diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 06:18:47 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 06:18:47 +0200 |
commit | 2a073c6727d704271e17d9b682be28410f23aae7 (patch) | |
tree | c5d126bc6c116527c3b0f59e4c9c6ebcd185a2a9 /id/server/idserverlib/src | |
parent | e441bcf4eb1a53e1bb17df34997f17206796af72 (diff) | |
download | moa-id-spss-2a073c6727d704271e17d9b682be28410f23aae7.tar.gz moa-id-spss-2a073c6727d704271e17d9b682be28410f23aae7.tar.bz2 moa-id-spss-2a073c6727d704271e17d9b682be28410f23aae7.zip |
more refactoring staff
Diffstat (limited to 'id/server/idserverlib/src')
36 files changed, 1524 insertions, 1847 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index b0c232ba2..e12b1372e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -46,20 +46,21 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -92,7 +93,9 @@ public class StatisticLogger implements IStatisticLogger{ private EntityManager entityManager; - public void testConnection() throws Exception { + @Override + //TODO: update tests!!!! + public void internalTesting() throws Exception { Date expioredate = new Date(new Date().getTime() - 120); Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp"); query.setParameter("timeout", expioredate); @@ -129,88 +132,92 @@ public class StatisticLogger implements IStatisticLogger{ Logger.warn("Can not extract some information for StatisticLogger.", e); } - dblog.setOatarget(authData.getBPKType()); - - - boolean isFederatedAuthentication = protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; - dblog.setInterfederatedSSOSession(isFederatedAuthentication); - - if (isFederatedAuthentication) { - dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); - dblog.setBkuurl(protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); - - } else { - dblog.setBkuurl(authData.getBkuURL()); - dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA)); - - } - dblog.setProtocoltype(protocolRequest.requestedModule()); dblog.setProtocolsubtype(protocolRequest.requestedAction()); dblog.setSsosession(isSSOSession); - //log MandateInforamtion - if (authData.isUseMandate()) { - dblog.setMandatelogin(authData.isUseMandate()); + if (authData instanceof IMOAAuthData) { + IMOAAuthData moaAuthData = (IMOAAuthData) authData; + dblog.setOatarget(moaAuthData.getBPKType()); + + boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; + dblog.setInterfederatedSSOSession(isFederatedAuthentication); - IMISMandate mandate = authData.getMISMandate(); - if (mandate != null) { + if (isFederatedAuthentication) { + dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); + dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); - if (MiscUtil.isNotEmpty(mandate.getProfRep())) { - dblog.setMandatetype(mandate.getProfRep()); - dblog.setPv(true); - dblog.setPvOID(mandate.getProfRep()); - - } else { - dblog.setPv(false); - } + } else { + dblog.setBkuurl(moaAuthData.getBkuURL()); + dblog.setBkutype(findBKUType(moaAuthData.getBkuURL(), dbOA)); - InputStream is = null; - try { - is = new ByteArrayInputStream(mandate.getMandate()); + } + + //log MandateInforamtion + if (moaAuthData.isUseMandate()) { + dblog.setMandatelogin(moaAuthData.isUseMandate()); + + IMISMandate mandate = moaAuthData.getMISMandate(); + if (mandate != null) { - JAXBContext jc = JAXBContext.newInstance(Mandate.class); - Unmarshaller u = jc.createUnmarshaller(); - Object mismandateobj = u.unmarshal(is); + if (MiscUtil.isNotEmpty(mandate.getProfRep())) { + dblog.setMandatetype(mandate.getProfRep()); + dblog.setPv(true); + dblog.setPvOID(mandate.getProfRep()); + + } else { + dblog.setPv(false); + } - if (mismandateobj != null && mismandateobj instanceof Mandate) { - Mandate mismandate = (Mandate) mismandateobj; + InputStream is = null; + try { + is = new ByteArrayInputStream(mandate.getMandate()); - if (MiscUtil.isEmpty(mandate.getProfRep())) - dblog.setMandatetype(mismandate.getAnnotation()); + JAXBContext jc = JAXBContext.newInstance(Mandate.class); + Unmarshaller u = jc.createUnmarshaller(); + Object mismandateobj = u.unmarshal(is); - Mandator mandator = mismandate.getMandator(); - CorporateBodyType corp = mandator.getCorporateBody(); - if (corp != null) { - dblog.setMandatortype(MANTATORTYPE_JUR); + if (mismandateobj != null && mismandateobj instanceof Mandate) { + Mandate mismandate = (Mandate) mismandateobj; + + if (MiscUtil.isEmpty(mandate.getProfRep())) + dblog.setMandatetype(mismandate.getAnnotation()); + + Mandator mandator = mismandate.getMandator(); + CorporateBodyType corp = mandator.getCorporateBody(); + if (corp != null) { + dblog.setMandatortype(MANTATORTYPE_JUR); + + } else { + dblog.setMandatortype(MANTATORTYPE_NAT); + } + } else { - dblog.setMandatortype(MANTATORTYPE_NAT); + Logger.warn("Advancted logging can not unmarshall MISMandate"); } - - - } else { - Logger.warn("Advancted logging can not unmarshall MISMandate"); - } - } catch (JAXBException e) { - Logger.warn("Advancted logging can not parse mandate.", e); - - } finally { - if (is!=null) { - try { - is.close(); - - } catch (IOException e) { - Logger.warn("Close InputStream failed." , e); - + } catch (JAXBException e) { + Logger.warn("Advancted logging can not parse mandate.", e); + + } finally { + if (is!=null) { + try { + is.close(); + + } catch (IOException e) { + Logger.warn("Close InputStream failed." , e); + + } } } - } - } - } - + } + } + + } else + Logger.info("'AuthData' is NOT of type 'IMOAAuthData'. StatisticLogger logs only basic infos"); + try { entityManager.persist(dblog); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 5f2dd6582..c684e1ac2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -18,8 +18,8 @@ import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index eaec781e3..de67e36ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -35,8 +35,8 @@ import org.springframework.web.context.support.GenericWebApplicationContext; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index fdf806f78..efe28c900 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -43,6 +43,7 @@ import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.w3c.dom.DOMException; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -50,7 +51,11 @@ import org.w3c.dom.NodeList; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -68,9 +73,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; @@ -89,6 +95,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; import at.gv.util.client.szr.SZRClient; import at.gv.util.config.EgovUtilPropertiesConfiguration; @@ -109,16 +116,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu @Autowired private SAMLVerificationEngineSP samlVerificationEngine; @Autowired(required=true) private MOAMetadataProvider metadataProvider; - - public IAuthData buildAuthenticationData(IRequest pendingReq, - IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration()); + @Override + public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + try { + return buildAuthenticationData(pendingReq, + new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()), + pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); + + } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) { + Logger.warn("Can not build authentication data from session information"); + throw new EAAFAuthenticationException("TODO", new Object[]{}, + "Can not build authentication data from session information", e); + } } - - public IAuthData buildAuthenticationData(IRequest pendingReq, + + private IAuthData buildAuthenticationData(IRequest pendingReq, IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { - AuthenticationData authdata = null; + MOAAuthenticationData authdata = null; //only needed for SAML1 legacy support try { @@ -135,19 +150,19 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA()); } - authdata = (AuthenticationData) saml1authdata; + authdata = (MOAAuthenticationData) saml1authdata; } else { - authdata = new AuthenticationData(); + authdata = new MOAAuthenticationData(); } } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { - authdata = new AuthenticationData(); + authdata = new MOAAuthenticationData(); } - OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule()); + OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getSPEntityId(), pendingReq.requestedModule()); //reuse authentication information in case of service-provider reauthentication if (activeOA != null) { authdata.setSessionIndex(activeOA.getAssertionSessionID()); @@ -254,7 +269,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu } } - private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, + private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { Collection<String> includedToGenericAuthData = null; @@ -267,7 +282,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu try { //#################################################### //set general authData info's - authData.setIssuer(protocolRequest.getAuthURL()); + authData.setAuthenticationIssuer(protocolRequest.getAuthURL()); authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction()); @@ -454,7 +469,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME); String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class); if (MiscUtil.isNotEmpty(pvpCCCAttr)) { - authData.setCcc(pvpCCCAttr); + authData.setCiticenCountryCode(pvpCCCAttr); Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME); } else { @@ -469,7 +484,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu for (Rdn rdn : ln.getRdns()) { if (rdn.getType().equalsIgnoreCase("C")) { Logger.info("C is: " + rdn.getValue()); - authData.setCcc(rdn.getValue().toString()); + authData.setCiticenCountryCode(rdn.getValue().toString()); break; } } @@ -487,7 +502,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu } } else { - authData.setCcc(COUNTRYCODE_AUSTRIA); + authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA); } } @@ -913,7 +928,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu * @throws ConfigurationException */ private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, - AuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException { + MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException { //set List of encrypted bPKs to authData DAO String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { @@ -1067,7 +1082,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu } - private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException { + private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException { if (oaParam.hasBaseIdTransferRestriction()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 7f47d3dfe..a43e6a7fb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -51,13 +51,13 @@ import java.util.Calendar; import java.util.List; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 94651915e..d23e32c81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -40,12 +40,15 @@ import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; +import java.util.HashMap; import java.util.List; import java.util.Map; import org.apache.commons.collections4.map.HashedMap; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; @@ -65,7 +68,7 @@ import iaik.x509.X509Certificate; * @author Thomas Lenz * */ -public class AuthenticationSession implements Serializable, IAuthenticationSession { +public class AuthenticationSession implements Serializable, IAuthenticationSession, AuthProzessDataConstants { /** * @@ -274,7 +277,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ @Override - public String getSessionID() { + public String getSSOSessionID() { return sessionID; } @@ -290,7 +293,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ @Override - public void setSessionID(String sessionId) { + public void setSSOSessionID(String sessionId) { this.sessionID = sessionId; } @@ -636,5 +639,34 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi Logger.trace("Add generic session-data with key:" + key + " to session."); genericSessionDataStorate.put(key, object); + } + + @Override + public Map<String, Object> getKeyValueRepresentationFromAuthSession() { + Map<String, Object> result = new HashMap<String, Object>(); + result.put(FLAG_IS_AUTHENTICATED, isAuthenticated()); + + result.put(FLAG_IS_FOREIGNER, isForeigner()); + result.put(FLAG_IS_ORGANWALTER, isOW()); + result.