First untested part: Refactor authentication modules and process management to Spring

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-15 18:12:06 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-15 18:12:06 +0100
commit: 1b7401488933f031a68dfe929b25db86279b52d2 (patch)
tree: 5b6126d66845e97d962e080396b740b2935deb07 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
parent: ff8ae7727e4de105a1179288b129429a29bc07ca (diff)
download: moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip
1 files changed, 32 insertions, 31 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index fe29dd2b7..5bde82899 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -22,8 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.builder;
 
-import iaik.x509.X509Certificate;
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
@@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
@@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.ex.EgovUtilException;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
+import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
+@Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
-	public static IAuthData buildAuthenticationData(IRequest protocolRequest, 
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired protected AuthConfiguration authConfig;
+	
+	public IAuthData buildAuthenticationData(IRequest protocolRequest, 
             AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
 		
 		
@@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 		
 		//reuse some parameters if it is a reauthentication 
-		OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
 		if (activeOA != null) {
 			authdata.setSessionIndex(activeOA.getAssertionSessionID());
 			authdata.setNameID(activeOA.getUserNameID());
@@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 		}
 				
-		InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+		InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
 		
 		IOAAuthParameters oaParam = null;				
 		if (reqAttributes == null) {
 			//get OnlineApplication from MOA-ID-Auth configuration
-			oaParam = AuthConfigurationProviderFactory.getInstance()
-					.getOnlineApplicationParameter(oaID);
+			oaParam = authConfig.getOnlineApplicationParameter(oaID);
 
 			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
 			if (oaParam.isSTORKPVPGateway())
@@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
 			} else {						
 				//get attributes from interfederated IDP
-				OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+				OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
 				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp,  reqAttributes);
 				
 				//mark attribute request as used 				
@@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @throws BuildException 
 	 * @throws DynamicOABuildException 
 	 */
-	public static IAuthData buildAuthenticationData(IRequest req,
+	public IAuthData buildAuthenticationData(IRequest req,
 			AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
 		return buildAuthenticationData(req, session, null);
 	}
@@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param reqQueryAttr 
 	 * @throws ConfigurationException 
 	 */
-	private static void getAuthDataFromInterfederation(
+	private void getAuthDataFromInterfederation(
 			AuthenticationData authdata, AuthenticationSession session,
 			IOAAuthParameters oaParam, IRequest req,
 			InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
@@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			//IDP is a service provider IDP and request interfederated IDP to collect attributes				
 			} else {												
 				//get PVP 2.1 attributes from protocol specific requested attributes
-				attributs = req.getRequestedAttributes();
+				attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES);
 				
 			}
 
-			Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+			Response intfResp = 
+					(Response) req.getGenericData(
+							RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
 			AssertionAttributeExtractor extractor = 
 					new AssertionAttributeExtractor(intfResp);			
 						
@@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 	}
 	
-	private static void buildAuthDataFormInterfederationResponse(
+	private  void buildAuthDataFormInterfederationResponse(
 			AuthenticationData authData, 
 			AuthenticationSession session, 
 			AssertionAttributeExtractor extractor,
@@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
 				Logger.info("No baseID found. Connect SZR to reveive baseID ...");				
 				try {
-					EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig();
+					EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
 					if (eGovClientsConfig != null) {
 						SZRClient szrclient = new SZRClient(eGovClientsConfig);
 						
@@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 						
 					}
 								
-				} catch (ConfigurationException e) {
-					 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
-					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
-							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-					
 				} catch (EgovUtilException e) {
 					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
 					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
@@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @param authData
 	 * @return
 	 */
-	private static boolean matchsReceivedbPKToOnlineApplication(
+	private boolean matchsReceivedbPKToOnlineApplication(
 			IOAAuthParameters oaParam, AuthenticationData authData) {
 		
 		String oaTarget = null;
@@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			return false;
 	}
 
-	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
+	private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 		
 		IdentityLink identityLink = session.getIdentityLink();
@@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		}
 		
 		try {
-			authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
 			
 			//set max. SSO session time
 			if (authData.isSsoSession()) {
-				long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		
+				long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;		
 				Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime);
 				authData.setSsoSessionValidTo(ssoSessionValidTo);
 				
@@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}
 	
-	private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+	private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
 		if (oaParam.getBusinessService()) {
             Element idlassertion = idl.getSamlAssertion();
             //set bpk/wpbk;
@@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
 			Element resignedilAssertion;
 
-			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-			if (config.isIdentityLinkResigning()) {
-				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+			if (authConfig.isIdentityLinkResigning()) {
+				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
 			} else {
 				resignedilAssertion = businessServiceIdl.getSamlAssertion();
 			}
@@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}		
 	
-	private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
+	private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {
 		
         if (oaParam.getBusinessService()) {
             //since we have foreigner, wbPK is not calculated in BKU
@@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
         		}	
             	
             	if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst))
-            		target = protocolRequest.getTarget();
+            		target = protocolRequest.getGenericData("target", String.class);
             	else
             		target = oaParam.getTarget();
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-15 18:12:06 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-15 18:12:06 +0100
commit	1b7401488933f031a68dfe929b25db86279b52d2 (patch)
tree	5b6126d66845e97d962e080396b740b2935deb07 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
parent	ff8ae7727e4de105a1179288b129429a29bc07ca (diff)
download	moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2 moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip