aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-06-13 13:19:38 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-06-13 13:19:38 +0200
commitbba86def6a69726671838ebdacb918d3ede5de16 (patch)
tree719f555d6a32a1e4a99c5603c134fb77119b733e
parentf9e919720beb463aad4483f1779be12d990f6951 (diff)
downloadmoa-id-spss-bba86def6a69726671838ebdacb918d3ede5de16.tar.gz
moa-id-spss-bba86def6a69726671838ebdacb918d3ede5de16.tar.bz2
moa-id-spss-bba86def6a69726671838ebdacb918d3ede5de16.zip
+ cleanup MOAIDSession class
+ update authentication process to use new MOAIDSession class + move MOAIDSession to Hibernate Database + activate Mandates for SAML1 !!Stork authentication not tested!!
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java270
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java465
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java41
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java142
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java242
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java36
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java19
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java13
-rw-r--r--id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml1
20 files changed, 970 insertions, 513 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 9ffd72cda..911920e83 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.auth;
import iaik.pki.PKIException;
+import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
@@ -32,7 +33,7 @@ import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+//import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
@@ -103,6 +104,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -113,8 +115,8 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -152,7 +154,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/** single instance */
private static AuthenticationServer instance;
/** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
+ //private static Map sessionStore = new HashMap();
/**
* time out in milliseconds used by {@link cleanup} for session store
@@ -269,6 +271,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
session.setBusinessService(oaParam.getBusinessService());
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("", null);
+ }
+
String returnURL = new DataURLBuilder().buildDataURL(authURL,
REQ_START_AUTHENTICATION, session.getSessionID());
String bkuSelectionType = AuthConfigurationProvider.getInstance()
@@ -498,6 +508,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
pushInfobox = verifyInfoboxParameters.getPushInfobox();
session.setPushInfobox(pushInfobox);
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("", null);
+ }
+
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
.build(oaParam.getSlVersion12());
String certInfoDataURL = new DataURLBuilder()
@@ -641,8 +659,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
.getProvideStammzahl());
- return getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
authConf, oaParam);
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("", null);
+ }
+
+ return returnvalue;
}
/**
@@ -673,7 +700,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public String verifyCertificate(String sessionID,
X509Certificate certificate) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
+ ValidateException, ServiceException, MOAIDException{
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] {
@@ -693,8 +720,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session,
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session,
authConf, oaParam, isOW);
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
+
+
+ return returnvalue;
}
/**
@@ -716,11 +752,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(String sessionID, MISMandate mandate)
+ public void verifyMandate(AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
GET_MIS_SESSIONID, PARAM_SESSIONID });
@@ -731,7 +767,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
new Object[] { GET_MIS_SESSIONID });
}
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -758,6 +794,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// set extended SAML attributes if provideMandatorData is true
setExtendedSAMLAttributeForMandates(session, mandate, oaParam
.getBusinessService(), oaParam.getProvideStammzahl());
+
+ //AuthenticationSessionStoreage.storeSession(session);
+
} catch (SAXException e) {
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID }, e);
@@ -985,7 +1024,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+ //AuthenticationSession session = getSession(sessionID);
/*
* if (session.getTimestampIdentityLink() != null) throw new
* AuthenticationException("auth.01", new Object[] { sessionID });
@@ -1099,6 +1138,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session);
+
+
return authBlock;
}
@@ -1806,18 +1847,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlock(String sessionID,
+ public String verifyAuthenticationBlock(AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
- AuthenticationSession session = getSession(sessionID);
+
+ //AuthenticationSession session = getSession(sessionID);
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -1930,24 +1973,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthenticationData authData = buildAuthenticationData(session, vsresp,
useUTC, false);
+ //set Authblock
+ session.setAuthData(authData);
+
+ //set signer certificate
+ session.setSignerCertificate(vsresp.getX509certificate());
+
if (session.getUseMandate()) {
// mandate mode
+
// session.setAssertionAuthBlock(assertionAuthBlock)
-
- // set signer certificate
- session.setSignerCertificate(vsresp.getX509certificate());
-
return null;
} else {
- session.setAuthData(authData);
+
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
- session.setXMLVerifySignatureResponse(vsresp);
+ //TODO: check if this element is needed!!!
+ //session.setXMLVerifySignatureResponse(vsresp);
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicte stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
- Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
return newMOASessionID;
@@ -2015,15 +2066,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
*/
- public String verifyAuthenticationBlockMandate(String sessionID,
+ public String verifyAuthenticationBlockMandate(AuthenticationSession session,
Element mandate) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
- if (isEmpty(sessionID))
+ if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- AuthenticationSession session = getSession(sessionID);
+
+ //AuthenticationSession session = getSession(sessionID);
// AuthConfigurationProvider authConf =
// AuthConfigurationProvider.getInstance();
@@ -2089,7 +2141,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds authentication data and stores it together with a SAML
// artifact
- AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session,
+
+ // TODO: Check, if this element is in use!!!!
+ //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session,
// vsresp,
// replacementIdentityLink);
@@ -2143,13 +2197,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
new Object[] { GET_MIS_SESSIONID });
}
- session.setAuthData(authData);
+ //TODO: Check, if this element is in use!!!