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); + result.put(FLAG_USE_MANDATE, isMandateUsed()); + + result.put(VALUE_AUTHBLOCK, getAuthBlock()); + result.put(VALUE_AUTNBLOCKTOKKEN, getAuthBlockTokken()); + result.put(VALUE_BKUURL, getBkuURL()); + result.put(VALUE_EXTENTEDSAMLATTRAUTH, getExtendedSAMLAttributesAUTH()); + result.put(VALUE_EXTENTEDSAMLATTROA, getExtendedSAMLAttributesOA()); + result.put(VALUE_IDENTITYLINK, getIdentityLink()); + result.put(VALUE_ISSUEINSTANT, getIssueInstant()); + result.put(VALUE_MISMANDATE, getMISMandate()); + result.put(VALUE_MISREFVALUE, getMandateReferenceValue()); + result.put(VALUE_MISSESSIONID, getMISSessionID()); + result.put(VALUE_QAALEVEL, getQAALevel()); + result.put(VALUE_SIGNER_CERT, getSignerCertificate()); + result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); + + result.putAll(genericSessionDataStorate); + + return Collections.unmodifiableMap(result); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java index 5419e8ae0..fb584047e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java @@ -25,11 +25,14 @@ package at.gv.egovernment.moa.id.auth.data; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -56,7 +59,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) { this.sessionData = genericDataStorage; } - + private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) { if (MiscUtil.isNotEmpty(key)) { Object obj = sessionData.get(key); @@ -151,8 +154,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ @Override - public String getSessionID() { - return wrapStringObject(VALUE_SESSIONID, null, String.class); + public String getSSOSessionID() { + return wrapStringObject(ISSOManager.AUTH_DATA_SSO_SESSIONID, null, String.class); } @@ -169,8 +172,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ @Override - public void setSessionID(String sessionId) { - sessionData.put(VALUE_SESSIONID, sessionId); + public void setSSOSessionID(String sessionId) { + sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId); } @@ -446,7 +449,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut */ @Override public Date getSessionCreated() { - return wrapStringObject(VALUE_CREATED, null, Date.class); + return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class); } /* (non-Javadoc) @@ -489,4 +492,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut } + @Override + public Map<String, Object> getKeyValueRepresentationFromAuthSession() { + return Collections.unmodifiableMap(sessionData); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java deleted file mode 100644 index ffbb6a19e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java +++ /dev/null @@ -1,59 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.exception; - -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; - -public class BKUException extends MOAIDException { - - private static final long serialVersionUID = -4646544256490397419L; - - private String bkuErrorCode; - private String bkuErrorMessage; - - public BKUException(String messageId, Object[] parameters, - String bkuErrorCode, String bkuErrorMessage) { - super(messageId, parameters); - - this.bkuErrorCode = bkuErrorCode; - this.bkuErrorMessage = bkuErrorMessage; - } - - - /** - * @return the bkuErrorCode - */ - public String getBkuErrorCode() { - return bkuErrorCode; - } - - - /** - * @return the bkuErrorMessage - */ - public String getBkuErrorMessage() { - return bkuErrorMessage; - } - - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java deleted file mode 100644 index ab3d2cae2..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java +++ /dev/null @@ -1,94 +0,0 @@ -/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class MISSimpleClientException extends MOAIDException {
-
- private static final long serialVersionUID = 1L;
-
- private String misErrorCode;
- private String misErrorMessage;
-
- public MISSimpleClientException() {
- super("UNDEFINED ERROR", null);
- }
-
- public MISSimpleClientException(String message) {
- super(message, null);
- }
-
- public MISSimpleClientException(String message, String code, String text) {
- super(message, new Object[] { code , text });
- this.misErrorMessage = text;
- this.misErrorCode = code;
- }
-
- public MISSimpleClientException(String message, Throwable cause) {
- super(message, null, cause);
- }
-
- public MISSimpleClientException(String message, Object[] params, Throwable cause) {
- super(message, params, cause);
- }
-
- /**
- * @return the bkuErrorCode
- */
- public String getMISErrorCode() {
- return misErrorCode;
- }
-
-
- /**
- * @return the bkuErrorMessage
- */
- public String getMISErrorMessage() {
- return misErrorMessage;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 841613cba..48d652671 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,9 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java index 86acc5fdd..b624e13ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 09d42e49f..0336cb370 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -30,10 +30,11 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -56,7 +57,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { while(reqParamNames.hasMoreElements()) { String paramName = reqParamNames.nextElement(); if (MiscUtil.isNotEmpty(paramName) && - !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) + !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName)) executionContext.put(paramName, StringEscapeUtils.escapeHtml(request.getParameter(paramName))); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 242b565ab..6e374995f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -29,6 +29,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -37,7 +38,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -82,7 +82,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); //load MOA SSO-session from database - AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier()); if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); @@ -92,14 +92,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); - - //Populate this pending request with SSO session information - pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession); - - + //user allow single sign-on authentication if (ssoConsents) { + //Populate this pending request with SSO session information + pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; + //authenticate pending-request pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java deleted file mode 100644 index 91c1f999c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.internal.tasks; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Component; - -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Component("FinalizeAuthenticationTask") -public class FinalizeAuthenticationTask extends AbstractAuthServletTask { - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - @Override - public void execute(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - - try { - defaultTaskInitialization(request, executionContext); - - //set MOASession to authenticated - moasession.setAuthenticated(true); - - //set pending request to authenticated - pendingReq.setAuthenticated(true); - requestStoreage.storePendingRequest(pendingReq); - - Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); - performRedirectToProtocolFinialization(pendingReq, response); - - } catch (MOAIDException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } catch (Exception e) { - Logger.warn("FinalizeAuthenticationTask has an internal error", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } finally { - executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - - } - - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index cbd8d2aa6..98e632bd8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -58,14 +58,13 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); //load Parameters from OnlineApplicationConfiguration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 1efd9cc13..3c364e924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -30,6 +30,7 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -37,8 +38,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -58,9 +57,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - //perform default task initialization - defaultTaskInitialization(request, executionContext); + try { //set authenticated flag to false, because user consents is required pendingReq.setAuthenticated(false); @@ -77,8 +74,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas guiBuilder.build(response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog - revisionsLogger.logEvent(pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class), - pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index 04d43d79b..8def0f860 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -30,14 +30,14 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -69,8 +69,8 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { // select and create new process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); if (processDefinitionId == null) { - Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID()); - throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() }); + Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId()); + throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() }); } String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec); @@ -84,7 +84,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { } catch (MOAIDException e) { Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() }); + throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 4e5ef7533..e0d65e103 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -31,6 +31,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -40,7 +41,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java deleted file mode 100644 index 3b12418fa..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ /dev/null @@ -1,87 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet that resumes a suspended process (in case of asynchronous tasks).
