aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/auth
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-12-19 09:00:07 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-12-19 09:00:07 +0000
commitb6e8e0a8f45c10d9a0cd77807db7107430752981 (patch)
treeff2bf15ff279f07166e472dbc2d29b5dcd013d73 /id.server/src/at/gv/egovernment/moa/id/auth
parentb2e2e48ad320dce63f471481cba305b1c95cd619 (diff)
downloadmoa-id-spss-b6e8e0a8f45c10d9a0cd77807db7107430752981.tar.gz
moa-id-spss-b6e8e0a8f45c10d9a0cd77807db7107430752981.tar.bz2
moa-id-spss-b6e8e0a8f45c10d9a0cd77807db7107430752981.zip
MOA-ID 1.1.1D01
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@81 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java594
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java30
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java55
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java8
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java5
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java3
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java11
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java10
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java1
10 files changed, 434 insertions, 285 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e9d9c7175..bc3e075be 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
@@ -67,21 +68,21 @@ import at.gv.egovernment.moa.util.FileUtils;
* @version $Id$
*/
public class AuthenticationServer implements MOAIDAuthConstants {
-
- /** single instance */
- private static AuthenticationServer instance;
- /** session data store (session ID -> AuthenticationSession) */
- private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
- /**
- * time out in milliseconds used by {@link cleanup} for session store
- */
- private long sessionTimeOut = 10*60*1000; // default 10 minutes
- /**
- * time out in milliseconds used by {@link cleanup} for authentication data store
- */
- private long authDataTimeOut = 2*60*1000; // default 2 minutes
+
+ /** single instance */
+ private static AuthenticationServer instance;
+ /** session data store (session ID -> AuthenticationSession) */
+ private static Map sessionStore = new HashMap();
+ /** authentication data store (assertion handle -> AuthenticationData) */
+ private static Map authenticationDataStore = new HashMap();
+ /**
+ * time out in milliseconds used by {@link cleanup} for session store
+ */
+ private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data store
+ */
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
/**
* Returns the single instance of <code>AuthenticationServer</code>.
@@ -122,24 +123,35 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException while building the HTML form
*/
public String selectBKU(
- String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL)
+ String authURL,
+ String target,
+ String oaURL,
+ String bkuSelectionTemplateURL,
+ String templateURL)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
-
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(authURL))
throw new WrongParametersException("StartAuthentication", "AuthURL");
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
if (isEmpty(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA);
- if (! authURL.startsWith("https:"))
- throw new AuthenticationException("auth.07", null);
- ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
+
+ ConnectionParameter bkuConnParam =
+ AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
if (bkuConnParam == null)
- throw new ConfigurationException("config.08", new Object[] {"BKUSelection/ConnectionParameter"});
- OAAuthParameter oaParam =
+ throw new ConfigurationException(
+ "config.08",
+ new Object[] { "BKUSelection/ConnectionParameter" });
+ OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
AuthenticationSession session = newSession();
Logger.info("MOASession " + session.getSessionID() + " angelegt");
session.setTarget(target);
@@ -147,32 +159,37 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
+ String returnURL =
+ new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
// bkuSelectionType==HTMLComplete
String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
return redirectURL;
- }
- else {
+ } else {
// bkuSelectionType==HTMLSelect
String bkuSelectTag;
try {
bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
- }
- catch (Throwable ex) {
- throw new AuthenticationException("auth.03", new Object[] {bkuConnParam.getUrl(), ex.toString()}, ex);
+ } catch (Throwable ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { bkuConnParam.getUrl(), ex.toString()},
+ ex);
}
String bkuSelectionTemplate = null;
if (bkuSelectionTemplateURL != null) {
try {
bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
- }
- catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {bkuSelectionTemplateURL, ex.toString()}, ex);
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { bkuSelectionTemplateURL, ex.toString()},
+ ex);
}
}
- String htmlForm = new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
+ String htmlForm =
+ new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
return htmlForm;
}
}
@@ -186,47 +203,57 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws IOException on any data error
* @throws GeneralSecurityException on security errors
*/
- private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
+ private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
+
if (connParam.isHTTPSURL())
return new String(SSLUtils.readHttpsURL(conf, connParam));
else
return new String(FileUtils.readURL(connParam.getUrl()));
}
/**
- * Processes the beginning of an authentication session.
- * <ul>
- * <li>Starts an authentication session</li>
- * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>Creates an HTML form for querying the identity link from the
- * security layer implementation.
