aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-06-07 11:46:00 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-06-07 11:46:00 +0200
commit261294df86c33105eb2113808fc6f171e9250ac7 (patch)
tree169e5f0c57145d4caddd5f4eda856584493cd740 /id/server/idserverlib/src/main/java
parentbdc7311ce86c6d39c3ff96b38c33b36ee6a28d1d (diff)
downloadmoa-id-spss-261294df86c33105eb2113808fc6f171e9250ac7.tar.gz
moa-id-spss-261294df86c33105eb2113808fc6f171e9250ac7.tar.bz2
moa-id-spss-261294df86c33105eb2113808fc6f171e9250ac7.zip
Generic Artifact/Assertion management by using Hibernate for SAML1 and PVP2
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java119
5 files changed, 227 insertions, 30 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b86b2ec68..b21bfdacb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -27,16 +27,23 @@ package at.gv.egovernment.moa.id.config.auth;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.util.List;
+import java.util.Properties;
+import org.hibernate.cfg.Configuration;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import test.tlenz.simpletest;
+
import eu.stork.vidp.messages.common.STORKBootstrap;
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -45,6 +52,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -278,11 +286,48 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
throw new ConfigurationException("config.03", null, t);
}
+
+ //Initial Hibernate Framework
+ //TODO: Full update to new MOA-ID configuration!!!
+ Logger.trace("Initializing Hibernate framework.");
+
+ String propertiesFileLocation = System.getProperty("moa.id.config");
+ MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
+ File propertiesFile = new File(propertiesFileLocation);
+ FileInputStream fis;
+ Properties props = new Properties();
+ try {
+ fis = new FileInputStream(propertiesFile);
+ props.load(fis);
+
+
+ // initialize hibernate
+ synchronized (AuthConfigurationProvider.class) {
+ Configuration hibernateConfig = new Configuration();
+ hibernateConfig.addAnnotatedClass(AssertionStore.class);
+ hibernateConfig.addProperties(props);
+ HibernateUtil.initHibernate(hibernateConfig, props);
+ }
+ Logger.trace("Hibernate initialization finished.");
+
+ } catch (FileNotFoundException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (IOException e) {
+ throw new ConfigurationException("config.03", null, e);
+
+ } catch (ExceptionInInitializerError e) {
+ throw new ConfigurationException("config.17", null, e);
+ }
+
+
//Initialize OpenSAML for STORK
Logger.trace("Starting initialization of OpenSAML...");
STORKBootstrap.bootstrap();
Logger.debug("OpenSAML successfully initialized");
+
+
// build the internal datastructures
builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 79f3b4e30..c1de93fae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -24,6 +24,7 @@
package at.gv.egovernment.moa.id.data;
+import java.io.Serializable;
import java.util.Date;
/**
@@ -33,8 +34,12 @@ import java.util.Date;
* @version $Id$
*/
-public class AuthenticationData {
+public class AuthenticationData implements Serializable {
/**
+ *
+ */
+ private static final long serialVersionUID = -1042697056735596866L;
+/**
* major version number of the SAML assertion
*/
private int majorVersion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index c188914df..a61dc53be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -1,13 +1,12 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.util.HashMap;
-import java.util.Map;
-
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.xml.io.MarshallingException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
public class PVPAssertionStorage implements SAMLArtifactMap {
@@ -20,7 +19,8 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
return instance;
}
- private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+ //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+ private AssertionStorage assertions = AssertionStorage.getInstance();
public boolean contains(String artifact) {
return assertions.containsKey(artifact);
@@ -33,11 +33,24 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
issuerId,
samlMessage);
- assertions.put(artifact, assertion);
+ try {
+ assertions.put(artifact, assertion);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be stored
+ throw new MarshallingException("Assertion are not stored in Database.",e);
+ }
}
public SAMLArtifactMapEntry get(String artifact) {
- return assertions.get(artifact);
+ try {
+ return (SAMLArtifactMapEntry) assertions.get(artifact);
+
+ } catch (MOADatabaseException e) {
+ // TODO Insert Error Handling, if Assertion could not be read
+ e.printStackTrace();
+ return null;
+ }
}
public void remove(String artifact) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 4399c556b..d22993030 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -22,10 +22,12 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -39,7 +41,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
// We might need to introduce a openEJB to accomplish this
/** authentication data store (assertion handle -> AuthenticationData) */
@SuppressWarnings("rawtypes")
- private static Map authenticationDataStore = new HashMap();
+
+
+ //private static Map authenticationDataStore = new HashMap();
+ private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
+
/**
* time out in milliseconds used by {@link cleanup} for authentication data
@@ -180,34 +186,40 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
AuthenticationData authData = null;
synchronized (authenticationDataStore) {
// System.out.println("assertionHandle: " + assertionHandle);
- authData = (AuthenticationData) authenticationDataStore
- .get(assertionHandle);
- if (authData == null) {
- Logger.error("Assertion not found for SAML Artifact: "
- + samlArtifact);
- throw new AuthenticationException("1206",
- new Object[] { samlArtifact });
- }
- boolean keepAssertion = false;
+
try {
- String boolStr = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.KeepAssertion");
- if (null != boolStr && boolStr.equalsIgnoreCase("true"))
- keepAssertion = true;// Only allowed for debug purposes!!!