- *
- * @author tknall
- *
- */
-public abstract class AbstractProcessEngineSignalController extends AbstractController {
-
- @Autowired protected ProcessEngine processEngine;
-
- protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
- IRequest pendingReq = null;
- try {
- if (pendingRequestID == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
-
- }
-
- pendingReq = requestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- requestStorage.changePendingRequestID(pendingReq);
- pendingRequestID = pendingReq.getRequestID();
-
- // process instance is mandatory
- if (pendingReq.getProcessInstanceId() == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
-
- }
-
- // wake up next task
- processEngine.signal(pendingReq);
-
- } catch (Exception ex) {
- handleError(null, ex, req, resp, pendingReq);
-
- } finally {
- //MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeAllLoggingVariables();
-
- }
-
-
- }
-
- /**
- * Retrieves the current pending-request id from the HttpServletRequest parameter
- * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
- * <p/>
- * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
- * respective pending-request id.
- *
- * @param request
- * The unterlying HttpServletRequest.
- * @return The current pending-request id.
- */
- public String getPendingRequestId(HttpServletRequest request) {
- return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index cfeca88b7..18aa93cc9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -35,12 +35,12 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.logging.Logger; @@ -165,7 +165,7 @@ public class GUILayoutBuilderServlet extends AbstractController { private IRequest extractPendingRequest(HttpServletRequest req) { try { String pendingReqID = StringEscapeUtils.escapeHtml( - req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index dfa923558..87325989a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 9282db3b1..0e9db3964 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfi import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -53,7 +54,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index beacf1552..21d329145 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,12 +56,10 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -71,8 +69,8 @@ import at.gv.egovernment.moa.util.MiscUtil; public class LogOutServlet { private static final String REDIRECT_URL = "redirect"; - @Autowired(required=true) private SSOManager ssomanager; - @Autowired(required=true) private AuthenticationManager authmanager; + @Autowired(required=true) private ISSOManager ssomanager; + //@Autowired(required=true) private IAuthenticationManager authmanager; @Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired(required=true) private AuthConfiguration authConfig; @@ -83,10 +81,7 @@ public class LogOutServlet { String redirectUrl = (String) req.getParameter(REDIRECT_URL); - try { - //get SSO token from request - String ssoid = ssomanager.getSSOSessionID(req); - + try { if (MiscUtil.isEmpty(redirectUrl)) { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); @@ -103,23 +98,11 @@ public class LogOutServlet { } - if (ssomanager.isValidSSOSession(ssoid, null)) { - - //TODO: Single LogOut Implementation - - //delete SSO session and MOA session - AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid); - authmanager.performOnlyIDPLogOut(moasessionid); - - Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); - } else { + if (ssomanager.destroySSOSessionOnIDPOnly(req, resp)) + Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl); + else Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); - - } - - //Remove SSO token - ssomanager.deleteSSOSessionID(req, resp); - + } catch (Exception e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); return; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 979b8f4e4..ee69b082b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -33,7 +33,7 @@ import org.springframework.web.servlet.ModelAndView; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java index 6f3c02411..ee5cb2395 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java @@ -36,8 +36,8 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.mis.MandateIdentifiers; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 1abbeb789..db2499ad5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -1252,4 +1252,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } + + @Override + public String validateIDPURL(URL arg0) { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java deleted file mode 100644 index 4b29fef3b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ /dev/null @@ -1,820 +0,0 @@ -/** - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.io.Serializable; -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; -import java.util.Map; - -import org.apache.commons.collections4.map.HashedMap; -import org.w3c.dom.Element; - -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class AuthenticationData implements IAuthData, Serializable { - - private static final long serialVersionUID = -1042697056735596866L; - public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private Date issueInstant; - /** - * user identification value (Stammzahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * user identification type - */ - private String identificationType; - - /** - * user identityLink specialized to OAParamter - */ - private IIdentityLink identityLink; - - /** - * application specific user identifier (bPK/wbPK) - */ - private String bPK; - - /** - * application specific user identifier type - */ - private String bPKType; - - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private Date dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - - /** - * URL of the BKU - */ - private String bkuURL; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - - private boolean isBaseIDTransferRestrication = true; - - - /** - * STORK attributes from response - */ - private String ccc = null; - - private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); - - private byte[] signerCertificate = null; - - private String authBlock = null; - private List<String> encbPKList = null; - - //ISA 1.18 attributes - private List<AuthenticationRole> roles = null; - private String pvpAttribute_OU = null; - - private boolean useMandate = false; - private IMISMandate mandate = null; - private String mandateReferenceValue = null; - - private boolean foreigner =false; - private String QAALevel = null; - - private boolean ssoSession = false; - private Date ssoSessionValidTo = null; - -// private boolean interfederatedSSOSession = false; -// private String interfederatedIDP = null; - - private String sessionIndex = null; - private String nameID = null; - private String nameIDFormat = null; - - public AuthenticationData() { - issueInstant = new Date(); - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the bPK. - * @return String - */ - public String getBPK() { - return bPK; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityIdentification The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the bPK. - * @param bPK The bPK to set - */ - public void setBPK(String bPK) { - this.bPK = bPK; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public Date getDateOfBirth() { - return dateOfBirth; - } - - public String getFormatedDateOfBirth() { - DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - if (getDateOfBirth() != null) - return pvpDateFormat.format(getDateOfBirth()); - else - return "2999-12-31"; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Holds the baseID of a citizen - * - * @return baseID - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Holds the type of the baseID - * - * @return baseID-Type - */ - public String getIdentificationType() { - return identificationType; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstantString() { - return DateTimeUtils.buildDateTimeUTC(issueInstant); - - } - - /** - * Returns the issueInstant. - * @return String - */ - public Date getIssueInstant() { - return issueInstant; - - } - - public void setIssueInstant(Date date) { - this.issueInstant = date; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(Date dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - public void setDateOfBirth(String dateOfBirth) { - try { - if (MiscUtil.isNotEmpty(dateOfBirth)) { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); - } - - } catch (ParseException e) { - Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); - - } - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the identificationType. - * @param identificationType The identificationType to set - */ - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the bkuURL - * @param url The BKU URL to set - */ - public void setBkuURL(String url) { - this.bkuURL = url; - } - - public String getBPKType() { - return bPKType; - } - - public void setBPKType(String bPKType) { - this.bPKType = bPKType; - } - - /** - * @return the identityLink - */ - public IIdentityLink getIdentityLink() { - return identityLink; - } - - /** - * @param identityLink the identityLink to set - */ - public void setIdentityLink(IIdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * @return the signerCertificate - */ - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - - /** - * @return the authBlock - */ - public String getAuthBlock() { - return authBlock; - } - - - /** - * @param authBlock the authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - - /** - * @return the mandate - */ - public IMISMandate getMISMandate() { - return mandate; - } - - public Element getMandate() { - if (mandate == null) - return null; - - //parse Element from mandate XML - try { - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - } - catch (Throwable e) { - Logger.warn("Mandate content could not be generated from MISMandate."); - return null; - } - } - - - /** - * @param mandate the mandate to set - */ - public void setMISMandate(IMISMandate mandate) { - this.mandate = mandate; - } - - - /** - * @return the useMandate - */ - public boolean isUseMandate() { - return useMandate; - } - - - /** - * @param useMandate the useMandate to set - */ - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - - /** - * @return - */ - public String getQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("eIDAS QAA-level:" + this.QAALevel - + " can not be mapped to STORK QAA-level! Use " - + PVPConstants.STORK_QAA_1_1 + " as default value."); - return PVPConstants.STORK_QAA_1_1; - - } - - - } else - return this.QAALevel; - } - - - public String getEIDASQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("STORK QAA-level:" + this.QAALevel - + " can not be mapped to eIDAS QAA-level! Use " - + PVPConstants.EIDAS_QAA_LOW + " as default value."); - return PVPConstants.EIDAS_QAA_LOW; - - } - - - } else - return this.QAALevel; - - } - - - /** - * @return - */ - public boolean isForeigner() { - return this.foreigner; - } - - - /** - * @param foreigner the foreigner to set - */ - public void setForeigner(boolean foreigner) { - this.foreigner = foreigner; - } - - - /** - * Store QAA level in eIDAS format to authentication Data - * - * @param qAALevel the qAALevel to set - * @throws AssertionAttributeExtractorExeption - */ - public void setQAALevel(String qAALevel) { - QAALevel = qAALevel; - - } - - /** - * @return the ssoSession - */ - public boolean isSsoSession() { - return ssoSession; - } - - - /** - * @param ssoSession the ssoSession to set - */ - public void setSsoSession(boolean ssoSession) { - this.ssoSession = ssoSession; - } - - /** - * @return the mandateReferenceValue - */ - public String getMandateReferenceValue() { - return mandateReferenceValue; - } - - /** - * @param mandateReferenceValue the mandateReferenceValue to set - */ - public void setMandateReferenceValue(String mandateReferenceValue) { - this.mandateReferenceValue = mandateReferenceValue; - } - - /** - * CountryCode of the citizen which is identified and authenticated - * - * @return the CountryCode <pre>like. AT, SI, ...</pre> - */ - public String getCcc() { - return ccc; - } - - /** - * @param ccc the ccc to set - */ - public void setCcc(String ccc) { - this.ccc = ccc; - } - - /** - * @return the sessionIndex - */ - public String getSessionIndex() { - return sessionIndex; - } - - /** - * @param sessionIndex the sessionIndex to set - */ - public void setSessionIndex(String sessionIndex) { - this.sessionIndex = sessionIndex; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() - */ - @Override - public String getNameID() { - return this.nameID; - } - - /** - * @param nameID the nameID to set - */ - public void setNameID(String nameID) { - this.nameID = nameID; - } - - /** - * @return the nameIDFormat - */ - public String getNameIDFormat() { - return nameIDFormat; - } - - /** - * @param nameIDFormat the nameIDFormat to set - */ - public void setNameIDFormat(String nameIDFormat) { - this.nameIDFormat = nameIDFormat; - } - -// /** -// * @return the interfederatedSSOSession -// */ -// public boolean isInterfederatedSSOSession() { -// return interfederatedSSOSession; -// } -// -// /** -// * @param interfederatedSSOSession the interfederatedSSOSession to set -// */ -// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -// this.interfederatedSSOSession = interfederatedSSOSession; -// } -// -// /** -// * @return the interfederatedIDP -// */ -// public String getInterfederatedIDP() { -// return interfederatedIDP; -// } -// -// /** -// * @param interfederatedIDP the interfederatedIDP to set -// */ -// public void setInterfederatedIDP(String interfederatedIDP) { -// this.interfederatedIDP = interfederatedIDP; -// } - - /** - * @return the ssoSessionValidTo - */ - public Date getSsoSessionValidTo() { - return ssoSessionValidTo; - } - - /** - * @param ssoSessionValidTo the ssoSessionValidTo to set - */ - public void setSsoSessionValidTo(Date ssoSessionValidTo) { - this.ssoSessionValidTo = ssoSessionValidTo; - } - - /** - * @return the encbPKList - */ - public List<String> getEncbPKList() { - return encbPKList; - } - - /** - * @param encbPKList the encbPKList to set - */ - public void setEncbPKList(List<String> encbPKList) { - this.encbPKList = encbPKList; - } - - /** - * @return the roles - */ - public List<AuthenticationRole> getAuthenticationRoles() { -// if (this.roles == null) { -// this.roles = new ArrayList<AuthenticationRole>(); -// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -// } - - return roles; - } - - //ISA 1.18 attributes - /** - * @param roles the roles to set - */ - public void addAuthenticationRole(AuthenticationRole role) { - if (this.roles == null) - this.roles = new ArrayList<AuthenticationRole>(); - - this.roles.add(role); - } - - /** - * @return the pvpAttribute_OU - */ - public String getPvpAttribute_OU() { - return pvpAttribute_OU; - } - - /** - * @param pvpAttribute_OU the pvpAttribute_OU to set - */ - public void setPvpAttribute_OU(String pvpAttribute_OU) { - this.pvpAttribute_OU = pvpAttribute_OU; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() - */ - @Override - public boolean isBaseIDTransferRestrication() { - return isBaseIDTransferRestrication; - } - - /** - * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set - */ - public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { - this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; - } - - /** - * Returns a generic data-object with is stored with a specific identifier - * - * @param key The specific identifier of the data object - * @param clazz The class type which is stored with this key - * @return The data object or null if no data is found with this key - */ - public <T> T getGenericData(String key, final Class<T> clazz) { - if (MiscUtil.isNotEmpty(key)) { - Object data = genericDataStorate.get(key); - - if (data == null) - return null; - - try { - @SuppressWarnings("unchecked") - T test = (T) data; - return test; - - } catch (Exception e) { - Logger.warn("Generic authentication-data object can not be casted to requsted type", e); - return null; - - } - - } - - Logger.warn("Can not load generic session-data with key='null'"); - return null; - - } - - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage - */ - public void setGenericData(String key, Object object) throws SessionDataStorageException { - if (MiscUtil.isEmpty(key)) { - Logger.warn("Generic session-data can not be stored with a 'null' key"); - throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); - - } - - if (object != null) { - if (!Serializable.class.isInstance(object)) { - Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); - throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); - - } - } - - if (genericDataStorate.containsKey(key)) - Logger.debug("Overwrite generic data with key:" + key); - else - Logger.trace("Add generic data with key:" + key + " to session."); - - genericDataStorate.put(key, object); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java new file mode 100644 index 000000000..b8dccfa65 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java @@ -0,0 +1,40 @@ +package at.gv.egovernment.moa.id.data; + +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; + +public interface IMOAAuthData extends IAuthData{ + + @Deprecated + /** + * Return STORK QAA level + * + * @return + */ + String getQAALevel(); + + List<String> getEncbPKList(); + IIdentityLink getIdentityLink(); + byte[] getSignerCertificate(); + String getAuthBlock(); + boolean isPublicAuthority(); + String getPublicAuthorityCode(); + boolean isQualifiedCertificate(); + String getBkuURL(); + String getInterfederatedIDP(); + boolean isInterfederatedSSOSession(); + boolean isUseMandate(); + IMISMandate getMISMandate(); + Element getMandate(); + String getMandateReferenceValue(); + + //ISA 1.18 attributes + String getPvpAttribute_OU(); + List<AuthenticationRole> getAuthenticationRoles(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java new file mode 100644 index 000000000..0e8a988ce --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java @@ -0,0 +1,968 @@ +/** + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; + + + +/** + * @author tlenz + * + */ +public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable { + + private static final long serialVersionUID = 1L; + private IIdentityLink identityLink; + private boolean qualifiedCertificate; + private boolean publicAuthority; + private String publicAuthorityCode; + private String bkuURL; + private byte[] signerCertificate = null; + private String authBlock = null; + private String QAALevel = null; + private List<String> encbPKList; + + //ISA 1.18 attributes + private List<AuthenticationRole> roles = null; + private String pvpAttribute_OU = null; + + private boolean useMandate = false; + private IMISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean interfederatedSSOSession; + private String interfederatedIDP; + + + /** + * @return + */ + @Override + public String getQAALevel() { + if (this.QAALevel != null && + this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { + String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); + if (MiscUtil.isNotEmpty(mappedQAA)) + return mappedQAA; + + else { + Logger.error("eIDAS QAA-level:" + this.QAALevel + + " can not be mapped to STORK QAA-level! Use " + + PVPConstants.STORK_QAA_1_1 + " as default value."); + return PVPConstants.STORK_QAA_1_1; + + } + + + } else + return this.QAALevel; + + } + + @Override + public List<String> getEncbPKList() { + return this.encbPKList; + } + + + @Override + public IIdentityLink getIdentityLink() { + return identityLink; + } + + /** + * @param identityLink the identityLink to set + */ + public void setIdentityLink(IIdentityLink identityLink) { + this.identityLink = identityLink; + } + + @Override + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + @Override + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + @Override + public IMISMandate getMISMandate() { + return mandate; + } + + @Override + public Element getMandate() { + if (mandate == null) + return null; + + //parse Element from mandate XML + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + + /** + * @param mandate the mandate to set + */ + public void setMISMandate(IMISMandate mandate) { + this.mandate = mandate; + } + + + @Override + public boolean isUseMandate() { + return useMandate; + } + + + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } + + + @Override + public boolean isPublicAuthority() { + return publicAuthority; + } + + @Override + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + @Override + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + + @Override + public String getBkuURL() { + return bkuURL; + + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + @Override + public boolean isInterfederatedSSOSession() { + return this.interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + + @Override + public String getInterfederatedIDP() { + return this.interfederatedIDP; + } + + /** + * @param interfederatedIDP the interfederatedIDP to set + */ + public void setInterfederatedIDP(String interfederatedIDP) { + this.interfederatedIDP = interfederatedIDP; + } + + + @Override + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + + @Override + public List<AuthenticationRole> getAuthenticationRoles() { + return roles; + } + + //ISA 1.18 attributes + /** + * @param roles the roles to set + */ + public void addAuthenticationRole(AuthenticationRole role) { + if (this.roles == null) + this.roles = new ArrayList<AuthenticationRole>(); + + this.roles.add(role); + } + + @Override + public String getPvpAttribute_OU() { + return pvpAttribute_OU; + } + + /** + * @param pvpAttribute_OU the pvpAttribute_OU to set + */ + public void setPvpAttribute_OU(String pvpAttribute_OU) { + this.pvpAttribute_OU = pvpAttribute_OU; + } + + /** + * Store QAA level in eIDAS format to authentication Data + * + * @param qAALevel the qAALevel to set + * @throws AssertionAttributeExtractorExeption + */ + public void setQAALevel(String qAALevel) { + this.QAALevel = qAALevel; + + } + + /** + * @param encbPKList the encbPKList to set + */ + public void setEncbPKList(List<String> encbPKList) { + this.encbPKList = encbPKList; + } + + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + +// private static final long serialVersionUID = -1042697056735596866L; +// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; +// +// /** +// * URL of the MOA-ID Auth component issueing this assertion +// */ +// private String issuer; +// /** +// * time instant of issue of this assertion +// */ +// private Date issueInstant; +// /** +// * user identification value (Stammzahl); <code>null</code>, +// * if the authentication module is configured not to return this data +// */ +// private String identificationValue; +// /** +// * user identification type +// */ +// private String identificationType; +// +// /** +// * user identityLink specialized to OAParamter +// */ +// private IIdentityLink identityLink; +// +// /** +// * application specific user identifier (bPK/wbPK) +// */ +// private String bPK; +// +// /** +// * application specific user identifier type +// */ +// private String bPKType; +// +// /** +// * given name of the user +// */ +// private String givenName; +// /** +// * family name of the user +// */ +// private String familyName; +// /** +// * date of birth of the user +// */ +// private Date dateOfBirth; +// /** +// * says whether the certificate is a qualified certificate or not +// */ +// +// /** +// * says whether the certificate is a public authority or not +// */ +// /** +// * public authority code (Behördenkennzeichen - BKZ) +// */ +// +// +// /** +// * URL of the BKU +// */ +// +// /** +// * the corresponding <code>lt;saml:Assertion></code> +// */ +// +// private boolean isBaseIDTransferRestrication = true; +// +// +// /** +// * STORK attributes from response +// */ +// private String ccc = null; +// +// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); +// +// +// +// private String authBlock = null; +// private List<String> encbPKList = null; +// +// //ISA 1.18 attributes +// private List<AuthenticationRole> roles = null; +// private String pvpAttribute_OU = null; +// +// private boolean useMandate = false; +// private IMISMandate mandate = null; +// private String mandateReferenceValue = null; +// +// private boolean foreigner =false; +// private String QAALevel = null; +// +// private boolean ssoSession = false; +// private Date ssoSessionValidTo = null; +// +//// private boolean interfederatedSSOSession = false; +//// private String interfederatedIDP = null; +// +// private String sessionIndex = null; +// private String nameID = null; +// private String nameIDFormat = null; +// +// public AuthenticationData() { +// issueInstant = new Date(); +// } +// +// /** +// * Returns the publicAuthority. +// * @return boolean +// */ +// public boolean isPublicAuthority() { +// return publicAuthority; +// } +// +// /** +// * Returns the publicAuthorityCode. +// * @return String +// */ +// public String getPublicAuthorityCode() { +// return publicAuthorityCode; +// } +// +// /** +// * Returns the qualifiedCertificate. +// * @return boolean +// */ +// public boolean isQualifiedCertificate() { +// return qualifiedCertificate; +// } +// +// /** +// * Returns the bPK. +// * @return String +// */ +// public String getBPK() { +// return bPK; +// } +// +// /** +// * Sets the publicAuthority. +// * @param publicAuthority The publicAuthority to set +// */ +// public void setPublicAuthority(boolean publicAuthority) { +// this.publicAuthority = publicAuthority; +// } +// +// /** +// * Sets the publicAuthorityCode. +// * @param publicAuthorityIdentification The publicAuthorityCode to set +// */ +// public void setPublicAuthorityCode(String publicAuthorityIdentification) { +// this.publicAuthorityCode = publicAuthorityIdentification; +// } +// +// /** +// * Sets the qualifiedCertificate. +// * @param qualifiedCertificate The qualifiedCertificate to set +// */ +// public void setQualifiedCertificate(boolean qualifiedCertificate) { +// this.qualifiedCertificate = qualifiedCertificate; +// } +// +// /** +// * Sets the bPK. +// * @param bPK The bPK to set +// */ +// public void setBPK(String bPK) { +// this.bPK = bPK; +// } +// +// /** +// * Returns the dateOfBirth. +// * @return String +// */ +// public Date getDateOfBirth() { +// return dateOfBirth; +// } +// +// public String getFormatedDateOfBirth() { +// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// if (getDateOfBirth() != null) +// return pvpDateFormat.format(getDateOfBirth()); +// else +// return "2999-12-31"; +// } +// +// /** +// * Returns the familyName. +// * @return String +// */ +// public String getFamilyName() { +// return familyName; +// } +// +// /** +// * Returns the givenName. +// * @return String +// */ +// public String getGivenName() { +// return givenName; +// } +// +// /** +// * Holds the baseID of a citizen +// * +// * @return baseID +// */ +// public String getIdentificationValue() { +// return identificationValue; +// } +// +// /** +// * Holds the type of the baseID +// * +// * @return baseID-Type +// */ +// public String getIdentificationType() { +// return identificationType; +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public String getIssueInstantString() { +// return DateTimeUtils.buildDateTimeUTC(issueInstant); +// +// } +// +// /** +// * Returns the issueInstant. +// * @return String +// */ +// public Date getIssueInstant() { +// return issueInstant; +// +// } +// +// public void setIssueInstant(Date date) { +// this.issueInstant = date; +// } +// +// /** +// * Returns the issuer. +// * @return String +// */ +// public String getIssuer() { +// return issuer; +// } +// +// /** +// * Returns the BKU URL. +// * @return String +// */ +// public String getBkuURL() { +// return bkuURL; +// } +// +// /** +// * Sets the dateOfBirth. +// * @param dateOfBirth The dateOfBirth to set +// */ +// public void setDateOfBirth(Date dateOfBirth) { +// this.dateOfBirth = dateOfBirth; +// } +// +// public void setDateOfBirth(String dateOfBirth) { +// try { +// if (MiscUtil.isNotEmpty(dateOfBirth)) { +// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); +// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); +// } +// +// } catch (ParseException e) { +// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); +// +// } +// } +// +// /** +// * Sets the familyName. +// * @param familyName The familyName to set +// */ +// public void setFamilyName(String familyName) { +// this.familyName = familyName; +// } +// +// /** +// * Sets the givenName. +// * @param givenName The givenName to set +// */ +// public void setGivenName(String givenName) { +// this.givenName = givenName; +// } +// +// /** +// * Sets the identificationValue. +// * @param identificationValue The identificationValue to set +// */ +// public void setIdentificationValue(String identificationValue) { +// this.identificationValue = identificationValue; +// } +// +// /** +// * Sets the identificationType. +// * @param identificationType The identificationType to set +// */ +// public void setIdentificationType(String identificationType) { +// this.identificationType = identificationType; +// } +// +// /** +// * Sets the issuer. +// * @param issuer The issuer to set +// */ +// public void setIssuer(String issuer) { +// this.issuer = issuer; +// } +// +// /** +// * Sets the bkuURL +// * @param url The BKU URL to set +// */ +// public void setBkuURL(String url) { +// this.bkuURL = url; +// } +// +// public String getBPKType() { +// return bPKType; +// } +// +// public void setBPKType(String bPKType) { +// this.bPKType = bPKType; +// } +// + +// +// + +// +// +// public String getEIDASQAALevel() { +// if (this.QAALevel != null && +// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { +// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); +// if (MiscUtil.isNotEmpty(mappedQAA)) +// return mappedQAA; +// +// else { +// Logger.error("STORK QAA-level:" + this.QAALevel +// + " can not be mapped to eIDAS QAA-level! Use " +// + PVPConstants.EIDAS_QAA_LOW + " as default value."); +// return PVPConstants.EIDAS_QAA_LOW; +// +// } +// +// +// } else +// return this.QAALevel; +// +// } +// +// +// /** +// * @return +// */ +// public boolean isForeigner() { +// return this.foreigner; +// } +// +// +// /** +// * @param foreigner the foreigner to set +// */ +// public void setForeigner(boolean foreigner) { +// this.foreigner = foreigner; +// } +// +// + +// +// /** +// * @return the ssoSession +// */ +// public boolean isSsoSession() { +// return ssoSession; +// } +// +// +// /** +// * @param ssoSession the ssoSession to set +// */ +// public void setSsoSession(boolean ssoSession) { +// this.ssoSession = ssoSession; +// } +// +// /** +// * @return the mandateReferenceValue +// */ +// public String getMandateReferenceValue() { +// return mandateReferenceValue; +// } +// +// /** +// * @param mandateReferenceValue the mandateReferenceValue to set +// */ +// public void setMandateReferenceValue(String mandateReferenceValue) { +// this.mandateReferenceValue = mandateReferenceValue; +// } +// +// /** +// * CountryCode of the citizen which is identified and authenticated +// * +// * @return the CountryCode <pre>like. AT, SI, ...