- * <br>Form parameters include
- * <ul>
- * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it response to</li>
- * </ul>
- * </ul>
+ * Processes the beginning of an authentication session.
+ * <ul>
+ * <li>Starts an authentication session</li>
+ * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>Creates an HTML form for querying the identity link from the
+ * security layer implementation.
+ * <br>Form parameters include
+ * <ul>
+ * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
+ * </ul>
+ * </ul>
* @param authURL URL of the servlet to be used as data URL
* @param target "Gesch&auml;ftsbereich" of the online application requested
* @param oaURL online application URL requested
* @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
* may be <code>null</code>; in this case, the default location will be used
* @param templateURL URL providing an HTML template for the HTML form generated
- * @return HTML form
+ * @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
- */
- public String startAuthentication(
- String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID)
- throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+ */
+ public String startAuthentication(
+ String authURL,
+ String target,
+ String oaURL,
+ String templateURL,
+ String bkuURL,
+ String sessionID)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
if (isEmpty(sessionID)) {
if (isEmpty(authURL))
throw new WrongParametersException("StartAuthentication", "AuthURL");
- if (! authURL.startsWith("https:"))
- throw new AuthenticationException("auth.07", null);
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr =
+ AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
if (isEmpty(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
if (isEmpty(oaURL))
@@ -234,105 +261,128 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
AuthenticationSession session;
if (sessionID != null)
- session = getSession(sessionID);
- else {
- OAAuthParameter oaParam =
+ session = getSession(sessionID);
+ else {
+ OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] {oaURL});
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
}
- String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session.getSessionID());
+ String infoboxReadRequest = new InfoboxReadRequestBuilder().build();
+ String dataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_IDENTITY_LINK,
+ session.getSessionID());
String template = null;
if (session.getTemplateURL() != null) {
- try {
- template = new String(FileUtils.readURL(session.getTemplateURL()));
- }
- catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {session.getTemplateURL(), ex.toString()}, ex);
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { session.getTemplateURL(), ex.toString()},
+ ex);
}
}
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build();
- String certInfoDataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID());
- String htmlForm = new GetIdentityLinkFormBuilder().build(
- template, bkuURL, infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL);
- return htmlForm;
- }
- /**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Verifies identity link by calling the MOA SP component</li>
- * <li>Checks certificate authority of identity link</li>
- * <li>Stores identity link in the session</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the
- * security layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param xmlInfoboxReadResponse String representation of the
- * <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String verifyIdentityLink (String sessionID, String xmlInfoboxReadResponse)
- throws AuthenticationException, ParseException, ConfigurationException, ValidateException, ServiceException, WrongParametersException {
-
+ String certInfoDataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_START_AUTHENTICATION,
+ session.getSessionID());
+ String htmlForm =
+ new GetIdentityLinkFormBuilder().build(
+ template,
+ bkuURL,
+ infoboxReadRequest,
+ dataURL,
+ certInfoRequest,
+ certInfoDataURL);
+ return htmlForm;
+ }
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param xmlInfoboxReadResponse String representation of the
+ * <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse)
+ throws
+ AuthenticationException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
if (isEmpty(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
if (isEmpty(xmlInfoboxReadResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
- AuthenticationSession session = getSession(sessionID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
+ AuthenticationSession session = getSession(sessionID);
if (session.getTimestampIdentityLink() != null)
- throw new AuthenticationException("auth.01", new Object[] {sessionID});
- session.setTimestampIdentityLink();
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses the <InfoboxReadResponse>
- IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse).
- parseIdentityLink();
+ IdentityLink identityLink =
+ new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
// validates the identity link
- IdentityLinkValidator.getInstance().validate(identityLink);
+ IdentityLinkValidator.getInstance().validate(identityLink);
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(
- identityLink, authConf.getMoaSpIdentityLinkTrustProfileID());
+ Element domVerifyXMLSignatureRequest =
+ new VerifyXMLSignatureRequestBuilder().build(
+ identityLink,
+ authConf.getMoaSpIdentityLinkTrustProfileID());
// debug output
- debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest);
+ if(null != domVerifyXMLSignatureRequest)
+ debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest);
// invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().
- verifyXMLSignature(domVerifyXMLSignatureRequest);
+ Element domVerifyXMLSignatureResponse =
+ new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse =
- new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
// debug output
- debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse);
+ if(null != domVerifyXMLSignatureResponse)
+ debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse);
// validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(
- verifyXMLSignatureResponse,
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
authConf.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK);
-
- session.setIdentityLink(identityLink);
+
+ session.setIdentityLink(identityLink);
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session);
- session.setAuthBlock(authBlock);
+ session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
- String[] transformInfos = authConf.getTransformsInfos();
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().
