add some more escaptions

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-27 15:33:37 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-11-27 15:33:37 +0100
commit: e392f06a8e1920e4404f11f74c8f51795ad590a6 (patch)
tree: 74d06da7d89582d1448cbb0a3c0c8d1858318b06 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage
parent: 813e08137530dba321db7807bd1bb5a53af80541 (diff)
download: moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.gz
moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.bz2
moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.zip
2 files changed, 88 insertions, 28 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index f17e4a99a..2395b913d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -38,8 +38,11 @@ import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -106,18 +109,36 @@ public class DBTransactionStorage implements ITransactionStorage {
 			
 		}	
 	}
-	
-	public Object getAssertionStore(String key) throws MOADatabaseException{
-		return searchInDatabase(key);
-	}
-	
+		
 	public Object get(String key) throws MOADatabaseException {
 		  AssertionStore element = searchInDatabase(key);
 		  
 		  if (element == null)
 			  return null;
+		  		  
+		  Object data = SerializationUtils.deserialize(element.getAssertion());
 		  
-		  return SerializationUtils.deserialize(element.getAssertion());
+		//decrypt data if required
+		  Object resultData = null;
+		  if (data instanceof EncryptedData) {
+			  Logger.trace("Find encrypted data. --> Starting decryption process ...");
+			  try {
+				byte[] decData = decryptData((EncryptedData)data);
+				resultData = SerializationUtils.deserialize(decData);
+				
+			  } catch (BuildException e) {
+				  Logger.warn("Transaction information decryption FAILED.", e);
+				  throw new MOADatabaseException("Transaction information decryption FAILED.", e);
+				  
+			  }
+			  		  
+		  } else {
+			  Logger.trace("Find unencrypted data. --> Use it as is");
+			  resultData = data;
+			  
+		  }
+		  
+		  return resultData;
 		
 		
 	}
@@ -141,13 +162,34 @@ public class DBTransactionStorage implements ITransactionStorage {
 	  }
 	  
 	  
-	  //Deserialize Assertion
+	  //Deserialize Assertion	  
 	  Object data = SerializationUtils.deserialize(element.getAssertion());
 	  
+	  //decrypt data if required
+	  Object resultData = null;
+	  if (data instanceof EncryptedData) {
+		  Logger.trace("Find encrypted data. --> Starting decryption process ...");
+		  try {
+			byte[] decData = decryptData((EncryptedData)data);
+			resultData = SerializationUtils.deserialize(decData);
+			
+		  } catch (BuildException e) {
+			  Logger.warn("Transaction information decryption FAILED.", e);
+			  throw new MOADatabaseException("Transaction information decryption FAILED.", e);
+			  
+		  }
+		  		  
+	  } else {
+		  Logger.trace("Find unencrypted data. --> Use it as is");
+		  resultData = data;
+		  
+	  }
+		  
+	  
 	  //check if assertion has the correct class type 
 	  try {
 		  @SuppressWarnings("unchecked")
-		T test = (T) Class.forName(element.getType()).cast(data);
+		T test = (T) Class.forName(element.getType()).cast(resultData);
 		return test;
 		
 	  } catch (Exception e) {
@@ -198,6 +240,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
+	public Object getAssertionStore(String key) throws MOADatabaseException{
+		return searchInDatabase(key);
+		
+	}
+	
+	@Override
+	public void putAssertionStore(Object element) throws MOADatabaseException{
+		entityManager.merge(element);
+		
+	}
+	
 	private void cleanDelete(AssertionStore element) {
 	
 			
@@ -245,30 +298,33 @@ public class DBTransactionStorage implements ITransactionStorage {
 			throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null);
 			
 		}	
-		
-		//serialize the Assertion for Database storage
-		byte[] data = SerializationUtils.serialize((Serializable) value);
-		element.setAssertion(data);
-		
-		//store AssertionStore element to Database
-		//try {
+	
+		try {
+			//serialize the Assertion for Database storage
+			byte[] data = SerializationUtils.serialize((Serializable) value);
+			element.setAssertion(encryptData(data));
+
+			//store AssertionStore element to Database
 			entityManager.persist(element);
-			//MOASessionDBUtils.saveOrUpdate(element);
-			Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
-//			
-//		} catch (MOADatabaseException e) {
-//			Logger.warn("Sessioninformation could not be stored.");
-//			throw new MOADatabaseException(e);
-//			
-//		}
+			Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");			
+			
+		} catch (BuildException e) {
+			Logger.warn("Sessioninformation could not be stored.");
+			throw new MOADatabaseException(e);
+			
+		}
 		
 	}
+	
+	private static byte[] encryptData(byte[] data) throws BuildException {		
+		EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(data);
+		return SerializationUtils.serialize(encdata);
 
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException{
-		// TODO Auto-generated method stub
-		entityManager.merge(element);
-		
+	}
+	
+	private static byte[] decryptData(EncryptedData encdata) throws BuildException {
+		return SessionEncrytionUtil.getInstance().decrypt(encdata);
+						
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index 53a7f4f5e..51a36d426 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -114,6 +114,8 @@ public interface ITransactionStorage {
 	
 	/**
 	 * Get whole AssertionStoreObject, required for SLO
+	 * <br>
+	 * <b>IMPORTANT:</b> This method does NOT decrypt information before storage
 	 * 
 	 * @param key key Id which identifiers the data object
 	 * @return The transaction-data object, or null
@@ -123,6 +125,8 @@ public interface ITransactionStorage {
 	
 	/**
 	 * Put whole AssertionStoreObject to db, required for SLO
+ 	 * <br>
+	 * <b>IMPORTANT:</b> This method does NOT encrypt information before storage
 	 * 
 	 * @param element assertion store object
 	 */
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-27 15:33:37 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-11-27 15:33:37 +0100
commit	e392f06a8e1920e4404f11f74c8f51795ad590a6 (patch)
tree	74d06da7d89582d1448cbb0a3c0c8d1858318b06 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage
parent	813e08137530dba321db7807bd1bb5a53af80541 (diff)
download	moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.gz moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.tar.bz2 moa-id-spss-e392f06a8e1920e4404f11f74c8f51795ad590a6.zip