); if (oa == null) { Logger.warn("Online application with identifier " + oaURL + " is not found."); return null; } return new OAAuthParameter(oa); } /** * Return a string with a url-reference to the VerifyAuthBlock trust * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID * @throws ConfigurationException */ public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { return verifyidl.getTrustProfileID(); } /** * Return a string array with references to all verify transform info * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs * @throws ConfigurationException */ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { return verifyidl.getVerifyTransformsInfoProfileID(); } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element * @throws ConfigurationException */ public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { return MoaSpConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component foreigid element * @return ConnectionParameter of the authentication component foreignid element * @throws ConfigurationException */ public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { return ForeignIDConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component OnlineMandates element * @return ConnectionParameter of the authentication component OnlineMandates element * @throws ConfigurationException */ public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { return OnlineMandatesConnectionParameter; } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID * @throws ConfigurationException */ public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { return MoaSpIdentityLinkTrustProfileID; } /** * Returns the transformsInfos. * @return String[] * @throws ConfigurationException */ public List<String> getTransformsInfos() throws ConfigurationException { return TransformsInfos; } /** * Returns the identityLinkX509SubjectNames. * @return List * @throws ConfigurationException */ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { return IdentityLinkX509SubjectNames; } public List<String> getSLRequestTemplates() throws ConfigurationException { return new ArrayList<String>(SLRequestTemplates.values()); } public String getSLRequestTemplates(String type) throws ConfigurationException { String el = SLRequestTemplates.get(type); if (MiscUtil.isNotEmpty(el)) return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } public List<String> getDefaultBKUURLs() throws ConfigurationException { return new ArrayList<String>(DefaultBKUURLs.values()); } public String getDefaultBKUURL(String type) throws ConfigurationException { String el = DefaultBKUURLs.get(type); if (MiscUtil.isNotEmpty(el)) return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } // public boolean isSSOBusinessService() throws ConfigurationException { // // if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) // return true; // else // return false; // } public String getSSOTagetIdentifier() throws ConfigurationException { if (ssoconfig != null) return ssoconfig.getTarget(); else return null; } // public String getSSOTarget() throws ConfigurationException { // if (ssoconfig!= null) // return ssoconfig.getTarget(); // // return null; // } public String getSSOFriendlyName() { if (ssoconfig != null) { if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) return ssoconfig.getFriendlyName(); } return "Default MOA-ID friendly name for SSO"; } public String getSSOSpecialText() { if (ssoconfig != null) { String text = ssoconfig.getSpecialText(); if (MiscUtil.isEmpty(text)) text = new String(); return text; } return new String(); } public String getMOASessionEncryptionKey() { String prop = props.getProperty("configuration.moasession.key"); if (MiscUtil.isEmpty(prop)) return null; else return prop; } /** * @return */ public String getMOAConfigurationEncryptionKey() { String prop = props.getProperty("configuration.moaconfig.key"); if (MiscUtil.isEmpty(prop)) return null; else return prop; } public boolean isIdentityLinkResigning() { String prop = props.getProperty("configuration.resignidentitylink.active", "false"); return Boolean.valueOf(prop); } public String getIdentityLinkResigningKey() { String prop = props.getProperty("configuration.resignidentitylink.keygroup"); if (MiscUtil.isNotEmpty(prop)) return prop; else return null; } /** * Checks if is fakeIdL is activated. * * @return true, if fake IdLs are available for stork */ public boolean isStorkFakeIdLActive() { String prop = props.getProperty("stork.fakeIdL.active", "false"); return Boolean.valueOf(prop); } /** * Gets the countries which will receive a fake IdL * * @return the countries */ public List<String> getStorkFakeIdLCountries() { String prop = props.getProperty("stork.fakeIdL.countries", ""); return Arrays.asList(prop.replaceAll(" ", "").split(",")); } /** * Gets the resigning key (group) for the stork fake IdL. * * @return the resigning key */ public String getStorkFakeIdLResigningKey() { String prop = props.getProperty("stork.fakeIdL.keygroup"); if (MiscUtil.isNotEmpty(prop)) return prop; else return null; } public boolean isMonitoringActive() { String prop = props.getProperty("configuration.monitoring.active", "false"); return Boolean.valueOf(prop); } public String getMonitoringTestIdentityLinkURL() { String prop = props.getProperty("configuration.monitoring.test.identitylink.url"); if (MiscUtil.isNotEmpty(prop)) return prop; else return null; } public String getMonitoringMessageSuccess() { String prop = props.getProperty("configuration.monitoring.message.success"); if (MiscUtil.isNotEmpty(prop)) return prop; else return null; } public boolean isAdvancedLoggingActive() { String prop = props.getProperty("configuration.advancedlogging.active", "false"); return Boolean.valueOf(prop); } public String getPublicURLPrefix() { return publicURLPreFix; } public boolean isPVP2AssertionEncryptionActive() { String prop = props.getProperty("protocols.pvp2.assertion.encryption.active", "true"); return Boolean.valueOf(prop); } public boolean isCertifiacteQCActive() { String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); return !Boolean.valueOf(prop); } //Load document service url from moa properties public String getDocumentServiceUrl() { String prop = props.getProperty("stork.documentservice.url", "false"); return prop; } public boolean isPVPSchemaValidationActive() { String prop = props.getProperty("protocols.pvp2.schemavalidation", "true"); return Boolean.valueOf(prop); } /** * Returns the STORK Configuration * @return STORK Configuration * @throws ConfigurationException */ public STORKConfig getStorkConfig() throws ConfigurationException { return storkconfig; } /** * @return the eGovUtilsConfig */ public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { return eGovUtilsConfig; } private void setCertStoreDirectory() throws ConfigurationException { AuthComponentGeneral auth = getAuthComponentGeneral(); if (auth.getGeneralConfiguration() != null) certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); else { Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); throw new ConfigurationException("config.02", null); } } private void setTrustManagerRevocationChecking() throws ConfigurationException { AuthComponentGeneral auth = getAuthComponentGeneral(); if (auth.getGeneralConfiguration() != null && auth.getGeneralConfiguration().isTrustManagerRevocationChecking() != null) trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); else { Logger.warn("No TrustMangerRevoationChecking defined. Use default value = TRUE"); throw new ConfigurationException("config.02", null); } } private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); if (authgeneral == null) { Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); throw new ConfigurationException("config.02", null); } return authgeneral; } private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { MOASP moasp = authgeneral.getMOASP(); if (moasp == null) { Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); throw new ConfigurationException("config.02", null); } return moasp; } }