aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 16:34:29 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 16:34:29 +0100
commit897fb60b521e647e15fbca4501066b11032558b6 (patch)
treeed03574c5fd5dca7208b6d1bac253e56baed583a
parent8f3e8cb7c0e3bd34d64e1d7310c2eecb9cfefa9a (diff)
parent27208e456df5723a62d83ab7dbe66f2ab0bf6b8e (diff)
downloadmoa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.tar.gz
moa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.tar.bz2
moa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.zip
Merge branch 'EGIZ_project-SSO_session_transfer' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into EGIZ_project-SSO_session_transfer
Conflicts: id/server/auth/pom.xml id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml id/server/modules/pom.xml
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java43
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java148
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java100
3 files changed, 284 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 8fb4ec3cf..abc4eb4a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -29,6 +29,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
@Service("IDPCredentialProvider")
public class IDPCredentialProvider extends AbstractCredentialProvider {
@@ -70,7 +71,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KS_PASS).trim();
+ String value = props.getProperty(IDP_KS_PASS);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -81,7 +86,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEYALIASMETADATA).trim();
+ String value = props.getProperty(IDP_KEYALIASMETADATA);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -92,7 +101,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEY_PASSMETADATA).trim();
+ String value = props.getProperty(IDP_KEY_PASSMETADATA);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -103,7 +116,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEYALIASASSERTION).trim();
+ String value = props.getProperty(IDP_KEYALIASASSERTION);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -114,7 +131,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEY_PASSASSERTION).trim();
+ String value = props.getProperty(IDP_KEY_PASSASSERTION);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -125,7 +146,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEYALIASENCRYTPION).trim();
+ String value = props.getProperty(IDP_KEYALIASENCRYTPION);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
@@ -136,7 +161,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
if (props == null)
props = authConfig.getGeneralPVP2ProperiesConfig();
- return props.getProperty(IDP_KEYALIASENCRYTPION).trim();
+ String value = props.getProperty(IDP_KEY_PASSENCRYTPION);
+ if (MiscUtil.isNotEmpty(value))
+ return value.trim();
+ else
+ return null;
}
/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
new file mode 100644
index 000000000..0bc4a4839
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Date;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import net.glxn.qrgen.QRCode;
+import net.glxn.qrgen.image.ImageType;
+
+
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession")
+public class SSOTransferGUIServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 3974201828186450839L;
+
+ public SSOTransferGUIServlet() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'.");
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ super.doGet(req, resp);
+
+ //search SSO session
+ SSOManager ssomanager = SSOManager.getInstance();
+ String ssoid = ssomanager.getSSOSessionID(req);
+
+ VelocityContext context = new VelocityContext();
+
+ try {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
+ Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
+ if (createQRObj != null && createQRObj instanceof Integer) {
+
+
+
+ } else {
+ //create first step of SSO Transfer GUI
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+ contains(authURL)) {
+ Logger.warn("Requested URL is not allowed.");;
+ resp.sendError(500, "Requested URL is not allowed.");
+
+ }
+
+ String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+ if (MiscUtil.isNotEmpty(moaSessionID)) {
+ AuthenticationSession authSession = AuthenticationSessionStoreage
+ .getSession(moaSessionID);
+ if(authSession != null) {
+ Date now = new Date();
+ String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now);
+
+ String token = Random.nextRandom();
+ AssertionStorage.getInstance().put(token, encodedSSOContainer);
+
+ String containerURL = authURL
+ + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
+ + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
+
+ JsonObject qrResult = new JsonObject();
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE,
+ SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
+ qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+
+ ByteArrayOutputStream qrStream =
+ QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();
+ String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
+ context.put("QRImage", base64EncodedImage);
+
+ context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+
+ GUIUtils.printSSOTransferGUI(context, resp);
+
+ }
+ }
+ }
+
+ } else {
+ context.put("errorMsg",
+ "No active Single Sign-On session found! SSO Session transfer is not possible.");
+ GUIUtils.printSSOTransferGUI(context, resp);
+ }
+
+ } catch (MOAIDException | MOADatabaseException e) {
+ e.printStackTrace();
+ resp.sendError(500, e.getMessage());
+
+ }
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
new file mode 100644
index 000000000..8ea15f985
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession")
+public class TransferToSmartPhoneServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 4323605569040872262L;
+
+ private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes
+
+ public TransferToSmartPhoneServlet() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'.");
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ super.doGet(req, resp);
+
+ Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
+ if (tokenObj != null && tokenObj instanceof String) {
+ String token = (String)tokenObj;
+ try {
+ String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut);
+ if (MiscUtil.isNotEmpty(signedEncSession)) {
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(signedEncSession);
+ out.flush();
+
+ } else {
+ Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+ token + ", which references an empty data object.");
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object.");
+
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+ token + ", which is UNKNOWN.");
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:");
+
+
+ } catch (AuthenticationException e) {
+ Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+ token + ", which has a timeout.");
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more.");
+
+ }
+
+ } else {
+ Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid.");
+
+ }
+
+ }
+
+}