+ //session.setAuthData(authData);
+
session.setMandateData(mandateData);
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
- String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
- Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicite stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
return newMOASessionID;
@@ -2305,20 +2365,27 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
boolean useUTC = oaParam.getUseUTC();
- boolean useCondition = oaParam.getUseCondition();
- int conditionLength = oaParam.getConditionLength();
+
+// boolean useCondition = oaParam.getUseCondition();
+// int conditionLength = oaParam.getConditionLength();
+
AuthenticationData authData = buildAuthenticationData(session, vsresp,
useUTC, true);
session.setAuthData(authData);
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
- session.setXMLVerifySignatureResponse(vsresp);
- String newMOASessionID = AuthenticationSessionStore.changeSessionID(session);
+ //TODO: check, if it element is in use!!!!
+ //session.setXMLVerifySignatureResponse(vsresp);
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
return newMOASessionID;
+
//TODO: regenerate MOASession ID!
/*
String samlAssertion = new AuthenticationDataAssertionBuilder().build(
@@ -2379,8 +2446,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
IdentityLink identityLink = session.getIdentityLink();
AuthenticationData authData = new AuthenticationData();
+
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
boolean businessService = oaParam.getBusinessService();
authData.setMajorVersion(1);
authData.setMinorVersion(0);
@@ -2399,28 +2468,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
authData.setUseUTC(oaParam.getUseUTC());
+
boolean provideStammzahl = oaParam.getProvideStammzahl();
if (provideStammzahl) {
authData.setIdentificationValue(identityLink
.getIdentificationValue());
}
- String prPerson = new PersonDataBuilder().build(identityLink,
- provideStammzahl);
+
+// String prPerson = new PersonDataBuilder().build(identityLink,
+// provideStammzahl);
try {
- String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
- X509Certificate signerCertificate = verifyXMLSigResp
- .getX509certificate();
- if (signerCertificate != null) {
- signerCertificateBase64 = Base64Utils
- .encode(signerCertificate.getEncoded());
- } else {
- Logger
- .info("\"provideCertificate\" is \"true\", but no signer certificate available");
- }
- }
- authData.setSignerCertificate(signerCertificateBase64);
+// String signerCertificateBase64 = "";
+// if (oaParam.getProvideCertifcate()) {
+// X509Certificate signerCertificate = verifyXMLSigResp
+// .getX509certificate();
+// if (signerCertificate != null) {
+// signerCertificateBase64 = Base64Utils
+// .encode(signerCertificate.getEncoded());
+// } else {
+// Logger
+// .info("\"provideCertificate\" is \"true\", but no signer certificate available");
+// }
+// }
+// authData.setSignerCertificate(signerCertificateBase64);
+
if(!isForeigner) {
//we have Austrian citizen
if (businessService) {
@@ -2460,22 +2532,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
- .getSerializedSamlAssertion()
- : "";
- if (!oaParam.getProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
- .getIdentificationValue(), "");
- }
- String authBlock = oaParam.getProvideAuthBlock() ? session
- .getAuthBlock() : "";
+// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
+// .getSerializedSamlAssertion()
+// : "";
+// if (!oaParam.getProvideStammzahl()) {
+// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
+// .getIdentificationValue(), "");
+// }
+// String authBlock = oaParam.getProvideAuthBlock() ? session
+// .getAuthBlock() : "";
- session.setAssertionAuthBlock(authBlock);
- session.setAssertionAuthData(authData);
- session.setAssertionBusinessService(businessService);
- session.setAssertionIlAssertion(ilAssertion);
- session.setAssertionPrPerson(prPerson);
- session.setAssertionSignerCertificateBase64(signerCertificateBase64);
+
+ //TODO: check, if this elements are in use!!!!
+// session.setAssertionAuthBlock(authBlock);
+// session.setAssertionAuthData(authData);
+// session.setAssertionBusinessService(businessService);
+// session.setAssertionIlAssertion(ilAssertion);
+// session.setAssertionPrPerson(prPerson);
+// session.setAssertionSignerCertificateBase64(signerCertificateBase64);
return authData;
@@ -2498,20 +2572,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
private static AuthenticationSession newSession()
throws AuthenticationException {
- return AuthenticationSessionStore.createSession();
-
- /*
- String sessionID = Random.nextRandom();
- AuthenticationSession newSession = new AuthenticationSession(sessionID);
- synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01",
- new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
+ try {
+ return AuthenticationSessionStoreage.createSession();
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("", null);
}
- return newSession;*/
}
/**
@@ -2525,12 +2591,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public static AuthenticationSession getSession(String id)
throws AuthenticationException {
- AuthenticationSession session = AuthenticationSessionStore.getSession(id);
+ AuthenticationSession session;
+ try {
+ session = AuthenticationSessionStoreage.getSession(id);
+
/*(AuthenticationSession) sessionStore
.get(id);*/
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
- return session;
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[] { id });
+ return session;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("parser.04", new Object[] { id });
+ }
}
/**
@@ -2538,20 +2611,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
public void cleanup() {
long now = new Date().getTime();
- synchronized (sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore
- .get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.02", new Object[] { sessionID }));
- sessionStore.remove(sessionID);
- }
- }
- }
+ //clean AuthenticationSessionStore
+ //TODO: acutally the StartAuthentificaten timestamp is used!!!!!
+ //TODO: maybe change this to lastupdate timestamp.
