diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-12 11:06:06 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-12 11:06:06 +0200 |
commit | 31ab8aace485fb61f7c872ebaa143299c6e5dcf1 (patch) | |
tree | 41da03bf1ce918919fb73da1cecbe3baac7c9594 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth | |
parent | 4fd52221a71a7f9f7683c34cc573aa44b9adcc1c (diff) | |
download | moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.gz moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.bz2 moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.zip |
SSO Implementation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 3 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java | 12 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java) | 111 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java | 8 | ||||
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 3 |
5 files changed, 53 insertions, 84 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 19af66150..f7c0ff812 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time - + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c41de1904..ed54683ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; +import java.util.Date; import iaik.x509.X509Certificate; @@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{ */ private int signatureManifestCheckCode = -1; + private Date signingDateTime; + /** * Returns the certificateCheckCode. * @return int @@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{ this.signatureManifestCheckCode = signatureManifestCheckCode; } + public Date getSigningDateTime() { + return signingDateTime; + } + + public void setSigningDateTime(Date signingDateTime) { + this.signingDateTime = signingDateTime; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 16ff65477..571d4e738 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { +public class LogOutServlet extends AuthServlet { - /** - * - */ private static final long serialVersionUID = 3908001651893673395L; - -/** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ + private static final String REDIRECT_URL = "redirect"; + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - - String sessionID = req.getParameter(PARAM_SESSIONID); - sessionID = (String) req.getAttribute(PARAM_SESSIONID); - + Logger.debug("receive LogOut Request"); + String redirectUrl = (String) req.getParameter(REDIRECT_URL); - try { - - if (StringUtils.isEmpty(sessionID)) - throw new MOAIDException("auth.18", null); - - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - - setNoCachingHeadersInHttpRespone(req, resp); - - - //TODO: Load MOASession - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); + SSOManager ssomanager = SSOManager.getInstance(); + + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); - Logger.debug("Starting STORK authentication"); - - //TODO: insert sessionID to STORK!! - AuthenticationServer.startSTORKAuthentication(req, resp, moasession); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + if (ssomanager.isValidSSOSession(ssoid, req)) { + + //TODO: Single LogOut Implementation + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + authmanager.logout(req, resp); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - - } catch (MOADatabaseException e) { - handleError(null, e, req, resp); - } + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + //invalidate Session + req.getSession().invalidate(); + + //Redirect to Application + resp.setStatus(301); + resp.addHeader("Location", redirectUrl); } - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e77dd30d0..115c52688 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; @@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; } } + + public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { + + //TODO: insert Time validation!!!! + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 90282a28c..892607c16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey; import java.util.List; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator { } } - + /** * Method validateCertificate. * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse |