diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-15 18:12:06 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-15 18:12:06 +0100 |
commit | 1b7401488933f031a68dfe929b25db86279b52d2 (patch) | |
tree | 5b6126d66845e97d962e080396b740b2935deb07 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder | |
parent | ff8ae7727e4de105a1179288b129429a29bc07ca (diff) | |
download | moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2 moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip |
First untested part: Refactor authentication modules and process management to Spring
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder')
3 files changed, 35 insertions, 54 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index fe29dd2b7..5bde82899 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -22,8 +22,6 @@ */ package at.gv.egovernment.moa.id.auth.builder; -import iaik.x509.X509Certificate; - import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; @@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response; import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration; import at.gv.util.ex.EgovUtilException; import at.gv.util.wsdl.szr.SZRException; import at.gv.util.xsd.szr.PersonInfoType; +import iaik.x509.X509Certificate; /** * @author tlenz * */ +@Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends MOAIDAuthConstants { - public static IAuthData buildAuthenticationData(IRequest protocolRequest, + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired protected AuthConfiguration authConfig; + + public IAuthData buildAuthenticationData(IRequest protocolRequest, AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } //reuse some parameters if it is a reauthentication - OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); if (activeOA != null) { authdata.setSessionIndex(activeOA.getAssertionSessionID()); authdata.setNameID(activeOA.getUserNameID()); @@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); + InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); IOAAuthParameters oaParam = null; if (reqAttributes == null) { //get OnlineApplication from MOA-ID-Auth configuration - oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(oaID); + oaParam = authConfig.getOnlineApplicationParameter(oaID); //build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway if (oaParam.isSTORKPVPGateway()) @@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } else { //get attributes from interfederated IDP - OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes); //mark attribute request as used @@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @throws BuildException * @throws DynamicOABuildException */ - public static IAuthData buildAuthenticationData(IRequest req, + public IAuthData buildAuthenticationData(IRequest req, AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException { return buildAuthenticationData(req, session, null); } @@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param reqQueryAttr * @throws ConfigurationException */ - private static void getAuthDataFromInterfederation( + private void getAuthDataFromInterfederation( AuthenticationData authdata, AuthenticationSession session, IOAAuthParameters oaParam, IRequest req, InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{ @@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //IDP is a service provider IDP and request interfederated IDP to collect attributes } else { //get PVP 2.1 attributes from protocol specific requested attributes - attributs = req.getRequestedAttributes(); + attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES); } - Response intfResp = (Response) req.getInterfederationResponse().getResponse(); + Response intfResp = + (Response) req.getGenericData( + RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse(); AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(intfResp); @@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - private static void buildAuthDataFormInterfederationResponse( + private void buildAuthDataFormInterfederationResponse( AuthenticationData authData, AuthenticationSession session, AssertionAttributeExtractor extractor, @@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { if (MiscUtil.isEmpty(authData.getIdentificationValue())) { Logger.info("No baseID found. Connect SZR to reveive baseID ..."); try { - EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig(); + EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig(); if (eGovClientsConfig != null) { SZRClient szrclient = new SZRClient(eGovClientsConfig); @@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - } catch (ConfigurationException e) { - Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); - throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME - + " or " + PVPConstants.EID_SOURCE_PIN_NAME); - } catch (EgovUtilException e) { Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME @@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param authData * @return */ - private static boolean matchsReceivedbPKToOnlineApplication( + private boolean matchsReceivedbPKToOnlineApplication( IOAAuthParameters oaParam, AuthenticationData authData) { String oaTarget = null; @@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { return false; } - private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { IdentityLink identityLink = session.getIdentityLink(); @@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } try { - authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); + authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); //set max. SSO session time if (authData.isSsoSession()) { - long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; + long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime); authData.setSsoSessionValidTo(ssoSessionValidTo); @@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { + private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { if (oaParam.getBusinessService()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; @@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); Element resignedilAssertion; - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - if (config.isIdentityLinkResigning()) { - resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey()); + if (authConfig.isIdentityLinkResigning()) { + resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey()); } else { resignedilAssertion = businessServiceIdl.getSamlAssertion(); } @@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { + private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException { if (oaParam.getBusinessService()) { //since we have foreigner, wbPK is not calculated in BKU @@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst)) - target = protocolRequest.getTarget(); + target = protocolRequest.getGenericData("target", String.class); else target = oaParam.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index d4350f97b..9a2baf873 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -47,7 +47,6 @@ package at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; /** * Builds a DataURL parameter meant for the security layer implementation @@ -76,31 +75,13 @@ public class DataURLBuilder { * @return String */ public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - -// String individualDataURLPrefix = null; - String dataURL; - - //is removed from config in MOA-ID 2.0 - //check if an individual prefix is configured -// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). -// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); -// -// if (null != individualDataURLPrefix) { -// -// //check individualDataURLPrefix -// if(!individualDataURLPrefix.startsWith("http")) -// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); -// -// //when ok then use it -// dataURL = individualDataURLPrefix + authServletName; -// } else - + String dataURL; if (!authBaseURL.endsWith("/")) authBaseURL += "/"; dataURL = authBaseURL + authServletName; - dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); + dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID); return dataURL; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 99ba49d26..c22432d0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.logging.Logger; @@ -119,7 +118,7 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) { + public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) { String value = null; |