+ AuthenticationSessionStoreage.clean(now, sessionTimeOut);
+
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
assertionstore.clean(now, authDataTimeOut);
@@ -2921,12 +2986,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
- CertificateFactory cf;
- X509Certificate cert = null;
- cf = CertificateFactory.getInstance("X.509");
- cert = (X509Certificate)cf.generateCertificate(is);
-
- return cert;
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(is);
+ return cert;
+
+ } catch (Throwable e) {
+ throw new CertificateException(e);
+ }
+
+// CertificateFactory cf;
+// X509Certificate cert = null;
+// cf = CertificateFactory.getInstance("X.509");
+// CertificateFactory
+// cert = (X509Certificate)cf.generateCertificate(is);
+// return cert;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 0742261a7..7137ce414 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- String sourceID,
List extendedSAMLAttributes,
boolean useCondition,
int conditionLength)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3e909ecd4..e023acafa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
+import java.io.Serializable;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
@@ -45,8 +48,13 @@ import eu.stork.mw.messages.saml.STORKAuthnRequest;
* @author Paul Ivancsics
* @version $Id$
*/
-public class AuthenticationSession {
+public class AuthenticationSession implements Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
+ "+";
@@ -70,10 +78,7 @@ public class AuthenticationSession {
* SourceID
*/
private String sourceID;
- /**
- * Indicates if target from configuration is used or not
- */
- private boolean useTargetFromConfig;
+
/**
* public online application URL requested
*/
@@ -97,6 +102,13 @@ public class AuthenticationSession {
private String bkuURL;
/**
+ * Indicates whether the corresponding online application is a business
+ * service or not
+ */
+ private boolean businessService;
+
+ //Store Mandate
+ /**
* Use mandate
*/
private boolean useMandate;
@@ -107,65 +119,42 @@ public class AuthenticationSession {
private String mandateReferenceValue;
/**
- * Authentication data for the assertion
- */
- private AuthenticationData assertionAuthData;
-
- /**
- * Persondata for the assertion
- */
- private String assertionPrPerson;
-
- /**
- * Authblock for the assertion
- */
- private String assertionAuthBlock;
-
- /**
- * Identitylink assertion for the (MOA) assertion
- */
- private String assertionIlAssertion;
-
- /**
- * Signer certificate (base64 encoded) for the assertion
- */
- private String assertionSignerCertificateBase64;
-
- /**
- * bussiness service for the assertion
- */
- boolean assertionBusinessService;
-
- /**
* SessionID for MIS
*/
private String misSessionID;
+
+ private String mandateData;
+
+ //store Identitylink
/**
* identity link read from smartcard
*/
private IdentityLink identityLink;
- /**
- * authentication block to be signed by the user
- */
- private String authBlock;
- /**
- * timestamp logging when authentication session has been created
- */
- private Date timestampStart;
+
/**
* timestamp logging when identity link has been received
*/
private Date timestampIdentityLink;
+
+ //store Authblock
/**
- * Indicates whether the corresponding online application is a business
- * service or not
+ * authentication block to be signed by the user
*/
- private boolean businessService;
+ private String authBlock;
+
+ /**
+ * The issuing time of the AUTH-Block SAML assertion.
+ */
+ private String issueInstant;
+ //Signer certificate
/**
* Signer certificate of the foreign citizen or for mandate mode
*/
- private X509Certificate signerCertificate;
+ //private X509Certificate signerCertificate;
+ private byte[] signerCertificate;
+
+
/**
* SAML attributes from an extended infobox validation to be appended to the
* SAML assertion delivered to the final online application.
@@ -184,11 +173,8 @@ public class AuthenticationSession {
*/
private List extendedSAMLAttributesAUTH;
- /**
- * The issuing time of the AUTH-Block SAML assertion.
- */
- private String issueInstant;
-
+
+ //TODO: check if it is in use!
/**
* If infobox validators are needed after signing, they can be stored in
* this list.
@@ -212,11 +198,61 @@ public class AuthenticationSession {
*/
private STORKAuthnRequest storkAuthnRequest;
- private AuthenticationData authData;
- private String mandateData;
+ private AuthenticationData authData;
+
+ //protocol selection
+ private String action;
private String modul;
+
+ private boolean authenticated;
+ private boolean authenticatedUsed = false;
+
+
+// /**
+// * Indicates if target from configuration is used or not
+// */
+// private boolean useTargetFromConfig;
+
+// /**
+// * Authentication data for the assertion
+// */
+// private AuthenticationData assertionAuthData;
+//
+// /**
+// * Persondata for the assertion
+// */
+// private String assertionPrPerson;
+//
+// /**
+// * Authblock for the assertion
+// */
+// private String assertionAuthBlock;
+//
+// /**
+// * Identitylink assertion for the (MOA) assertion
+// */
+// private String assertionIlAssertion;
+//
+// /**
+// * Signer certificate (base64 encoded) for the assertion
+// */
+// private String assertionSignerCertificateBase64;
+//
+// /**
+// * bussiness service for the assertion
+// */
+// boolean assertionBusinessService;
+//
+// /**
+// * timestamp logging when authentication session has been created
+// */
+// private Date timestampStart;
+// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
+// private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+// private String requestedProtocolURL = null;
+
public String getModul() {
return modul;
}
@@ -232,8 +268,6 @@ public class AuthenticationSession {
public void setAction(String action) {
this.action = action;
}
-
- private String action;
public String getMandateData() {
return mandateData;
@@ -251,16 +285,6 @@ public class AuthenticationSession {
this.authData = authData;
}
- private CreateXMLSignatureResponse XMLCreateSignatureResponse;
-
- private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
-
- private String requestedProtocolURL = null;
-
- private boolean authenticated;
-
- private boolean authenticatedUsed = false;
-
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
}
@@ -278,13 +302,13 @@ public class AuthenticationSession {
}
- public String getRequestedProtocolURL() {
- return requestedProtocolURL;
- }
-
- public void setRequestedProtocolURL(String requestedProtocolURL) {
- this.requestedProtocolURL = requestedProtocolURL;
- }
+// public String getRequestedProtocolURL() {
+// return requestedProtocolURL;
+// }
+//
+// public void setRequestedProtocolURL(String requestedProtocolURL) {
+// this.requestedProtocolURL = requestedProtocolURL;
+// }
/**
* Constructor for AuthenticationSession.
@@ -294,16 +318,29 @@ public class AuthenticationSession {
*/
public AuthenticationSession(String id) {
sessionID = id;
- setTimestampStart();
+// setTimestampStart();
infoboxValidators = new ArrayList();
}
- public X509Certificate getSignerCertificate() {
- return signerCertificate;
+ public X509Certificate getSignerCertificate(){
+ try {
+ return new X509Certificate(signerCertificate);
+ } catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+ return null;
+ }
+ }
+
+ public byte[] getEncodedSignerCertificate() {
+ return this.signerCertificate;
}
public void setSignerCertificate(X509Certificate signerCertificate) {
- this.signerCertificate = signerCertificate;
+ try {
+ this.signerCertificate = signerCertificate.getEncoded();
+ } catch (CertificateEncodingException e) {
+ Logger.warn("Signer certificate can not be stored to session database!", e);
+ }
}
/**
@@ -535,14 +572,14 @@ public class AuthenticationSession {
this.businessService = businessService;
}
- /**
- * Returns the timestampStart.
- *
- * @return Date
- */
- public Date getTimestampStart() {
- return timestampStart;
- }
+// /**
+// * Returns the timestampStart.
+// *
+// * @return Date
+// */
+// public Date getTimestampStart() {
+// return timestampStart;
+// }
/**
* Sets the current date as timestampIdentityLink.
@@ -551,12 +588,12 @@ public class AuthenticationSession {
timestampIdentityLink = new Date();
}
- /**
- * Sets the current date as timestampStart.
- */
- public void setTimestampStart() {
- timestampStart = new Date();
- }
+// /**
+// * Sets the current date as timestampStart.
+// */
+// public void setTimestampStart() {
+// timestampStart = new Date();
+// }
/**
* @return template URL
@@ -827,24 +864,24 @@ public class AuthenticationSession {
return this.useMandate;
}
- /**
- *
- * @param useTargetFromConfig
- * indicates if target from config is used or not
- */
- public void setUseTargetFromConfig(boolean useTargetFromConfig) {
- this.useTargetFromConfig = useTargetFromConfig;
-
- }
-
- /**
- * Returns if target is used from mandate or not
- *
- * @return
- */
- public boolean getUseTargetFromConfig() {
- return this.useTargetFromConfig;
- }
+// /**
+// *
+// * @param useTargetFromConfig
+// * indicates if target from config is used or not
+// */
+// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
+// this.useTargetFromConfig = useTargetFromConfig;
+//
+// }
+//
+// /**
+// * Returns if target is used from mandate or not
+// *
+// * @return
+// */
+// public boolean getUseTargetFromConfig() {
+// return this.useTargetFromConfig;
+// }
/**
*
@@ -864,96 +901,96 @@ public class AuthenticationSession {
return this.misSessionID;
}
- /**
- * @return the assertionAuthData
- */
- public AuthenticationData getAssertionAuthData() {
- return assertionAuthData;
- }
-
- /**
- * @param assertionAuthData
- * the assertionAuthData to set
- */
- public void setAssertionAuthData(AuthenticationData assertionAuthData) {
- this.assertionAuthData = assertionAuthData;
- }
-
- /**
- * @return the assertionPrPerson
- */
- public String getAssertionPrPerson() {
- return assertionPrPerson;
- }
-
- /**
- * @param assertionPrPerson
- * the assertionPrPerson to set
- */
- public void setAssertionPrPerson(String assertionPrPerson) {
- this.assertionPrPerson = assertionPrPerson;
- }
-
- /**
- * @return the assertionAuthBlock
- */
- public String getAssertionAuthBlock() {
- return assertionAuthBlock;
- }
-
- /**
- * @param assertionAuthBlock
- * the assertionAuthBlock to set
- */
- public void setAssertionAuthBlock(String assertionAuthBlock) {
- this.assertionAuthBlock = assertionAuthBlock;
- }
-
- /**
- * @return the assertionIlAssertion
- */
- public String getAssertionIlAssertion() {
- return assertionIlAssertion;
- }
-
- /**
- * @param assertionIlAssertion
- * the assertionIlAssertion to set
- */
- public void setAssertionIlAssertion(String assertionIlAssertion) {
- this.assertionIlAssertion = assertionIlAssertion;
- }
-
- /**
- * @return the assertionSignerCertificateBase64
- */
- public String getAssertionSignerCertificateBase64() {
- return assertionSignerCertificateBase64;
- }
-
- /**
- * @param assertionSignerCertificateBase64
- * the assertionSignerCertificateBase64 to set
- */
- public void setAssertionSignerCertificateBase64(
- String assertionSignerCertificateBase64) {
- this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
- }
-
- /**
- * @return the assertionBusinessService
- */
- public boolean getAssertionBusinessService() {
- return assertionBusinessService;
- }
-
- /**
- * @param assertionBusinessService
- * the assertionBusinessService to set
- */
- public void setAssertionBusinessService(boolean assertionBusinessService) {
- this.assertionBusinessService = assertionBusinessService;
- }
+// /**
+// * @return the assertionAuthData
+// */
+// public AuthenticationData getAssertionAuthData() {
+// return assertionAuthData;
+// }
+//
+// /**
+// * @param assertionAuthData
+// * the assertionAuthData to set
+// */
+// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
+// this.assertionAuthData = assertionAuthData;
+// }
+//
+// /**
+// * @return the assertionPrPerson
+// */
+// public String getAssertionPrPerson() {
+// return assertionPrPerson;
+// }
+//
+// /**
+// * @param assertionPrPerson
+// * the assertionPrPerson to set
+// */
+// public void setAssertionPrPerson(String assertionPrPerson) {
+// this.assertionPrPerson = assertionPrPerson;
+// }
+//
+// /**
+// * @return the assertionAuthBlock
+// */
+// public String getAssertionAuthBlock() {
+// return assertionAuthBlock;
+// }
+//
+// /**
+// * @param assertionAuthBlock
+// * the assertionAuthBlock to set
+// */
+// public void setAssertionAuthBlock(String assertionAuthBlock) {
+// this.assertionAuthBlock = assertionAuthBlock;
+// }
+//
+// /**
+// * @return the assertionIlAssertion
+// */
+// public String getAssertionIlAssertion() {
+// return assertionIlAssertion;
+// }
+//
+// /**
+// * @param assertionIlAssertion
+// * the assertionIlAssertion to set
+// */
+// public void setAssertionIlAssertion(String assertionIlAssertion) {
+// this.assertionIlAssertion = assertionIlAssertion;
+// }
+//
+// /**
+// * @return the assertionSignerCertificateBase64
+// */
+// public String getAssertionSignerCertificateBase64() {
+// return assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @param assertionSignerCertificateBase64
+// * the assertionSignerCertificateBase64 to set
+// */
+// public void setAssertionSignerCertificateBase64(
+// String assertionSignerCertificateBase64) {
+// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
+// }
+//
+// /**
+// * @return the assertionBusinessService
+// */
+// public boolean getAssertionBusinessService() {
+// return assertionBusinessService;
+// }
+//
+// /**
+// * @param assertionBusinessService
+// * the assertionBusinessService to set
+// */
+// public void setAssertionBusinessService(boolean assertionBusinessService) {
+// this.assertionBusinessService = assertionBusinessService;
+// }
/**
* @return the mandateReferenceValue
@@ -989,20 +1026,20 @@ public class AuthenticationSession {
this.storkAuthnRequest = storkAuthnRequest;
}
- public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
- return XMLCreateSignatureResponse;
- }
-
- public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
- XMLCreateSignatureResponse = xMLCreateSignatureResponse;
- }
-
- public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
- return XMLVerifySignatureResponse;
- }
-
- public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
- XMLVerifySignatureResponse = xMLVerifySignatureResponse;
- }
+// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
+// return XMLCreateSignatureResponse;
+// }
+//
+// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
+// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
+// }
+
+// public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+// return XMLVerifySignatureResponse;
+// }
+//
+// public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+// XMLVerifySignatureResponse = xMLVerifySignatureResponse;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index 276e6414c..7523d7eaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -24,15 +24,22 @@
package at.gv.egovernment.moa.id.auth.data;
+import java.io.Serializable;
+
/**
* This class contains SAML attributes to be appended to the SAML assertion delivered to
* the Online application.
*
* @author Harald Bratko
*/
-public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
+public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{
/**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+/**
* The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
* or <code>org.w3c.Element</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 0d11dc4f0..b03f23ce4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.io.IOException;
+import java.io.Serializable;
import java.security.PublicKey;
import javax.xml.transform.TransformerException;
@@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @author Paul Ivancsics
* @version $Id$
*/
-public class IdentityLink {
+public class IdentityLink implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
/**
* <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 6516e64b7..0a3b8dc3e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -49,8 +49,11 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -189,6 +192,13 @@ public class GetForeignIDServlet extends AuthServlet {
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 04fbc0588..a74635232 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -164,7 +165,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
// verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
+ AuthenticationServer.getInstance().verifyMandate(session, mandate);
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
@@ -176,26 +177,32 @@ public class GetMISSessionIDServlet extends AuthServlet {
String redirectURL = null;
String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
+ AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(session, mandateDoc);
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
- resp.setContentType("text/html");
- resp.setStatus(302);
+// redirectURL = session.getOAURLRequested();
+//
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+// }
+//
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);
+
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
-
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+
+ }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4ec894d47..0b30022f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -209,6 +211,13 @@ public class PEPSConnectorServlet extends AuthServlet {
} else {
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index b5c57d5cf..f89460a83 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -245,7 +247,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
- }
+ }
+
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("", null);
+ }
+
}
catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f62428ea5..dc4361da5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -48,10 +48,12 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -158,11 +160,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- String samlArtifactBase64 =
- AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
+ String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
@@ -203,8 +205,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
- X509Certificate cert = session.getSignerCertificate();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ byte[] cert = session.getEncodedSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
String redirectMISGUI = misSessionID.getRedirectURL();
if (misSessionID == null) {
@@ -214,6 +216,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
session.setMISSessionID(misSessionID.getSessiondId());
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
@@ -233,7 +241,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
}
-
+
resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d1f44d55c..d1e3d809c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -44,6 +44,7 @@ import eu.stork.vidp.messages.common.STORKBootstrap;
import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -303,6 +304,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
synchronized (AuthConfigurationProvider.class) {
Configuration hibernateConfig = new Configuration();
hibernateConfig.addAnnotatedClass(AssertionStore.class);
+ hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
hibernateConfig.addProperties(props);
HibernateUtil.initHibernate(hibernateConfig, props);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 3254927ed..21e431bf8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -11,6 +11,8 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -25,7 +27,12 @@ public class AuthenticationManager implements MOAIDAuthConstants {
String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
MOA_SESSION, null);
if (sessionID != null) {
- return AuthenticationSessionStore.getSession(sessionID);
+ try {
+ return AuthenticationSessionStoreage.getSession(sessionID);
+
+ } catch (MOADatabaseException e) {
+ return null;
+ }
}
return null;
}
@@ -50,15 +57,24 @@ public class AuthenticationManager implements MOAIDAuthConstants {
return false;
}
- AuthenticationSession authSession = AuthenticationSessionStore
- .getSession(moaSessionID);
-
- if(authSession == null) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
- return false;
- }
+// AuthenticationSession authSession;
+// try {
+// authSession = AuthenticationSessionStoreage
+// .getSession(moaSessionID);
+//
+// } catch (MOADatabaseException e) {
+// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+// return false;
+// }
+//
+// if(authSession == null) {
+// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+// return false;
+// }
+//
+// return authSession.isAuthenticated();
- return authSession.isAuthenticated();
+ return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
}
/**
@@ -76,8 +92,14 @@ public class AuthenticationManager implements MOAIDAuthConstants {
String sessionID = (String) request.getParameter(PARAM_SESSIONID);
if (sessionID != null) {
Logger.info("got MOASession: " + sessionID);
- AuthenticationSession authSession = AuthenticationSessionStore
- .getSession(sessionID);
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage.getSession(sessionID);
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
if (authSession != null) {
Logger.info("MOASession found! A: "
+ authSession.isAuthenticated() + ", AU "
@@ -111,18 +133,29 @@ public class AuthenticationManager implements MOAIDAuthConstants {
return;
}
- AuthenticationSession authSession = AuthenticationSessionStore
- .getSession(moaSessionID);
+ AuthenticationSession authSession;
+ try {
+ authSession = AuthenticationSessionStoreage
+ .getSession(moaSessionID);
+
+ if(authSession == null) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ authSession.setAuthenticated(false);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //TODO: delete session from Database!!!
+ //AuthenticationSessionStoreage.destroySession(moaSessionID);
+
+ session.invalidate();
- if(authSession == null) {
+ } catch (MOADatabaseException e) {
Logger.info("NO MOA Authentication data for ID " + moaSessionID);
return;
}
-
- authSession.setAuthenticated(false);
- HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
- AuthenticationSessionStore.destroySession(moaSessionID);
- session.invalidate();
+
}
public static void doAuthentication(HttpServletRequest request,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
deleted file mode 100644
index e54bba10d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
+++ /dev/null
@@ -1,84 +0,0 @@
-package at.gv.egovernment.moa.id.moduls;
-
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class AuthenticationSessionStore {
-
- private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
-
- public static boolean isAuthenticated(String moaSessionID) {
- synchronized (sessionStore) {
- if (sessionStore.containsKey(moaSessionID)) {
- return sessionStore.get(moaSessionID).isAuthenticated();
- }
- }
- return false;
- }
-
- public static AuthenticationSession createSession() {
- String id = Random.nextRandom();
- AuthenticationSession session = new AuthenticationSession(id);
- synchronized (sessionStore) {
- sessionStore.put(id, session);
- }
- return session;
- }
-
- public static void destroySession(String moaSessionID) {
- synchronized (sessionStore) {
- if (sessionStore.containsKey(moaSessionID)) {
- sessionStore.remove(moaSessionID);
- }
- }
- }
-
- public static void dumpSessionStore() {
- synchronized (sessionStore) {
- Set<String> keys = sessionStore.keySet();
- Iterator<String> keyIterator = keys.iterator();
- while(keyIterator.hasNext()) {
- String key = keyIterator.next();
- AuthenticationSession session = sessionStore.get(key);
- Logger.info("Key: " + key + " -> " + session.toString());
- }
- }
- }
-
- public static String changeSessionID(AuthenticationSession session)
- throws AuthenticationException {
- synchronized (sessionStore) {
- if (sessionStore.containsKey(session.getSessionID())) {
- AuthenticationSession theSession = sessionStore.get(session
- .getSessionID());
- if (theSession != session) {
- throw new AuthenticationException("TODO!", null);
- }
-
- sessionStore.remove(session.getSessionID());
- String id = Random.nextRandom();
- session.setSessionID(id);
- sessionStore.put(id, session);
- return id;
- }
- }
- throw new AuthenticationException("TODO!", null);
- }
-
- public static AuthenticationSession getSession(String sessionID) {
- synchronized (sessionStore) {
- if (sessionStore.containsKey(sessionID)) {
- return sessionStore.get(sessionID);
- }
- }
- Logger.info("No MOA Session with id: " + sessionID);
- return null;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 9f47123ab..6a86eb4a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -1,7 +1,10 @@
package at.gv.egovernment.moa.id.protocols.saml1;
+import iaik.x509.X509Certificate;
+
import java.io.File;
import java.io.IOException;
+import java.security.cert.CertificateEncodingException;
import java.util.Date;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -9,8 +12,10 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -20,6 +25,8 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.StringUtils;
public class SAML1AuthenticationServer extends AuthenticationServer {
@@ -101,40 +108,113 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// builds authentication data and stores it together with a SAML
// artifact
- AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
- useUTC, false);
-
- String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, session.getAssertionPrPerson(),
- session.getAssertionAuthBlock(),
- session.getAssertionIlAssertion(), session.getBkuURL(),
- session.getAssertionSignerCertificateBase64(),
- session.getAssertionBusinessService(),
- session.getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
+
+ //TODO: check, if this is correct!!!!
