diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-13 15:48:17 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-13 15:48:17 +0200 |
commit | 158d41705d0f8c67a858e84bda8d2c16377cf288 (patch) | |
tree | 8b75f57ff92112e0922f055b595f1800f3bf40af /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth | |
parent | 017ecef03e90c176e040de1c39836f1a81d66b73 (diff) | |
download | moa-id-spss-158d41705d0f8c67a858e84bda8d2c16377cf288.tar.gz moa-id-spss-158d41705d0f8c67a858e84bda8d2c16377cf288.tar.bz2 moa-id-spss-158d41705d0f8c67a858e84bda8d2c16377cf288.zip |
some bug fixes
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
6 files changed, 32 insertions, 28 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index a13455972..2c14af463 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { try { return buildAuthenticationData(pendingReq, - new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()), + pendingReq.getSessionData(AuthenticationSessionWrapper.class), pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) { Logger.warn("Can not build authentication data from session information"); - throw new EAAFAuthenticationException("TODO", new Object[]{}, e); + throw new EAAFAuthenticationException("builder.11", new Object[]{}, e); } @@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (oaParam.isSTORKPVPGateway()) oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( + Boolean isMinimalFrontChannelResp = pendingReq.getRawData( MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { //only set minimal response attributes authdata.setQAALevel( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); authdata.setBPK( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); } else { //build AuthenticationData from MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index a43e6a7fb..399ecc022 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { String sectorName = null; - String saml1Target = pendingReq.getGenericData( + String saml1Target = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); if (MiscUtil.isNotEmpty(saml1Target)) { target = saml1Target; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 926bfe242..cadaec2a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -45,6 +45,7 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import org.apache.commons.collections4.map.HashedMap; @@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi */ @Override public X509Certificate getSignerCertificate() { - try { - return new X509Certificate(signerCertificate); - } - catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); - return null; + if (signerCertificate != null && signerCertificate.length > 0) { + try { + return new X509Certificate(signerCertificate); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } } + + return null; } /* (non-Javadoc) @@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(VALUE_SIGNER_CERT, getSignerCertificate()); result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); - result.putAll(genericSessionDataStorate); - + for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) + result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); + return Collections.unmodifiableMap(result); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index b976cba9e..375b144d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object - String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - //load MOA SSO-session from database - AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); - - if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { + String ssoId = ssoManager.getSSOSessionID(request); + if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //user allow single sign-on authentication if (ssoConsents) { - + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + //Populate this pending request with SSO session information - pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; + pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request pendingReq.setAuthenticated(true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java index 7d9a2c28c..acaf21682 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask { List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST)); if (restrictedSPs.contains(spEntityId)) { Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... "); - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //check if user idl is already loaded if (moasession.getIdentityLink() == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 0e1e1bf12..ead80b117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ resultTargetFriendlyName = targetFriendlyNameConfig; //set info's into request-context. (It's required to support SAML1 requested target parameters) - protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName); } else { @@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, templateURL); @@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = pendingReq.getSPEntityId(); //only needed for SAML1 - String target = pendingReq.getGenericData("saml1_target", String.class); + String target = pendingReq.getRawData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); |