diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-24 16:34:29 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-24 16:34:29 +0100 |
commit | 897fb60b521e647e15fbca4501066b11032558b6 (patch) | |
tree | ed03574c5fd5dca7208b6d1bac253e56baed583a | |
parent | 8f3e8cb7c0e3bd34d64e1d7310c2eecb9cfefa9a (diff) | |
parent | 27208e456df5723a62d83ab7dbe66f2ab0bf6b8e (diff) | |
download | moa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.tar.gz moa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.tar.bz2 moa-id-spss-897fb60b521e647e15fbca4501066b11032558b6.zip |
Merge branch 'EGIZ_project-SSO_session_transfer' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into EGIZ_project-SSO_session_transfer
Conflicts:
id/server/auth/pom.xml
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml
id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml
id/server/modules/pom.xml
3 files changed, 284 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java index 8fb4ec3cf..abc4eb4a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java @@ -29,6 +29,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; @Service("IDPCredentialProvider") public class IDPCredentialProvider extends AbstractCredentialProvider { @@ -70,7 +71,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KS_PASS).trim(); + String value = props.getProperty(IDP_KS_PASS); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -81,7 +86,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEYALIASMETADATA).trim(); + String value = props.getProperty(IDP_KEYALIASMETADATA); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -92,7 +101,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEY_PASSMETADATA).trim(); + String value = props.getProperty(IDP_KEY_PASSMETADATA); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -103,7 +116,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEYALIASASSERTION).trim(); + String value = props.getProperty(IDP_KEYALIASASSERTION); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -114,7 +131,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEY_PASSASSERTION).trim(); + String value = props.getProperty(IDP_KEY_PASSASSERTION); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -125,7 +146,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEYALIASENCRYTPION).trim(); + String value = props.getProperty(IDP_KEYALIASENCRYTPION); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) @@ -136,7 +161,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider { if (props == null) props = authConfig.getGeneralPVP2ProperiesConfig(); - return props.getProperty(IDP_KEYALIASENCRYTPION).trim(); + String value = props.getProperty(IDP_KEY_PASSENCRYTPION); + if (MiscUtil.isNotEmpty(value)) + return value.trim(); + else + return null; } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java new file mode 100644 index 000000000..0bc4a4839 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Date; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + + + +/** + * @author tlenz + * + */ +@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") +public class SSOTransferGUIServlet extends AuthServlet { + + private static final long serialVersionUID = 3974201828186450839L; + + public SSOTransferGUIServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + super.doGet(req, resp); + + //search SSO session + SSOManager ssomanager = SSOManager.getInstance(); + String ssoid = ssomanager.getSSOSessionID(req); + + VelocityContext context = new VelocityContext(); + + try { + if (ssomanager.isValidSSOSession(ssoid, null)) { + Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); + if (createQRObj != null && createQRObj instanceof Integer) { + + + + } else { + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSession authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + if(authSession != null) { + Date now = new Date(); + String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); + + String token = Random.nextRandom(); + AssertionStorage.getInstance().put(token, encodedSSOContainer); + + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE + + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation."); + + GUIUtils.printSSOTransferGUI(context, resp); + + } + } + } + + } else { + context.put("errorMsg", + "No active Single Sign-On session found! SSO Session transfer is not possible."); + GUIUtils.printSSOTransferGUI(context, resp); + } + + } catch (MOAIDException | MOADatabaseException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } + + } + + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java new file mode 100644 index 000000000..8ea15f985 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession") +public class TransferToSmartPhoneServlet extends AuthServlet { + + private static final long serialVersionUID = 4323605569040872262L; + + private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes + + public TransferToSmartPhoneServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'."); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + super.doGet(req, resp); + + Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); + if (tokenObj != null && tokenObj instanceof String) { + String token = (String)tokenObj; + try { + String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut); + if (MiscUtil.isNotEmpty(signedEncSession)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(signedEncSession); + out.flush(); + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which references an empty data object."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); + + } + + } catch (MOADatabaseException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which is UNKNOWN."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); + + + } catch (AuthenticationException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which has a timeout."); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); + + } + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); + + } + + } + +} |