+ //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
+ // useUTC, false);
+ AuthenticationData authData = session.getAuthData();
+
+ //TODO: check, if this is correct!!!!
+// String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+// authData, session.getAssertionPrPerson(),
+// session.getAssertionAuthBlock(),
+// session.getAssertionIlAssertion(), session.getBkuURL(),
+// session.getAssertionSignerCertificateBase64(),
+// session.getAssertionBusinessService(),
+// session.getExtendedSAMLAttributesOA(), useCondition,
+// conditionLength);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
+ try {
+
+ //set BASE64 encoded signer certificate
+ String signerCertificateBase64 = "";
+ if (oaParam.getProvideCertifcate()) {
+ byte[] signerCertificate = session.getEncodedSignerCertificate();
+ if (signerCertificate != null) {
+
+ signerCertificateBase64 = Base64Utils
+ .encode(signerCertificate);
+ } else {
+ Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available");
+ }
}
-
- String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), session.getSessionID(),
- session.getSourceID());
+
+ //set prPersion
+ boolean provideStammzahl = oaParam.getProvideStammzahl();
+ String prPerson = new PersonDataBuilder().build(session.getIdentityLink(),
+ provideStammzahl);
+
+ //set Authblock
+ String authBlock = oaParam.getProvideAuthBlock() ? session
+ .getAuthBlock() : "";
+
+ //set IdentityLink for assortion
+ String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink()
+ .getSerializedSamlAssertion()
+ : "";
+ if (!oaParam.getProvideStammzahl()) {
+ ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink()
+ .getIdentificationValue(), "");
+ }
+
+ String samlAssertion;
+
+ if (session.getUseMandate()) {
+ samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate(
+ authData,
+ prPerson,
+ session.getMandateData(),
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
+
+ } else {
+ samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData,
+ prPerson,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ oaParam.getBusinessService(),
+ session.getExtendedSAMLAttributesOA(),
+ useCondition,
+ conditionLength);
+ }
+
+ authData.setSamlAssertion(samlAssertion);
+
+ String assertionFile = AuthConfigurationProvider.getInstance()
+ .getGenericConfigurationParameter(
+ "AuthenticationServer.WriteAssertionToFile");
+ if (!ParepUtils.isEmpty(assertionFile))
+ try {
+ ParepUtils.saveStringToFile(samlAssertion, new File(
+ assertionFile));
+ } catch (IOException e) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", e.toString() }, e);
+ }
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ session.getAuthURL(), session.getSessionID(),
+ session.getSourceID());
+
+ storeAuthenticationData(samlArtifact, authData);
+
+ Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
+ + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
- storeAuthenticationData(samlArtifact, authData);
-
- Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", ex.toString() }, ex);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 6692f61c5..adb0b15ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -84,12 +84,16 @@ public class AssertionStorage {
public void clean(long now, long authDataTimeOut) {
Date expioredate = new Date(now - authDataTimeOut);
+ List<AssertionStore> results;
Session session = HibernateUtil.getCurrentSession();
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithTimeOut");
- query.setTimestamp("timeout", expioredate);
- List<AssertionStore> results = query.list();
- session.getTransaction().commit();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
if (results.size() != 0) {
for(AssertionStore result : results) {
@@ -127,13 +131,17 @@ public class AssertionStorage {
MiscUtil.assertNotNull(artifact, "artifact");
Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
Session session = HibernateUtil.getCurrentSession();
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setString("artifact", artifact);
- List result = query.list();
+ List result;
- //send transaction
- session.getTransaction().commit();
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithArtifact");
+ query.setString("artifact", artifact);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
Logger.trace("Found entries: " + result.size());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
new file mode 100644
index 000000000..5664b3b08
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -0,0 +1,242 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AuthenticationSessionStoreage {
+
+ //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+
+ public static boolean isAuthenticated(String moaSessionID) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ return session.isAuthenticated();
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+ }
+
+
+ public static AuthenticationSession createSession() throws MOADatabaseException {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(false);
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setCreated(new Date());
+ dbsession.setUpdated(new Date());
+
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //store AssertionStore element to Database
+ try {
+ HibernateUtil.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + id + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be created.");
+ throw new MOADatabaseException(e);
+ }
+
+ return session;
+ }
+
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setAuthenticated(session.isAuthenticated());
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ HibernateUtil.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+
+
+ }
+
+ public static void destroySession(String moaSessionID) throws MOADatabaseException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID);
+ HibernateUtil.delete(dbsession);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be destroyed.");
+ throw new MOADatabaseException(e);
+ }
+
+
+ }
+
+// public static void dumpSessionStore() {
+// synchronized (sessionStore) {
+// Set<String> keys = sessionStore.keySet();
+// Iterator<String> keyIterator = keys.iterator();
+// while(keyIterator.hasNext()) {
+// String key = keyIterator.next();
+// AuthenticationSession session = sessionStore.get(key);