</pre> +// */ +// public String getCcc() { +// return ccc; +// } +// +// /** +// * @param ccc the ccc to set +// */ +// public void setCcc(String ccc) { +// this.ccc = ccc; +// } +// +// /** +// * @return the sessionIndex +// */ +// public String getSessionIndex() { +// return sessionIndex; +// } +// +// /** +// * @param sessionIndex the sessionIndex to set +// */ +// public void setSessionIndex(String sessionIndex) { +// this.sessionIndex = sessionIndex; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() +// */ +// @Override +// public String getNameID() { +// return this.nameID; +// } +// +// /** +// * @param nameID the nameID to set +// */ +// public void setNameID(String nameID) { +// this.nameID = nameID; +// } +// +// /** +// * @return the nameIDFormat +// */ +// public String getNameIDFormat() { +// return nameIDFormat; +// } +// +// /** +// * @param nameIDFormat the nameIDFormat to set +// */ +// public void setNameIDFormat(String nameIDFormat) { +// this.nameIDFormat = nameIDFormat; +// } +// +//// /** +//// * @return the interfederatedSSOSession +//// */ +//// public boolean isInterfederatedSSOSession() { +//// return interfederatedSSOSession; +//// } +//// +//// /** +//// * @param interfederatedSSOSession the interfederatedSSOSession to set +//// */ +//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { +//// this.interfederatedSSOSession = interfederatedSSOSession; +//// } +//// +//// /** +//// * @return the interfederatedIDP +//// */ +//// public String getInterfederatedIDP() { +//// return interfederatedIDP; +//// } +//// +//// /** +//// * @param interfederatedIDP the interfederatedIDP to set +//// */ +//// public void setInterfederatedIDP(String interfederatedIDP) { +//// this.interfederatedIDP = interfederatedIDP; +//// } +// +// /** +// * @return the ssoSessionValidTo +// */ +// public Date getSsoSessionValidTo() { +// return ssoSessionValidTo; +// } +// +// /** +// * @param ssoSessionValidTo the ssoSessionValidTo to set +// */ +// public void setSsoSessionValidTo(Date ssoSessionValidTo) { +// this.ssoSessionValidTo = ssoSessionValidTo; +// } +// +// /** +// * @return the encbPKList +// */ +// public List<String> getEncbPKList() { +// return encbPKList; +// } +// +// /** +// * @param encbPKList the encbPKList to set +// */ +// public void setEncbPKList(List<String> encbPKList) { +// this.encbPKList = encbPKList; +// } +// +// /** +// * @return the roles +// */ +// public List<AuthenticationRole> getAuthenticationRoles() { +//// if (this.roles == null) { +//// this.roles = new ArrayList<AuthenticationRole>(); +//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); +//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); +//// } +// +// return roles; +// } +// +// //ISA 1.18 attributes +// /** +// * @param roles the roles to set +// */ +// public void addAuthenticationRole(AuthenticationRole role) { +// if (this.roles == null) +// this.roles = new ArrayList<AuthenticationRole>(); +// +// this.roles.add(role); +// } +// +// /** +// * @return the pvpAttribute_OU +// */ +// public String getPvpAttribute_OU() { +// return pvpAttribute_OU; +// } +// +// /** +// * @param pvpAttribute_OU the pvpAttribute_OU to set +// */ +// public void setPvpAttribute_OU(String pvpAttribute_OU) { +// this.pvpAttribute_OU = pvpAttribute_OU; +// } +// +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() +// */ +// @Override +// public boolean isBaseIDTransferRestrication() { +// return isBaseIDTransferRestrication; +// } +// +// /** +// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set +// */ +// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { +// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; +// } +// +// /** +// * Returns a generic data-object with is stored with a specific identifier +// * +// * @param key The specific identifier of the data object +// * @param clazz The class type which is stored with this key +// * @return The data object or null if no data is found with this key +// */ +// public <T> T getGenericData(String key, final Class<T> clazz) { +// if (MiscUtil.isNotEmpty(key)) { +// Object data = genericDataStorate.get(key); +// +// if (data == null) +// return null; +// +// try { +// @SuppressWarnings("unchecked") +// T test = (T) data; +// return test; +// +// } catch (Exception e) { +// Logger.warn("Generic authentication-data object can not be casted to requsted type", e); +// return null; +// +// } +// +// } +// +// Logger.warn("Can not load generic session-data with key='null'"); +// return null; +// +// } +// +// /** +// * Store a generic data-object to session with a specific identifier +// * +// * @param key Identifier for this data-object +// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface +// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage +// */ +// public void setGenericData(String key, Object object) throws SessionDataStorageException { +// if (MiscUtil.isEmpty(key)) { +// Logger.warn("Generic session-data can not be stored with a 'null' key"); +// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); +// +// } +// +// if (object != null) { +// if (!Serializable.class.isInstance(object)) { +// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); +// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); +// +// } +// } +// +// if (genericDataStorate.containsKey(key)) +// Logger.debug("Overwrite generic data with key:" + key); +// else +// Logger.trace("Add generic data with key:" + key + " to session."); +// +// genericDataStorate.put(key, object); +// } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index a24683545..2e1af43e4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.io.IOException; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Enumeration; @@ -31,11 +29,11 @@ import java.util.Iterator; import java.util.List; import java.util.Map.Entry; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.LogoutRequest; import org.opensaml.saml2.core.LogoutResponse; import org.opensaml.saml2.core.StatusCode; @@ -46,21 +44,22 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; @@ -69,10 +68,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -81,36 +76,50 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_AuthenticationManager") -public class AuthenticationManager extends MOAIDAuthConstants { +public class AuthenticationManager extends AbstractAuthenticationManager { - private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>(); - private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>(); - + public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; + public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; + public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; public static final int SLOTIMEOUT = 30 * 1000; //30 sec - @Autowired private ProcessEngine processEngine; - @Autowired private SSOManager ssoManager; - @Autowired private IRequestStorage requestStoreage; + @Autowired private ITransactionStorage transactionStorage; @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired private MOAReversionLogger revisionsLogger; - @Autowired protected AuthConfiguration authConfig; + @Autowired private SingleLogOutBuilder sloBuilder; @Autowired private SAMLVerificationEngineSP samlVerificationEngine; @Autowired private IGUIFormBuilder guiBuilder; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + + @Override + public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws EAAFException { + // TODO Auto-generated method stub + + } + + @Override + public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3) + throws EAAFException { + // TODO Auto-generated method stub + + } + + + public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); @@ -123,39 +132,6 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - /** - * @param req - * @param resp - * @param moasessionid - */ - public void performOnlyIDPLogOut(AuthenticationSession authSession) { - - if (authSession == null) { - Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); - return; - - } - - try { - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); - - //session.invalidate(); - - } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); - return; - } - - } - public void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, String internalMOASsoSessionID) { @@ -187,327 +163,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } - - - /** - * Authenticates the authentication request {pendingReq}, which is actually processed - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * - * @return Return already authenticated MOASession if exists, otherwise return null - * @throws MOADatabaseException - * @throws MOAIDException - * @throws IOException - * @throws ServletException - * - */ - public AuthenticationSession doAuthentication(HttpServletRequest httpReq, - HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { - - //load OA configuration from pending request - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - - //set logging context and log unique OA identifier to revision log - TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); - - //generic authentication request validation - if (pendingReq.isPassiv() - && pendingReq.forceAuth()) { - // conflict! - throw new NoPassivAuthenticationException(); - } - - //get SSO cookie from http request - String ssoId = ssoManager.getSSOSessionID(httpReq); - - //check if interfederation IDP is requested - ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq); - - //check if SSO session cookie is already used - if (ssoId != null) { - String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId); - - if (correspondingMOASession != null) { - Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + - "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - - //destroy internal SSO-session object and SSO-session cooky - authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); - ssoManager.deleteSSOSessionID(httpReq, httpResp); - } - } - - //check if SSO Session is valid - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - // check if Service-Provider allows SSO sessions - boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); - - //if a legacy request is used SSO should not be allowed in case of mandate authentication - boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); - - //check if SSO is allowed for the actually executed request - //INFO: Actually, useMandate disables SSO