- build(authBlock, transformInfos);
- return createXMLSignatureRequest;
- }
+ String[] transformInfos = authConf.getTransformsInfos();
+ String createXMLSignatureRequest =
+ new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos);
+ return createXMLSignatureRequest;
+ }
/**
* Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
* @param session authentication session
@@ -345,74 +395,92 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String authURL = session.getAuthURL();
String target = session.getTarget();
String oaURL = session.getPublicOAURLPrefix();
- String authBlock = new AuthenticationBlockAssertionBuilder().
- build(issuer, issueInstant, authURL, target, oaURL);
+ String authBlock =
+ new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL);
return authBlock;
}
- /**
- * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
- * <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies authentication block by calling the MOA SP component</li>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store
- * indexed by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @return SAML artifact needed for retrieving authentication data, encoded BASE64
- */
- public String verifyAuthenticationBlock(
- String sessionID, String xmlCreateXMLSignatureReadResponse)
- throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, WrongParametersException {
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String verifyAuthenticationBlock(
+ String sessionID,
+ String xmlCreateXMLSignatureReadResponse)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException {
if (isEmpty(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE);
- AuthenticationSession session = getSession(sessionID);
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
// parses <CreateXMLSignatureResponse>
- CreateXMLSignatureResponse csresp =
- new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
// validates <CreateXMLSignatureResponse>
- new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix());
+ new CreateXMLSignatureResponseValidator().validate(
+ csresp,
+ session.getTarget(),
+ session.getPublicOAURLPrefix());
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
// debug output
- AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq);
+ if(null != domVsreq)
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq);
// invokes the call
Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
// parses the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
// debug output
- AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp);
+ if(null != domVsresp)
+ AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp);
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(
- vsresp, null,VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
+ vsresp,
+ null,
+ VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
// compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(vsresp, session.getIdentityLink());
-
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp,
+ session.getIdentityLink());
+
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
- String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
- storeAuthenticationData(samlArtifact, authData);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ String samlArtifact =
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
// invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ sessionStore.remove(sessionID);
+ Logger.info(
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
return samlArtifact;
- }
+ }
/**
* Builds the AuthenticationData object together with the
* corresponding <code>&lt;saml:Assertion&gt;</code>
@@ -422,20 +490,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws ConfigurationException while accessing configuration data
* @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
*/
- private AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
- throws ConfigurationException, BuildException {
-
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
+ AuthenticationData authData = new AuthenticationData();
authData.setMajorVersion(1);
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
- String vpkBase64 = new VPKBuilder().buildVPK(
- identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget());
+ String vpkBase64 =
+ new VPKBuilder().buildVPK(
+ identityLink.getIdentificationValue(),
+ identityLink.getDateOfBirth(),
+ session.getTarget());
authData.setVPK(vpkBase64);
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -443,57 +514,57 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- String prPerson = new PersonDataBuilder().build(
- identityLink, oaParam.getProvideZMRZahl());
-
- try {
- String ilAssertion =
- oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink()
+ ? DOMUtils.serializeNode(identityLink.getSamlAssertion())
+ : "";
String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
- String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, prPerson, authBlock, ilAssertion);
+ String samlAssertion =
+ new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion);
authData.setSamlAssertion(samlAssertion);
- return authData;
- }
- catch (Throwable ex) {
- throw new BuildException(
- "builder.00",
- new Object[] { "AuthenticationData", ex.toString() },
- ex);
- }
- }
- /**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact) throws AuthenticationException {
+ return authData;
+ } catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.toString()},
+ ex);
+ }
+ }
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact)
+ throws AuthenticationException {
String assertionHandle;
try {
assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
- }
- catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] {samlArtifact, ex.toString()});
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
}
AuthenticationData authData = null;
synchronized (authenticationDataStore) {
- authData = (AuthenticationData)authenticationDataStore.get(assertionHandle);
- if (authData == null) {
+ authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
- throw new AuthenticationException("1206", new Object[] {samlArtifact});
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
authenticationDataStore.remove(assertionHandle);
- }
+ }
long now = new Date().getTime();
if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207", new Object[] {samlArtifact});
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
+ return authData;
+ }
/**
* Stores authentication data indexed by the assertion handle contained in the
* given saml artifact.
