SSO Implementation

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-07-12 11:06:06 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-07-12 11:06:06 +0200
commit: 31ab8aace485fb61f7c872ebaa143299c6e5dcf1 (patch)
tree: 41da03bf1ce918919fb73da1cecbe3baac7c9594 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth
parent: 4fd52221a71a7f9f7683c34cc573aa44b9adcc1c (diff)
download: moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.gz
moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.bz2
moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.zip
5 files changed, 53 insertions, 84 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 19af66150..f7c0ff812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		// TODO See Bug #144
 		// Compare AuthBlock Data with information stored in session, especially
 		// date and time
-
+		CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+		
 		// compares the public keys from the identityLink with the AuthBlock
 		VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
 				vsresp, session.getIdentityLink());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c41de1904..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.id.auth.data;
 
 import java.io.Serializable;
+import java.util.Date;
 
 import iaik.x509.X509Certificate;
 
@@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{
    */
   private int signatureManifestCheckCode = -1;
 
+  private Date signingDateTime;
+  
   /**
    * Returns the certificateCheckCode.
    * @return int
@@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{
     this.signatureManifestCheckCode = signatureManifestCheckCode;
   }
 
+  public Date getSigningDateTime() {
+	 return signingDateTime;
+  }
+
+  public void setSigningDateTime(Date signingDateTime) {
+	this.signingDateTime = signingDateTime;
+  }
+
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 16ff65477..571d4e738 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException;
 import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
 import eu.stork.vidp.messages.stork.RequestedAttributes;
 
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
+public class LogOutServlet extends AuthServlet {
 
-  /**
-	 * 
-	 */
 	private static final long serialVersionUID = 3908001651893673395L;
 
-
-/**
-   * Responds with an HTML form which upon submit requests the identity link
-   * from the security layer implementation.
-   * <br>
-   * Response:
-   * <ul>
-   * <li>Content type: <code>"text/html"</code></li>
-   * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
-   * <li>Error status: <code>500</code>
-   * </ul>
-   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
-   */
+	private static final String REDIRECT_URL = "redirect";
+	
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
-	Logger.debug("GET StartAuthentication");  
-	  	
-	String sessionID = req.getParameter(PARAM_SESSIONID);
-	 sessionID = (String) req.getAttribute(PARAM_SESSIONID);
-
+	Logger.debug("receive LogOut Request");  
 
+	String redirectUrl = (String) req.getParameter(REDIRECT_URL);
 	
-	try {
-		
-		if (StringUtils.isEmpty(sessionID)) 
-			throw new MOAIDException("auth.18", null);
-		
-		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
-		if (!ParamValidatorUtils.isValidSessionID(sessionID))
-		    throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
-		
-		setNoCachingHeadersInHttpRespone(req, resp);
-
-    
-	    //TODO: Load MOASession
-    	AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);  
+	SSOManager ssomanager = SSOManager.getInstance();
+	
+	//get SSO token from request
+	String ssoid = ssomanager.getSSOSessionID(req);
 	
-	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-	    
-	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));    
-	    // STORK or normal authentication
-	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
-	    	//STORK authentication
-	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
-	    	Logger.debug("Starting STORK authentication");
-	    	
-	    	//TODO: insert sessionID to STORK!!
-	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession);							
-	    	
-	    } else {
-	    	//normal MOA-ID authentication
-	    	Logger.debug("Starting normal MOA-ID authentication");
-		    			    	    	
-	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());	   
-
-			resp.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(resp.getOutputStream());
-			out.print(getIdentityLinkForm);
-			out.flush();
-	    }
-		Logger.debug("Finished GET StartAuthentication");
+	if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+		//TODO: Single LogOut Implementation
 		
+		//delete SSO session and MOA session
+		AuthenticationManager authmanager = AuthenticationManager.getInstance();
+		authmanager.logout(req, resp);
+		Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+	} else {
+		Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
 	}
 	
-    catch (WrongParametersException ex) {
-      handleWrongParameters(ex, req, resp);
-    }
-    
-	catch (MOAIDException ex) {
-		handleError(null, ex, req, resp);
-			
-	} catch (MOADatabaseException e) {
-		handleError(null, e, req, resp);
-	}
+	//Remove SSO token
+	ssomanager.deleteSSOSessionID(req, resp);
+	
+	//invalidate Session
+	req.getSession().invalidate();
+	
+	//Redirect to Application
+    resp.setStatus(301);
+    resp.addHeader("Location", redirectUrl);
   }
 
 
-  /**
-   * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-   */
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
     
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e77dd30d0..115c52688 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator {
   /** Xpath expression to the dsig:Signature element */
   private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
   
+  private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
      
  /** Singleton instance. <code>null</code>, if none has been created. */
   private static CreateXMLSignatureResponseValidator instance;
@@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator {
       throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
     }
   }
+  
+  public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+	
+	  //TODO: insert Time validation!!!!
+	  
+  }
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..892607c16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
 import java.util.List;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
       
     }
   }
-
+  
   /**
    * Method validateCertificate.
    * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-07-12 11:06:06 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-07-12 11:06:06 +0200
commit	31ab8aace485fb61f7c872ebaa143299c6e5dcf1 (patch)
tree	41da03bf1ce918919fb73da1cecbe3baac7c9594 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth
parent	4fd52221a71a7f9f7683c34cc573aa44b9adcc1c (diff)
download	moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.gz moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.bz2 moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.zip