aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-05-16 09:29:09 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-05-16 09:29:09 +0200
commitc61850c5607d066a3c322794c1220f26b31103a0 (patch)
tree8e91dbb441f5af6879c4314b38159b7ed9b4add4 /id/server/idserverlib/src/main/java/at
parent44bce0049b598604cc1a30f419e936c6b5fc59cf (diff)
downloadmoa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.gz
moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.bz2
moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.zip
add initial version of Security-Layer 2.0 Authentication module
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java37
5 files changed, 71 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index c78361eda..583bb2ab4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -84,7 +84,9 @@ public class DataURLBuilder {
dataURL = authBaseURL + authServletName;
- dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
+ if (sessionID != null)
+ dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
+
return dataURL;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index f61b9a4da..50cafb4f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -134,7 +134,12 @@ public abstract class AbstractController extends MOAIDAuthConstants {
try {
//switch to protocol-finalize method to generate a protocol-specific error message
-
+
+ //log error directly in debug mode
+ if (Logger.isDebugEnabled())
+ Logger.warn(loggedException.getMessage(), loggedException);
+
+
//put exception into transaction store for redirect
String key = Random.nextLongRandom();
if (pendingReq != null) {
@@ -147,7 +152,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
new ExceptionContainer(null, loggedException),-1);
}
-
+
//build up redirect URL
String redirectURL = null;
redirectURL = ServletUtils.getBaseUrl(req);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 32f103ca7..18641c090 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -55,7 +55,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
// wake up next task
processEngine.signal(pendingReq);
- } catch (Exception ex) {
+ } catch (Exception ex) {
handleError(null, ex, req, resp, pendingReq);
} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7f183c5eb..a24683545 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class AuthenticationManager extends MOAIDAuthConstants {
private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
+ private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
+ /**
+ * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
+ *
+ * @param httpReqParam http header name, but never null
+ */
+ public void addHeaderNameToWhiteList(String httpReqParam) {
+ if (MiscUtil.isNotEmpty(httpReqParam))
+ reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+
+ }
/**
* Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
@@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
}
+ //add additional http request parameter to context
+ if (!reqHeaderWhiteListeForModules.isEmpty()) {
+ Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
+ while(reqHeaderNames.hasMoreElements()) {
+ String paramName = reqHeaderNames.nextElement();
+ if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
+ executionContext.put(paramName,
+ StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));
+ }
+ }
+ }
+
//start process engine
startProcessEngine(pendingReq, executionContext);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index cd700c74a..611dff3b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -89,6 +89,43 @@ public class SSLUtils {
}
+ public static SSLSocketFactory getSSLSocketFactory(
+ ConfigurationProvider conf, String url )
+ throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = "";
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ url,
+ null,
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+ null,
+ null,
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
+ }
+
+
/**
* Creates an <code>SSLSocketFactory</code> which utilizes an
* <code>IAIKX509TrustManager</code> for the given trust store,