aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-06-11 13:18:08 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-06-11 13:18:08 +0200
commitf9e919720beb463aad4483f1779be12d990f6951 (patch)
tree7b8c8735844fdedbab1f5670194e65e2e65936fc /id/server/idserverlib/src/main/java/at/gv/egovernment
parent1c0d27a1d5da91019ed2f51d4184282ea7ffe4f0 (diff)
downloadmoa-id-spss-f9e919720beb463aad4483f1779be12d990f6951.tar.gz
moa-id-spss-f9e919720beb463aad4483f1779be12d990f6951.tar.bz2
moa-id-spss-f9e919720beb463aad4483f1779be12d990f6951.zip
Assertion Database updated
- update get with correct class type - create clean method with timeout Remove unused code for SAML1 Assertion generation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java110
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java164
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java155
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java33
7 files changed, 50 insertions, 417 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index afd25dcad..9ffd72cda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -114,6 +114,7 @@ import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -152,8 +153,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
private static AuthenticationServer instance;
/** session data store (session ID -> AuthenticationSession) */
private static Map sessionStore = new HashMap();
- /** authentication data store (assertion handle -> AuthenticationData) */
- private static Map authenticationDataStore = new HashMap();
+
/**
* time out in milliseconds used by {@link cleanup} for session store
*/
@@ -2372,7 +2372,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException
* while building the <code>&lt;saml:Assertion&gt;</code>
*/
- private AuthenticationData buildAuthenticationData(
+ protected static AuthenticationData buildAuthenticationData(
AuthenticationSession session,
VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
throws ConfigurationException, BuildException {
@@ -2486,92 +2486,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
/**
- * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
- * The <code>AuthenticationData</code> is deleted from the store upon end of
- * this call.
- *
- * @return <code>AuthenticationData</code>
- */
- public AuthenticationData getAuthenticationData(String samlArtifact)
- throws AuthenticationException {
- String assertionHandle;
- try {
- assertionHandle = new SAMLArtifactParser(samlArtifact)
- .parseAssertionHandle();
- } catch (ParseException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- AuthenticationData authData = null;
- synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
- authData = (AuthenticationData) authenticationDataStore
- .get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: "
- + samlArtifact);
- throw new AuthenticationException("1206",
- new Object[] { samlArtifact });
- }
- boolean keepAssertion = false;
- try {
- String boolStr = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.KeepAssertion");
- if (null != boolStr && boolStr.equalsIgnoreCase("true"))
- keepAssertion = true;// Only allowed for debug purposes!!!
- } catch (ConfigurationException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- if (!keepAssertion) {
- authenticationDataStore.remove(assertionHandle);
- }
- }
- long now = new Date().getTime();
- if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207",
- new Object[] { samlArtifact });
- Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
- return authData;
- }
-
- /**
- * Stores authentication data indexed by the assertion handle contained in
- * the given saml artifact.
- *
- * @param samlArtifact
- * SAML artifact
- * @param authData
- * authentication data
- * @throws AuthenticationException
- * when SAML artifact is invalid
- */
- private void storeAuthenticationData(String samlArtifact,
- AuthenticationData authData) throws AuthenticationException {
-
- try {
- SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
- // check type code 0x0001
- byte[] typeCode = parser.parseTypeCode();
- if (typeCode[0] != 0 || typeCode[1] != 1)
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
- Logger.debug("Assertion stored for SAML Artifact: "
- + samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
- }
- } catch (AuthenticationException ex) {
- throw ex;
- } catch (Throwable ex) {
- throw new AuthenticationException("auth.06",
- new Object[] { samlArtifact });
- }
- }
-
- /**
* Creates a new session and puts it into the session store.
*
* @param id
@@ -2637,20 +2551,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
}
- synchronized (authenticationDataStore) {
- Set keys = new HashSet(authenticationDataStore.keySet());
- for (Iterator iter = keys.iterator(); iter.hasNext();) {
- String samlAssertionHandle = (String) iter.next();
- AuthenticationData authData = (AuthenticationData) authenticationDataStore
- .get(samlAssertionHandle);
- if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
- Logger.info(MOAIDMessageProvider.getInstance().getMessage(
- "cleaner.03",
- new Object[] { authData.getAssertionID() }));
- authenticationDataStore.remove(samlAssertionHandle);
- }
- }
- }
+
+ //clean AssertionStore
+ AssertionStorage assertionstore = AssertionStorage.getInstance();
+ assertionstore.clean(now, authDataTimeOut);
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
deleted file mode 100644
index b5c72ef9f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.util.Calendar;
-
-import org.apache.axis.AxisFault;
-import org.w3c.dom.Element;
-
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * Web service for picking up authentication data created in the MOA-ID Auth component.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
- */
-public class GetAuthenticationDataService implements Constants {
-
- /**
- * Constructor for GetAuthenticationDataService.
- */
- public GetAuthenticationDataService() {
- super();
- }
-
- /**
- * Takes a <code>lt;samlp:Request&gt;</code> containing a
- * <code>SAML artifact</code> and returns the corresponding
- * authentication data <code>lt;saml:Assertion&gt;</code>
- * (obtained from the <code>AuthenticationServer</code>),
- * enclosed in a <code>lt;samlp:Response&gt;</code>.
- * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
- * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
- * The status codes are defined in the SAML specification.
- *
- * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
- * only 1 request element is allowed
- * @return response element of type <code>lt;samlp:Response&gt;</code>,
- * packed into an <code>Element[]</code>
- * @throws AxisFault thrown when an error occurs in assembling the
- * <code>lt;samlp:Response&gt;</code>
- */
- public Element[] Request(Element[] requests)
- throws AxisFault {
-
- Element request = requests[0];
- Element[] responses = new Element[1];
- String requestID = "";
- String statusCode = "";
- String subStatusCode = null;
- String statusMessageCode = null;
- String statusMessage = null;
- String samlAssertion = "";
- boolean useUTC = false;
- if (requests.length > 1) {
- // more than 1 request given as parameter
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1201";
- }
- else {
- try {
- DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
- NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
- if (samlArtifactList.getLength() == 0) {
- // no SAML artifact given in request
- statusCode = "samlp:Requester";
- statusMessageCode = "1202";
- }
- else if (samlArtifactList.getLength() > 1) {
- // too many SAML artifacts given in request
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:TooManyResponses";
- statusMessageCode = "1203";
- }
- else {
- Element samlArtifactElem = (Element)samlArtifactList.item(0);
- requestID = request.getAttribute("RequestID");
- String samlArtifact = DOMUtils.getText(samlArtifactElem);
- try {
-
- AuthenticationData authData = AuthenticationServer.getInstance().
- getAuthenticationData(samlArtifact);
-
- useUTC = authData.getUseUTC();
- // success
- samlAssertion = authData.getSamlAssertion();
- statusCode = "samlp:Success";
- statusMessageCode = "1200";
- }
- catch (AuthenticationException ex) {
- // no authentication data for given SAML artifact
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:ResourceNotRecognized";
- statusMessage = ex.toString();
- }
- }
- }
- catch (Throwable t) {
- // invalid request format
- statusCode = "samlp:Requester";
- statusMessageCode = "1204";
- }
- }
- try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
- if (statusMessage == null)
- statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
- responses[0] = new SAMLResponseBuilder().build(
- responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
-
- }
- catch (MOAIDException e) {
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- catch (Throwable t) {
- MOAIDException e = new MOAIDException("1299", null, t);
- AxisFault fault = AxisFault.makeFault(e);
- fault.setFaultDetail(new Element[] { e.toErrorResponse()});
- throw fault;
- }
- return responses;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 5f59b6f9a..e15d8f908 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -117,6 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet {
String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
request.getOAURL();
+
// escape parameter strings
//TODO: use URLEncoder.encode!!
target = StringEscapeUtils.escapeHtml(target);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b21bfdacb..d1f44d55c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -285,7 +285,6 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} catch (MalformedURLException t) {
throw new ConfigurationException("config.03", null, t);
}
-
//Initial Hibernate Framework
//TODO: Full update to new MOA-ID configuration!!!
