refactor authentication process to use service-provider configuration from pending-request

4 files changed, 121 insertions, 114 deletions

diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b4c8c37d4..61a73335c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction {
 		}
 					
 		try {
-			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
-					.getOnlineApplicationParameter(oaURL);
+			IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
 								
 			// add other stork attributes to MOA assertion if available
 			IPersonalAttributeList storkAttributes = authData.getGenericData(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1d06bb48a..5eb39880e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					samlArtifact, ex.toString() });
 		}
 		Throwable error = null;
-		//synchronized (authenticationDataStore) {
-			try {
-				error = authenticationDataStore
-						.get(samlArtifact, Throwable.class);
+		try {
+			error = authenticationDataStore
+					.get(samlArtifact, Throwable.class);
 			
-				authenticationDataStore.remove(samlArtifact);
-				
-			} catch (MOADatabaseException e) {
+			if (error == null) {
 				Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
 				throw new AuthenticationException("1206", new Object[] { samlArtifact });
+					
 			}
+				
+			authenticationDataStore.remove(samlArtifact);
+				
+		} catch (MOADatabaseException e) {
+			Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+			throw new AuthenticationException("1206", new Object[] { samlArtifact });
+		}
 			
-		//}
-		
 		return error;
 	}
 	
@@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			throw new AuthenticationException("1205", new Object[] {
 					samlArtifact, ex.toString() });
 		}
-		String authData = null;
-		//synchronized (authenticationDataStore) {
-			// System.out.println("assertionHandle: " + assertionHandle);
-						
-			try {
-				authData = authenticationDataStore
-						.get(samlArtifact, String.class, authDataTimeOut);
+		String authData = null;						
+		try {
+			authData = authenticationDataStore
+					.get(samlArtifact, String.class, authDataTimeOut);
 				
-			} catch (MOADatabaseException e) {
+			if (authData == null) {
 				Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
 				throw new AuthenticationException("1206", new Object[] { samlArtifact });
-			}		
-		//}
+					
+			}
 				
-		authenticationDataStore.remove(samlArtifact);
 				
+		} catch (MOADatabaseException e) {
+			Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+			throw new AuthenticationException("1206", new Object[] { samlArtifact });
+		}		
+						
+		authenticationDataStore.remove(samlArtifact);				
 		Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
 		
 		return authData;
@@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 		return samlArtifact;
 	}
 	
-	public String BuildSAMLArtifact(OAAuthParameter oaParam, 
+	public String BuildSAMLArtifact(IOAAuthParameters oaParam, 
 			SAML1AuthenticationData authData, String sourceID) 
 					throws ConfigurationException, BuildException, AuthenticationException {
 		
@@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 
 	}
 
-	private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
+	private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,
 			ValidateException {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 417bf4dc9..3facdb50f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController {
 
 	@Autowired private SAML1AuthenticationServer saml1AuthServer;
 	
-	public static final String REQ_DATA_SOURCEID = "sourceID";
-	public static final String REQ_DATA_TARGET = "target";
+	public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
+	public static final String REQ_DATA_TARGET = "saml1_target";
 	
 	public static final String NAME = SAML1Protocol.class.getName();
 	public static final String PATH = "id_saml1";
@@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController {
 	
 	public void preProcess(HttpServletRequest request,
 			HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+		try {	
+			String oaURL = (String) request.getParameter(PARAM_OA);
+			//oaURL = StringEscapeUtils.escapeHtml(oaURL);
 			
-		String oaURL = (String) request.getParameter(PARAM_OA);
-		//oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		
-		String target = (String) request.getParameter(PARAM_TARGET);
-		target = StringEscapeUtils.escapeHtml(target);
-		
-		String sourceID = request.getParameter(PARAM_SOURCEID);
-		sourceID = StringEscapeUtils.escapeHtml(sourceID);
-		
-		//the target parameter is used to define the OA in SAML1 standard
-		if (target != null && target.startsWith("http")) {
-			oaURL = target;
-			target = null;
-		}
-		
-		if (MiscUtil.isEmpty(oaURL)) {
-			Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
-			throw new WrongParametersException("StartAuthentication", PARAM_OA,
-					"auth.12");
+			String target = (String) request.getParameter(PARAM_TARGET);
+			target = StringEscapeUtils.escapeHtml(target);
 			