@@ -501,26 +572,24 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param authData authentication data
* @throws AuthenticationException when SAML artifact is invalid
*/
- private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
+ private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
throws AuthenticationException {
-
- try {
+
+ try {
SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
// check type code 0x0001
byte[] typeCode = parser.parseTypeCode();
if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
String assertionHandle = parser.parseAssertionHandle();
- synchronized(authenticationDataStore) {
+ synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
authenticationDataStore.put(assertionHandle, authData);
}
- }
- catch (AuthenticationException ex) {
+ } catch (AuthenticationException ex) {
throw ex;
- }
- catch (Throwable ex) {
- throw new AuthenticationException("auth.06", new Object[] {samlArtifact});
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
}
}
/**
@@ -533,13 +602,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* already for the given session ID
*/
private static AuthenticationSession newSession() throws AuthenticationException {
- String sessionID = Random.nextRandom();
+ String sessionID = Random.nextRandom();
AuthenticationSession newSession = new AuthenticationSession(sessionID);
synchronized (sessionStore) {
- AuthenticationSession session = (AuthenticationSession)sessionStore.get(sessionID);
- if (session != null)
- throw new AuthenticationException("auth.01", new Object[] { sessionID });
- sessionStore.put(sessionID, newSession);
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (session != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ sessionStore.put(sessionID, newSession);
}
return newSession;
}
@@ -551,38 +620,45 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <code>null</code> if session ID unknown
*/
public static AuthenticationSession getSession(String id) throws AuthenticationException {
- AuthenticationSession session = (AuthenticationSession)sessionStore.get(id);
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(id);
if (session == null)
- throw new AuthenticationException("auth.02", new Object[] { id });
+ throw new AuthenticationException("auth.02", new Object[] { id });
return session;
}
/**
* Cleans up expired session and authentication data stores.
*/
public void cleanup() {
- long now = new Date().getTime();
- synchronized(sessionStore) {
- Set keys = new HashSet(sessionStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
- String sessionID = (String) iter.next();
- AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
- if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.02", new Object[] {sessionID}));
- sessionStore.remove(sessionID);
- }
- }
- }
- synchronized(authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
- String samlArtifact = (String) iter.next();
- AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlArtifact);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.03", new Object[] {samlArtifact}));
- authenticationDataStore.remove(samlArtifact);
- }
- }
- }
+ long now = new Date().getTime();
+ synchronized (sessionStore) {
+ Set keys = new HashSet(sessionStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String sessionID = (String) iter.next();
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.02",
+ new Object[] { sessionID }));
+ sessionStore.remove(sessionID);
+ }
+ }
+ }
+ synchronized (authenticationDataStore) {
+ Set keys = new HashSet(authenticationDataStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String samlArtifact = (String) iter.next();
+ AuthenticationData authData =
+ (AuthenticationData) authenticationDataStore.get(samlArtifact);
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.03",
+ new Object[] { samlArtifact }));
+ authenticationDataStore.remove(samlArtifact);
+ }
+ }
+ }
}
/**
@@ -599,7 +675,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public void setSecondsAuthDataTimeOut(long seconds) {
authDataTimeOut = 1000 * seconds;
}
-
+
/**
* Checks a parameter.
* @param param parameter
@@ -620,8 +696,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
try {
String xmlString = new String(DOMUtils.serializeNode(rootElem));
debugOutputXMLFile(filename, xmlString);
- }
- catch (Exception ex) {
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -639,8 +714,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
byte[] xmlData = xmlString.getBytes("UTF-8");
fout.write(xmlData);
fout.close();
- }
- catch (Exception ex) {
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 8693c71a9..f8c287cb6 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -22,6 +22,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
"<sl11:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' xmlns:sl10=''" + SL10_NS_URI + "'' xmlns:sl11=''" + SL11_NS_URI + "''>" + nl +
" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
+ //TODO RS Lsg Switch SecureSignatureKeypair / CertifiedKeyPair
+ //" <sl11:KeyboxIdentifier>CertifiedKeypair</sl11:KeyboxIdentifier>" + nl +
" <sl11:DataObjectInfo Structure=''detached''>" + nl +
" <sl10:DataObject Reference=''''/>" + nl +
"{1}" +
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 575149d9e..30cc1df5a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -1,6 +1,10 @@
package at.gv.egovernment.moa.id.auth.builder;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
/**
* Builds a DataURL parameter meant for the security layer implementation
@@ -29,7 +33,31 @@ public class DataURLBuilder {
* @return String
*/
public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
- String dataURL = authBaseURL + authServletName;
+
+ String individualDataURLPrefix = null;
+ String dataURL;
+ try {
+ //check if an individual prefix is configured
+ individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+ getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+
+ if (null != individualDataURLPrefix) {
+
+ //check individualDataURLPrefix
+ if(!individualDataURLPrefix.startsWith("http"))
+ throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+
+ //when ok then use it
+ dataURL = individualDataURLPrefix + authServletName;
+ } else
+ dataURL = authBaseURL + authServletName;
+
+ } catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
+ dataURL = authBaseURL + authServletName;
+ }
+
dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
return dataURL;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 3a1cab4be..6ff52bc4a 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -7,6 +7,10 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -43,13 +47,29 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
protected void handleError(
String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
- if (exceptionThrown != null)
- Logger.error(errorMessage, exceptionThrown);
- else
+
+ if(null != errorMessage) {
Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- resp.setStatus(500);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage.jsp wher the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
}
/**
* Handles a <code>WrongParametersException</code>.