functionality!!!!! - boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested); - pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); - - //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession ssoMOASession = null; - if (isValidSSOSession && isSSOAllowed) { - ssoMOASession = ssoManager.getInternalMOASession(ssoId); - - if (ssoMOASession == null) - Logger.info("No MOASession FOUND with provided SSO-Cookie."); - - else { - Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); - revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO); - - } - } - - //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); - - //force new authentication authentication process - if (pendingReq.forceAuth()) { - startAuthenticationProcess(httpReq, httpResp, pendingReq); - return null; - - //perform SSO-Consents evaluation if it it required - } else if (isSessionAuthenticated && oaParam.useSSOQuestion()) { - sendSingleSignOnConsentsEvaluation(httpReq, httpResp, pendingReq); - return null; - - } else if (pendingReq.isPassiv()) { - if (isSessionAuthenticated) { - // Passive authentication ok! - revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return ssoMOASession; - - } else { - throw new NoPassivAuthenticationException(); - - } - } else { - if (isSessionAuthenticated) { - // Is authenticated .. proceed - revisionsLogger.logEvent(oaParam, - pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return ssoMOASession; - - } else { - // Start authentication! - startAuthenticationProcess(httpReq, httpResp, pendingReq); - return null; - } - } - } - - /** - * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} - * - * @param httpReqParam http parameter name, but never null - */ - public void addParameterNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqParameterWhiteListeForModules.add(httpReqParam); - - } - - /** - * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} - * - * @param httpReqParam http header name, but never null - */ - public void addHeaderNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); - } - - /** - * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated - * - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession with authentication information or null if no active MOASession exists - * - * @return true if session is already authenticated, otherwise false - * @throws MOAIDException - */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { - - //if no MOASession exist -> authentication is required - if (ssoMOASession == null) { - return false; - - } else { - //if MOA SSO-Session is found but not authenticated --> authentication is required - if (!ssoMOASession.isAuthenticated()) { - return false; - } - - //if MOASession is already authenticated and protocol-request is authenticated - // --> no authentication is required any more - else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { - protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); - return true; - - // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest - } else if (!protocolRequest.isAuthenticated() - && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { - Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); - protocolRequest.setAuthenticated(true); - protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); - return true; - - } - - // force authentication as backup solution - else { - Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); - return false; - - } - } - } - - private void startAuthenticationProcess(HttpServletRequest httpReq, - HttpServletResponse httpResp, RequestImpl pendingReq) - throws ServletException, IOException, MOAIDException { - - Logger.info("Starting authentication ..."); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_START); - - //is legacy allowed - List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols(); - boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule()); - - //check legacy request parameter - boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create authentication process execution context - ExecutionContext executionContext = new ExecutionContextImpl(); - - //set oaIdentifeir - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER, - pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()); - - //set interfederation authentication flag - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, - MiscUtil.isNotEmpty( - pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - - //set legacy mode or BKU-selection flags - boolean leagacyMode = (legacyallowed && legacyparamavail); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode - && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); - - //add X509 SSL client certificate if exist - if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) { - Logger.debug("Find SSL-client-certificate on request --> Add it to context"); - executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE, - ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate"))); - - } - - //add additional http request parameter to context - if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) { - Enumeration<String> reqParamNames = httpReq.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && - ( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) - || reqParameterWhiteListeForModules.contains(paramName) )) - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName))); - } - } - - //add additional http request parameter to context - if (!reqHeaderWhiteListeForModules.isEmpty()) { - Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); - while(reqHeaderNames.hasMoreElements()) { - String paramName = reqHeaderNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); - } - } - } - - //start process engine - startProcessEngine(pendingReq, executionContext); - - } - - private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request, - HttpServletResponse response, RequestImpl pendingReq) - throws ServletException, IOException, MOAIDException { - - Logger.info("Start SSO user-consents evaluation ..."); - - //set authenticated flag to false, because user consents is required - pendingReq.setAuthenticated(false); - - //create execution context - ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put(SingleSignOnConsentsModuleImpl.PARAM_SSO_CONSENTS_EVALUATION, true); - - //start process engine - startProcessEngine(pendingReq, executionContext); - - } - - private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws MOAIDException { - try { - //put pending-request ID on execurtionContext - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - - // create process instance - String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); - - if (processDefinitionId == null) { - Logger.warn("No suitable process found for SessionID " + pendingReq.getRequestID() ); - throw new MOAIDException("process.02",new Object[] { - pendingReq.getRequestID()}); - } - - String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); - - // keep process instance id in protocol pending-request - pendingReq.setProcessInstanceId(processInstanceId); - - //store pending-request - requestStoreage.storePendingRequest(pendingReq); - - // start process - processEngine.start(pendingReq); - - } catch (ProcessExecutionException e) { - Throwable cause = e.getCause(); - if (cause != null && cause instanceof TaskExecutionException) { - Throwable taskCause = cause.getCause(); - if (taskCause != null && taskCause instanceof MOAIDException) { - MOAIDException moaTaskCause = (MOAIDException) taskCause; - Logger.warn(taskCause); - throw moaTaskCause; - - } - } - - throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getRequestID() }, e); - } - } private void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { @@ -732,5 +388,45 @@ public class AuthenticationManager extends MOAIDAuthConstants { e.printStackTrace(); } } + + @Override + protected void populateExecutionContext(ExecutionContext executionContext, RequestImpl pendingReq, HttpServletRequest httpReq) + throws EAAFException { + //is legacy allowed + boolean legacyallowed = false; + if (authConfig instanceof AuthConfiguration) { + List<String> legacyallowed_prot = ((AuthConfiguration)authConfig).getLegacyAllowedProtocols(); + legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule()); + + } else + Logger.info("Base configuration is NOT of type 'AuthConfiguration'. LegacyMode is disabled"); + + + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); + + + //set interfederation authentication flag + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, + MiscUtil.isNotEmpty( + pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + + //set legacy mode or BKU-selection flags + boolean leagacyMode = (legacyallowed && legacyparamavail); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode + && MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + + //add additional http request parameter to context + if (leagacyMode) { + Enumeration<String> reqParamNames = httpReq.