-		}
-		
-		if (!ParamValidatorUtils.isValidOA(oaURL))
-			throw new WrongParametersException("StartAuthentication", PARAM_OA,
-					"auth.12");
-		
-		pendingRequest.setOAURL(oaURL);
-		
-		Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
-		
-	    if (!ParamValidatorUtils.isValidSourceID(sourceID))
-            throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-		
-		
-		//load Target only from OA config
-		OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
-				.getOnlineApplicationParameter(oaURL);
-		
-		if (oaParam == null)
-			throw new InvalidProtocolRequestException("auth.00",
-					new Object[] { null });
+			String sourceID = request.getParameter(PARAM_SOURCEID);
+			sourceID = StringEscapeUtils.escapeHtml(sourceID);
+			
+			//the target parameter is used to define the OA in SAML1 standard
+			if (target != null && target.startsWith("http")) {
+				oaURL = target;
+				target = null;
+			}
+			
+			if (MiscUtil.isEmpty(oaURL)) {
+				Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+				throw new WrongParametersException("StartAuthentication", PARAM_OA,
+						"auth.12");
+				
+			}
+			
+			if (!ParamValidatorUtils.isValidOA(oaURL))
+				throw new WrongParametersException("StartAuthentication", PARAM_OA,
+						"auth.12");
+			
+			pendingRequest.setOAURL(oaURL);
+			
+			Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+			
+		    if (!ParamValidatorUtils.isValidSourceID(sourceID))
+	            throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+			
+			
+			//load Target only from OA config
+			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+					.getOnlineApplicationParameter(oaURL);
+			
+			if (oaParam == null)
+				throw new InvalidProtocolRequestException("auth.00",
+						new Object[] { null });
+					
+			SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+			if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+				Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+				throw new InvalidProtocolRequestException("auth.00",
+						new Object[] { null });
+			}
+			pendingRequest.setOnlineApplicationConfiguration(oaParam);
+			
+			
+			//check and set SourceID
+			if (oaParam.getSAML1Parameter() != null && 
+					MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) {
+				pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID());
 				
-		SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
-		if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
-			Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
-			throw new InvalidProtocolRequestException("auth.00",
-					new Object[] { null });
+			} else
+				pendingRequest.setSourceID(sourceID);
+			
+			revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+			
+			if (MiscUtil.isNotEmpty(target))
+				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+			
+			else
+				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+	
+			//AuthnRequest needs authentication
+			pendingRequest.setNeedAuthentication(true);
+	
+			//set protocol action, which should be executed after authentication
+			pendingRequest.setAction(AuthenticationAction.class.getName());
+			
+		} catch (WrongParametersException e) {
+			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+			
+		} catch (InvalidProtocolRequestException e) {
+			throw e;
+			
 		}
-		pendingRequest.setOnlineApplicationConfiguration(oaParam);
-		pendingRequest.setSourceID(sourceID);
-		
-		revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
-		
-		if (MiscUtil.isNotEmpty(target))
-			pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
-		
-		else
-			pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
-
-		//AuthnRequest needs authentication
-		pendingRequest.setNeedAuthentication(true);
-
-		//set protocol action, which should be executed after authentication
-		pendingRequest.setAction(AuthenticationAction.class.getName());
 						
 	}
 
@@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController {
 			HttpServletRequest request, HttpServletResponse response,
 			IRequest protocolRequest) 
 					throws Throwable{
-		
-		OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
-		if (!oa.getSAML1Parameter().isProvideAllErrors())
+		if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
 			return false;
 		
 		else {	
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 3da7cab80..5867bbac6 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
@@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl {
 		List<String> reqAttr = new ArrayList<String>();
 		reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
 		
-		try {
-			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-			SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter();
-			if (saml1 != null) {
-				if (saml1.isProvideAUTHBlock())
-					reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-				
-				if (saml1.isProvideCertificate())
-					reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-				
-				if (saml1.isProvideFullMandatorData())
-					reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
-			}
-					
-			return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+		SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+		if (saml1 != null) {
+			if (saml1.isProvideAUTHBlock())
+				reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
 			
-		} catch (ConfigurationException e) {
-			Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
-			return null;
+			if (saml1.isProvideCertificate())
+				reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+			
+			if (saml1.isProvideFullMandatorData())
+				reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
 		}
+				
+		return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator());
 		
 		
 	}