+// Logger.info("Key: " + key + " -> " + session.toString());
+// }
+// }
+// }
+
+ public static String changeSessionID(AuthenticationSession session)
+ throws AuthenticationException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+
+ String id = Random.nextRandom();
+ session.setSessionID(id);
+
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(session.isAuthenticated());
+ dbsession.setSession(SerializationUtils.serialize(session));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ HibernateUtil.saveOrUpdate(dbsession);
+
+ return id;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("TODO!", null);
+ }
+
+
+
+
+
+// synchronized (sessionStore) {
+// if (sessionStore.containsKey(session.getSessionID())) {
+// AuthenticationSession theSession = sessionStore.get(session
+// .getSessionID());
+// if (theSession != session) {
+// throw new AuthenticationException("TODO!", null);
+// }
+//
+// sessionStore.remove(session.getSessionID());
+// String id = Random.nextRandom();
+// session.setSessionID(id);
+// sessionStore.put(id, session);
+// return id;
+// }
+// }
+// throw new AuthenticationException("TODO!", null);
+ }
+
+ public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession());
+
+ return session;
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No MOA Session with id: " + sessionID);
+ return null;
+
+ } catch (Throwable e) {
+ Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
+ }
+
+ public static void clean(long now, long authDataTimeOut) {
+ Date expioredate = new Date(now - authDataTimeOut);
+
+ List<AuthenticatedSessionStore> results;
+ Session session = HibernateUtil.getCurrentSession();
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ HibernateUtil.delete(result);
+ Logger.info("Remove Assertion with Artifact=" + result.getSessionid()
+ + " after assertion timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Assertion with Artifact=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
+ MiscUtil.assertNotNull(sessionID, "artifact");
+ Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
+ Session session = HibernateUtil.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", sessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ return (AuthenticatedSessionStore) result.get(0);
+ }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java
index aab0b281d..1111618d6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java
@@ -11,23 +11,23 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class DBUtils {
- @SuppressWarnings("rawtypes")
- public static AssertionStore getAssertion(String artifact) {
- MiscUtil.assertNotNull(artifact, "artifact");
- Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
-
- Session session = HibernateUtil.getCurrentSession();
- session.beginTransaction();
- Query query = session.getNamedQuery("getAssertionWithArtifact");
- query.setString("artifact", artifact);
- List result = query.list();
- Logger.trace("Found entries: " + result.size());
-
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
- }
- return (AssertionStore) result.get(0);
- }
+// @SuppressWarnings("rawtypes")
+// public static AssertionStore getAssertion(String artifact) {
+// MiscUtil.assertNotNull(artifact, "artifact");
+// Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
+//
+// Session session = HibernateUtil.getCurrentSession();
+// session.beginTransaction();
+// Query query = session.getNamedQuery("getAssertionWithArtifact");
+// query.setString("artifact", artifact);
+// List result = query.list();
+// Logger.trace("Found entries: " + result.size());
+//
+// if (result.size() == 0) {
+// Logger.trace("No entries found.");
+// return null;
+// }
+// return (AssertionStore) result.get(0);
+// }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java
index 59398c922..1fa5a20fd 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java
@@ -128,9 +128,12 @@ public final class HibernateUtil {
Transaction tx = null;
try {
Session session = HibernateUtil.getCurrentSession();
- tx = session.beginTransaction();
- session.saveOrUpdate(dbo);
- tx.commit();
+
+ synchronized (session) {
+ tx = session.beginTransaction();
+ session.saveOrUpdate(dbo);
+ tx.commit();
+ }
return true;
} catch(HibernateException e) {
@@ -144,9 +147,13 @@ public final class HibernateUtil {
Transaction tx = null;
try {
Session session = HibernateUtil.getCurrentSession();
- tx = session.beginTransaction();
- session.delete(dbo);
- tx.commit();
+
+ synchronized (session) {
+ tx = session.beginTransaction();
+ session.delete(dbo);
+ tx.commit();
+ }
+
return true;
} catch(HibernateException e) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java
index 9dff193d6..b7b8c24f6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/AssertionStore.java
@@ -18,7 +18,8 @@ import org.hibernate.annotations.NamedQuery;
@DynamicUpdate(value=true)
@Table(name = "assertionstore")
@NamedQueries({
- @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact")
+ @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"),
+ @NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout")
})
public class AssertionStore implements Serializable{
@@ -35,9 +36,11 @@ public class AssertionStore implements Serializable{
@Column(name = "assertion", nullable=false)
@Lob private byte [] assertion;
- @Column(name = "datetime", nullable=false)
- Date datatime;
+ @Column(name = "timestamp", nullable=false)
+ Date timestamp;
+
+
public String getArtifact() {
return artifact;
}
@@ -63,11 +66,11 @@ public class AssertionStore implements Serializable{
}
public Date getDatatime() {
- return datatime;
+ return timestamp;
}
public void setDatatime(Date datatime) {
- this.datatime = datatime;
+ this.timestamp = datatime;
}
diff --git a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml
index 32dd7d9f6..707d5cc61 100644
--- a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml
+++ b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml
@@ -7,5 +7,6 @@
<session-factory>
<!-- Mapping files -->
<mapping class="at.gv.egovernment.moa.id.commons.db.dao.AssertionStore"/>
+ <mapping class="at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore"/>
</session-factory>
</hibernate-configuration> \ No newline at end of file