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (StringUtils.isNotEmpty(paramName) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) ) + executionContext.put(paramName, StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName))); + } + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 718f730b0..bded1943b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -33,12 +33,20 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; @@ -46,12 +54,15 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_SSOManager") -public class SSOManager { +public class SSOManager implements ISSOManager { + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "slo_template.html"; public static String CONTEXTPATH = "contextPath"; @@ -62,9 +73,160 @@ public class SSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; - @Autowired protected AuthConfiguration authConfig; + @Autowired private AuthConfiguration authConfig; + @Autowired private IRevisionLogger revisionsLogger; + + //@Autowired private MOASessionDBUtils moaSessionDBUtils; + + public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException { + try { + //get SSO cookie from http request + String ssoId = getSSOSessionID(httpReq); + + //check if interfederation IDP is requested + checkInterfederationIsRequested(httpReq, httpResp, pendingReq); + + //check if SSO session cookie is already used + if (ssoId != null) { + String correspondingMOASession = existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_INVALID); + + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); + deleteSSOSessionID(httpReq, httpResp); + } + } + + //check if SSO Session is valid + boolean isSSOValid = isValidSSOSession(ssoId, pendingReq); + + if (isSSOValid) + pendingReq.setSSOSessionIdentifier(ssoId); + + return isSSOValid; + + + } catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) { + Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e); + Logger.info("All SSO session will be ignored."); + + } + + return false; + + } + + + + public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) { + // check if Service-Provider allows SSO sessions + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); + boolean useSSOOA = oaConfig.useSSO() || oaConfig.isInderfederationIDP(); + + //if a legacy request is used SSO should not be allowed in case of mandate authentication + boolean isUseMandateRequested = false; + try { + isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); + + //check if SSO is allowed for the actually executed request + //INFO: Actually, useMandate disables SSO functionality!!!!! + pendingReq.setNeedSingleSignOnFunctionality((useSSOOA && !isUseMandateRequested)); + + //check if current service provider needs user consent for SSO + pendingReq.setNeedUserConsent(oaConfig.useSSOQuestion()); + + } catch (WrongParametersException e) { + Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage()); + + } + + } + + public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException { + //populate pending request with eID data from SSO session if no userConsent is required + try { + AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier()); + + if (ssoMOASession == null) + Logger.info("No MOASession FOUND with provided SSO-Cookie."); + + else { + Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); + revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID); + + Logger.trace("Populatint pending request with SSO session information .... "); + pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession()); + pendingReq.setAuthenticated(true); + + } + + } catch (EAAFStorageException e) { + Logger.warn("Can NOT populate pending request from SSO session.", e); + throw new EAAFSSOException("", new Object[] {}, + "Can NOT populate pending request from SSO session", e); + + } + + } + + + @Override + public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException { + //get SSO token from request + String ssoid = null; + if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getSSOSessionIdentifier())) { + ssoid = pendingReq.getSSOSessionIdentifier(); + + } else { + ssoid = getSSOSessionID(httpReq); + + } + try { + if (isValidSSOSession(ssoid, null)) { + + //delete SSO session and MOA session + AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid); + + if (ssoSession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return false; + + } + + + ssoSession.setAuthenticated(false); + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = + authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID()); + } + + } catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) { + Logger.info("NO MOA Authentication data for ID " + ssoid); + return false; + + } + + + //Remove SSO token + deleteSSOSessionID(httpReq, httpResp); + + return true; + + } + + + //*********************************** old ************************************** + /** * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists. * Set the requested interfederation IDP as attribte of the {protocolRequest} @@ -209,7 +371,7 @@ public class SSOManager { if (MiscUtil.isNotEmpty(ssoSessionID)) { AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); if (moaSession != null) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID()); + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID()); return extSessionInformation.getUniqueSessionId(); } @@ -336,4 +498,28 @@ public class SSOManager { setCookie(httpReq, httpResp, cookieName, "", 0); } + + + @Override + public void createNewSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException { + // TODO Auto-generated method stub + + } + + + + @Override + public String createNewSSOSessionCookie(HttpServletRequest arg0, HttpServletResponse arg1, IRequest arg2) + throws EAAFSSOException { + // TODO Auto-generated method stub + return null; + } + + + @Override + public void updateSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException { + // TODO Auto-generated method stub + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java index d3b2a5c38..1168773dc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java @@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,11 +46,15 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { IAttributeGenerator<ATT> g) throws AttributeBuilderException { try { - String authblock = authData.getAuthBlock(); - if (MiscUtil.isNotEmpty(authblock)) { - return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, - Base64Utils.encodeToString(authblock.getBytes("UTF-8"))); - } + if (authData instanceof IMOAAuthData) { + String authblock = ((IMOAAuthData)authData).getAuthBlock(); + if (MiscUtil.isNotEmpty(authblock)) { + return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, + Base64Utils.encodeToString(authblock.getBytes("UTF-8"))); + } + + } else + Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is only available in MOA-ID context"); } catch (IOException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java index f87a9b673..5e14e598f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java @@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; public class EIDCcsURL implements IPVPAttributeBuilder { @@ -38,12 +40,16 @@ public class EIDCcsURL implements IPVPAttributeBuilder { public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + String bkuurl = ((IMOAAuthData)authData).getBkuURL(); + if (MiscUtil.isNotEmpty(bkuurl)) + return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); + + + } else + Logger.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); - String bkuurl = authData.getBkuURL(); - if (MiscUtil.isNotEmpty(bkuurl)) - return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); - else - throw new UnavailableAttributeException(EID_CCS_URL_NAME); + throw new UnavailableAttributeException(EID_CCS_URL_NAME); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 715bc376e..76b1a1cda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -27,7 +27,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; @Deprecated @@ -39,15 +42,21 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + String qaaLevel = null; + if (((IMOAAuthData)authData).getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX)) + qaaLevel = ((IMOAAuthData)authData).getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()); + else + qaaLevel = ((IMOAAuthData)authData).getQAALevel(); + + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); + + } else + Logger.info(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + " is only available in MOA-ID context"); - String qaaLevel = null; - if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX)) - qaaLevel = authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length()); - else - qaaLevel = authData.getQAALevel(); + throw new UnavailableAttributeException(EID_CITIZEN_QAA_LEVEL_NAME); - return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java index cc916ef73..d11d57ab8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -69,6 +69,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder; @@ -85,7 +86,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java deleted file mode 100644 index 335cf55ce..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java +++ /dev/null @@ -1,144 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.util; - -import java.util.Locale; - -import org.springframework.stereotype.Service; - -import at.gv.egiz.eaaf.core.api.IStatusMessager; -import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.util.Messages; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID. - * - * @author Paul Ivancsics - * @version $Id$ - */ -@Service("MOAIDMessageProvider") -public class MOAIDMessageProvider implements IStatusMessager { - - //internal messanges - private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" }; - private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") }; - private Messages messages; - - //external error codes - private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" }; - private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") }; - private Messages externalError = null; - - - public MOAIDMessageProvider() { - this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); - this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES); - - } - - /** - * Get the message corresponding to a given message ID. - * - * @param messageId The ID of the message. - * @param parameters The parameters to fill in into the message arguments. - * @return The formatted message. - */ - @Override - public String getMessage(String messageId, Object[] parameters) { - return messages.getMessage(messageId, parameters); - } - - -@Override -public String getResponseErrorCode(Throwable throwable) { - String errorCode = null; - - if (throwable instanceof BKUException) { - BKUException error = (BKUException) throwable; - errorCode = mapInternalErrorToExternalError(error.getMessageId()) + - error.getBkuErrorCode(); - - } else if (throwable instanceof MISSimpleClientException) { - MISSimpleClientException error = (MISSimpleClientException) throwable; - - if (MiscUtil.isNotEmpty(error.getMISErrorCode())) - errorCode = mapInternalErrorToExternalError(error.getMessageId()) + - error.getMISErrorCode(); - else - errorCode = mapInternalErrorToExternalError(error.getMessageId()); - - } else if (throwable instanceof MOAIDException) { - MOAIDException error = (MOAIDException) throwable; - errorCode = mapInternalErrorToExternalError(error.getMessageId()); - - } else if (throwable instanceof ProcessExecutionException) { - errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE; - - } else { - errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC; - - } - - return errorCode; -} - - -@Override -public String mapInternalErrorToExternalError(String intErrorCode) { - String extErrorCode = messages.getMessage(intErrorCode, null); - - if (MiscUtil.isEmpty(extErrorCode)) - extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC; - - return extErrorCode; -} - -} |