- } catch (ConfigurationException ex) {
- throw new AuthenticationException("1205", new Object[] {
- samlArtifact, ex.toString() });
- }
- if (!keepAssertion) {
- authenticationDataStore.remove(assertionHandle);
+ authData = (AuthenticationData) authenticationDataStore
+ .get(assertionHandle);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
+
}
+ boolean keepAssertion = false;
+ try {
+ String boolStr = AuthConfigurationProvider.getInstance()
+ .getGenericConfigurationParameter(
+ "AuthenticationServer.KeepAssertion");
+ if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+ keepAssertion = true;// Only allowed for debug purposes!!!
+
+ } catch (ConfigurationException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ if (!keepAssertion) {
+ authenticationDataStore.remove(assertionHandle);
+ }
+
long now = new Date().getTime();
+
if (now - authData.getTimestamp().getTime() > authDataTimeOut)
- throw new AuthenticationException("1207",
- new Object[] { samlArtifact });
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
+
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+
return authData;
}
@@ -283,13 +295,16 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("auth.06",
new Object[] { samlArtifact });
String assertionHandle = parser.parseAssertionHandle();
+
synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
authenticationDataStore.put(assertionHandle, authData);
}
+
} catch (AuthenticationException ex) {
throw ex;
+
} catch (Throwable ex) {
throw new AuthenticationException("auth.06",
new Object[] { samlArtifact });
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
new file mode 100644
index 000000000..93cd43651
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionStorage {
+
+ private static AssertionStorage instance = null;
+
+ public static AssertionStorage getInstance() {
+ if(instance == null) {
+ instance = new AssertionStorage();
+ }
+ return instance;
+ }
+
+ public boolean containsKey(String artifact) {
+ try {
+ searchInDatabase(artifact);
+ return true;
+
+ } catch (MOADatabaseException e) {
+ return false;
+ }
+
+ }
+
+ public void put(String artifact, Object assertion) throws MOADatabaseException {
+ //setup AssertionStore element
+ AssertionStore element = new AssertionStore();
+ element.setArtifact(artifact);
+ element.setType(assertion.getClass().getName());
+ element.setDatatime(new Date());
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) assertion);
+ element.setAssertion(data);
+
+ //store AssertionStore element to Database
+ try {
+ HibernateUtil.saveOrUpdate(element);
+ Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Assertion could not be stored.");
+ throw new MOADatabaseException(e);
+ }
+
+ }
+
+ public Object get(String artifact) throws MOADatabaseException {
+
+ AssertionStore element = searchInDatabase(artifact);
+
+ //Deserialize Assertion
+ Object data = SerializationUtils.deserialize(element.getAssertion());
+
+ //check if assertion has the correct class type
+ try {
+ Object test = Class.forName(element.getType()).cast(data);
+ return test;
+
+ } catch (Exception e) {
+ Log.warn("Assertion Cast-Exception by using Artifact=" + artifact);
+ throw new MOADatabaseException("Assertion Cast-Exception");
+ }
+ }
+
+
+ public void remove(String artifact) {
+
+ try {
+ AssertionStore element = searchInDatabase(artifact);
+ HibernateUtil.delete(element);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
+ + "not found)");
+
+ } catch (HibernateException e) {
+ Logger.warn("Assertion not removed! (Error during Database communication)", e);
+ }
+ }
+
+ @SuppressWarnings("rawtypes")
+ private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+ MiscUtil.assertNotNull(artifact, "artifact");
+ Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
+ Session session = HibernateUtil.getCurrentSession();
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithArtifact");
+ query.setString("artifact", artifact);
+ List result = query.list();
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No Assertion found with this Artifact");
+ }
+
+ return (AssertionStore) result.get(0);
+ }
+}