@@ -300,7 +299,6 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
fis = new FileInputStream(propertiesFile);
props.load(fis);
-
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
Configuration hibernateConfig = new Configuration();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index a61dc53be..2e2f75b94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -44,7 +44,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
public SAMLArtifactMapEntry get(String artifact) {
try {
- return (SAMLArtifactMapEntry) assertions.get(artifact);
+ return assertions.get(artifact, SAMLArtifactMapEntry.class);
} catch (MOADatabaseException e) {
// TODO Insert Error Handling, if Assertion could not be read
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index d22993030..9f47123ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -1,25 +1,16 @@
package at.gv.egovernment.moa.id.protocols.saml1;
-import iaik.x509.X509Certificate;
-
import java.io.File;
import java.io.IOException;
-import java.util.Calendar;
import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -28,144 +19,21 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.StringUtils;
public class SAML1AuthenticationServer extends AuthenticationServer {
-
- // TODO: for clustering we have to replicate this data to other servers
- // We might need to introduce a openEJB to accomplish this
- /** authentication data store (assertion handle -> AuthenticationData) */
- @SuppressWarnings("rawtypes")
-
//private static Map authenticationDataStore = new HashMap();
private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
+ //TODO: make this time configurable
/**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
*/
private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
-
- private static AuthenticationData buildAuthenticationData(
- AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
- throws ConfigurationException, BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- AuthenticationData authData = new AuthenticationData();
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- boolean businessService = oaParam.getBusinessService();
- authData.setMajorVersion(1);
- authData.setMinorVersion(0);
- authData.setAssertionID(Random.nextRandom());
- authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
- .getInstance(), useUTC));
- authData.setIdentificationType(identityLink.getIdentificationType());
- authData.setGivenName(identityLink.getGivenName());
- authData.setFamilyName(identityLink.getFamilyName());
- authData.setDateOfBirth(identityLink.getDateOfBirth());
- authData.setQualifiedCertificate(verifyXMLSigResp
- .isQualifiedCertificate());
- authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
- authData.setPublicAuthorityCode(verifyXMLSigResp
- .getPublicAuthorityCode());
- authData.setBkuURL(session.getBkuURL());
- authData.setUseUTC(oaParam.getUseUTC());
- boolean provideStammzahl = oaParam.getProvideStammzahl();
- if (provideStammzahl) {
- authData.setIdentificationValue(identityLink
- .getIdentificationValue());
- }
- String prPerson = new PersonDataBuilder().build(identityLink,
- provideStammzahl);
-
- try {
- String signerCertificateBase64 = "";
- if (oaParam.getProvideCertifcate()) {
- X509Certificate signerCertificate = verifyXMLSigResp
- .getX509certificate();
- if (signerCertificate != null) {
- signerCertificateBase64 = Base64Utils
- .encode(signerCertificate.getEncoded());
- } else {
- Logger
- .info("\"provideCertificate\" is \"true\", but no signer certificate available");
- }
- }
- authData.setSignerCertificate(signerCertificateBase64);
- if(!isForeigner) {
- //we have Austrian citizen
- if (businessService) {
- authData.setWBPK(identityLink.getIdentificationValue());
- } else {
- authData.setBPK(identityLink.getIdentificationValue());
-
- // BZ.., calculation of bPK already before sending AUTHBlock
- /*
- * if(identityLink.getIdentificationType().equals(Constants.
- * URN_PREFIX_BASEID)) { // only compute bPK if online
- * application is a public service and we have the Stammzahl
- * String bpkBase64 = new BPKBuilder().buildBPK(
- * identityLink.getIdentificationValue(), session.getTarget());
- * authData.setBPK(bpkBase64); }
- */
-
- }
- } else {
- //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
- if (businessService) {
- //since we have foreigner, wbPK is not calculated in BKU
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
- authData.setWBPK(wbpkBase64);
- }
-
- } else {
-
- if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we have the Stammzahl
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
- authData.setBPK(bpkBase64);
- }
-
-
- }
-
- }
- String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
- .getSerializedSamlAssertion()
- : "";
- if (!oaParam.getProvideStammzahl()) {
- ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
- .getIdentificationValue(), "");
- }
- String authBlock = oaParam.getProvideAuthBlock() ? session
- .getAuthBlock() : "";
-
- session.setAssertionAuthBlock(authBlock);
- session.setAssertionAuthData(authData);
- session.setAssertionBusinessService(businessService);
- session.setAssertionIlAssertion(ilAssertion);
- session.setAssertionPrPerson(prPerson);
- session.setAssertionSignerCertificateBase64(signerCertificateBase64);
-
- return authData;
-
- } catch (Throwable ex) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", ex.toString() }, ex);
- }
- }
-
+
/**
* Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
* The <code>AuthenticationData</code> is deleted from the store upon end of
@@ -175,10 +43,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
*/
public static AuthenticationData getSaml1AuthenticationData(String samlArtifact)
throws AuthenticationException {
- String assertionHandle;
try {
- assertionHandle = new SAMLArtifactParser(samlArtifact)
- .parseAssertionHandle();
+ new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
} catch (ParseException ex) {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
@@ -188,15 +54,15 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// System.out.println("assertionHandle: " + assertionHandle);
try {
- authData = (AuthenticationData) authenticationDataStore
- .get(assertionHandle);
+ authData = authenticationDataStore
+ .get(samlArtifact, AuthenticationData.class);
} catch (MOADatabaseException e) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
-
+ }
}
+
boolean keepAssertion = false;
try {
String boolStr = AuthConfigurationProvider.getInstance()
@@ -210,7 +76,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
if (!keepAssertion) {
- authenticationDataStore.remove(assertionHandle);
+ authenticationDataStore.remove(samlArtifact);
}
long now = new Date().getTime();
@@ -283,7 +149,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* @throws AuthenticationException
* when SAML artifact is invalid
*/
- @SuppressWarnings("unchecked")
private static void storeAuthenticationData(String samlArtifact,
AuthenticationData authData) throws AuthenticationException {
@@ -294,12 +159,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
if (typeCode[0] != 0 || typeCode[1] != 1)
throw new AuthenticationException("auth.06",
new Object[] { samlArtifact });
- String assertionHandle = parser.parseAssertionHandle();
+ parser.parseAssertionHandle();
synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
- authenticationDataStore.put(assertionHandle, authData);
+ authenticationDataStore.put(samlArtifact, authData);
}
} catch (AuthenticationException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index 93cd43651..6692f61c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -62,7 +62,7 @@ public class AssertionStorage {
}
- public Object get(String artifact) throws MOADatabaseException {
+ public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException {
AssertionStore element = searchInDatabase(artifact);
@@ -71,7 +71,8 @@ public class AssertionStorage {
//check if assertion has the correct class type
try {
- Object test = Class.forName(element.getType()).cast(data);
+ @SuppressWarnings("unchecked")
+ T test = (T) Class.forName(element.getType()).cast(data);
return test;
} catch (Exception e) {
@@ -80,6 +81,31 @@ public class AssertionStorage {
}
}
+ public void clean(long now, long authDataTimeOut) {
+ Date expioredate = new Date(now - authDataTimeOut);
+
+ Session session = HibernateUtil.getCurrentSession();
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ List<AssertionStore> results = query.list();
+ session.getTransaction().commit();
+
+ if (results.size() != 0) {
+ for(AssertionStore result : results) {
+ try {
+ HibernateUtil.delete(result);
+ Logger.info("Remove Assertion with Artifact=" + result.getArtifact()
+ + " after assertion timeout.");
+
+ } catch (HibernateException e){
+ Logger.warn("Assertion with Artifact=" + result.getArtifact()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+
+ }
+ }
+ }
public void remove(String artifact) {
@@ -106,6 +132,9 @@ public class AssertionStorage {
query.setString("artifact", artifact);
List result = query.list();
+ //send transaction
+ session.getTransaction().commit();
+
Logger.trace("Found entries: " + result.size());
//Assertion requires an unique artifact