@@ -58,8 +78,18 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
*/
protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
Logger.error(ex.toString());
- req.setAttribute("WrongParameters", "true");
- resp.setStatus(500);
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage.jsp where the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
}
/**
@@ -114,4 +144,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
}
return bout.toString();
}
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index 554819f73..1dc1897b2 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Locale;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -43,8 +46,11 @@ public class ConfigurationServlet extends HttpServlet {
try {
MOAIDAuthInitializer.initialized=false;
MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", null);
+ String message = msg.getMessage("config.00", new Object[]
+ { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
+
Logger.info(message);
+ //TODO low-priority: change to ErrorPage
out.println("<p><b>");
out.println(message);
out.println("</b></p>");
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 50ca21c69..422ddf0a3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -35,6 +35,7 @@ public class SelectBKUServlet extends AuthServlet {
*/
public void init(ServletConfig servletConfig) throws ServletException {
try {
+ super.init(servletConfig);
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
}
@@ -71,9 +72,9 @@ public class SelectBKUServlet extends AuthServlet {
String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
// bkuSelectionType==HTMLComplete
- String redirectURL = returnValue;
+ String redirectURL = returnValue;
resp.sendRedirect(redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
}
else {
// bkuSelectionType==HTMLSelect
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 2ea43935b..6308742bf 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -90,6 +90,7 @@ public class StartAuthenticationServlet extends AuthServlet {
*/
public void init(ServletConfig servletConfig) throws ServletException {
try {
+ super.init(servletConfig);
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
}
@@ -97,6 +98,6 @@ public class StartAuthenticationServlet extends AuthServlet {
Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
throw new ServletException(ex);
}
- }
+ }
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 8d16f73dd..eda0c6726 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
@@ -70,8 +69,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Map parameters = getParameters(req);
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- // debug output
- AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
+
+ // debug XMLSignatureResponse from BKU
+ if(null != createXMLSignatureResponse)
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureResponse.xml", createXMLSignatureResponse);
try {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
@@ -84,9 +85,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
+
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index d3a28c7d4..55bce7af3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -10,7 +10,6 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.logging.Logger;
@@ -68,7 +67,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
String sessionID = req.getParameter(PARAM_SESSIONID);
String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);
// debug output
- AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
+ if(null != infoboxReadResponse)
+ AuthenticationServer.debugOutputXMLFile("InfoboxReadResponse.xml", infoboxReadResponse);
try {
String createXMLSignatureRequest =
AuthenticationServer.getInstance().verifyIdentityLink(sessionID, infoboxReadResponse);
@@ -79,16 +79,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
resp.addHeader("Location", dataURL);
resp.setContentType("text/xml");
// debug output
- AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
+ if(null != createXMLSignatureRequest)
+ AuthenticationServer.debugOutputXMLFile("CreateXMLSignatureRequest.xml", createXMLSignatureRequest);
OutputStream out = resp.getOutputStream();
out.write(createXMLSignatureRequest.getBytes("UTF-8"));
out.flush();
out.close();
Logger.debug("Finished POST VerifyIdentityLink");
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index a238d28cb..8de475f95 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -53,6 +53,7 @@ public class VerifyXMLSignatureResponseValidator {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
+ //TODO enhance error messages (reason why check failed)
if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0)
if (whatToCheck.equals(CHECK_IDENTITY_LINK))
throw new ValidateException("validator.07", null);