Merge branch 'samlengine_update' into moa-2.1-Snapshot

5 files changed, 528 insertions, 0 deletions

diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
new file mode 100644
index 000000000..1c1cbb723
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -0,0 +1,132 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.monitoring.TestManager;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@WebServlet(name = "MonitoringServlet", value = "/MonitoringServlet")
+public class MonitoringServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 1L;
+	private static final String REQUEST_ATTR_MODULE = "module";
+	
+	  public MonitoringServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'.");
+	}
+
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			    throws ServletException, IOException {
+		  
+		  try {
+			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+			
+			if (config.isMonitoringActive()) {
+				Logger.debug("Monitoring Servlet received request");
+
+				TestManager tests = TestManager.getInstance();
+				
+				String modulename = req.getParameter(REQUEST_ATTR_MODULE);
+				if (MiscUtil.isEmpty(modulename)) {
+				
+					List<String> error = tests.executeTests();
+					if (error != null && error.size() > 0) {
+						createErrorMessage(req, resp, error);
+						
+					} else {
+						resp.setStatus(HttpServletResponse.SC_OK);
+						resp.setContentType("text/html;charset=UTF-8");
+						resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+						Logger.info("Monitoring Servlet finished without errors");
+					}
+					
+				} else {
+					if (tests.existsModule(modulename)) {
+						List<String> errors = tests.executeTest(modulename);
+						if (errors != null && errors.size() > 0) {
+							createErrorMessage(req, resp, errors);
+							
+						} else {
+							resp.setStatus(HttpServletResponse.SC_OK);
+							resp.setContentType("text/html;charset=UTF-8");
+							resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+							Logger.info("Monitoring Servlet finished without errors");
+						}
+						
+					} else {
+						Logger.warn("NO Testmodule exists with modulename " + modulename);
+						resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+						resp.setContentType("text/html;charset=UTF-8");
+						PrintWriter out;
+						try {
+							out = new PrintWriter(resp.getOutputStream());
+							out.write("NO Testmodule exists with modulename " + modulename);
+							out.flush();
+							    
+						} catch (IOException e) {
+							Logger.warn("Internal Monitoring Servlet Error. ", e);
+						} 
+					}
+					
+				}	
+			}
+			  
+		} catch (ConfigurationException e) {
+			createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
+		}
+	  }
+	  
+	  private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List<String> errorMessage) {
+		  Logger.warn("Monitoring Servlet found some Error: " + errorMessage);
+		  resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+		  resp.setContentType("text/html;charset=UTF-8");
+		  PrintWriter out;
+		  try {
+			  out = new PrintWriter(resp.getOutputStream());
+			  for (String error : errorMessage)
+				  out.write(error + "<br>");
+			  out.flush();
+			  
+		  } catch (IOException e) {
+			  Logger.warn("Internal Monitoring Servlet Error. ", e);
+		  } 
+	  }
+	  
+	private String getHtml(String text) {
+		return "<html><head><title>Reponse</title></head><body>" + text +"</body></html>";
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
new file mode 100644
index 000000000..a08ef5f0c
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class DatabaseTestModule implements TestModuleInterface{
+
+	public List<String> performTests() throws Exception {
+		Logger.trace("Start MOA-ID Database Test.");
+		
+		List<String> errors = new ArrayList<String>();
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		String error = testMOAConfigurationDatabase();
+		if (MiscUtil.isNotEmpty(error))
+			errors.add(error);
+		
+		error = testMOASessionDatabase();
+		if (MiscUtil.isNotEmpty(error))
+			errors.add(error);
+		
+		if (config.isAdvancedLoggingActive()) {
+			error = testMOAAdvancedLoggingDatabase();
+			if (MiscUtil.isNotEmpty(error))
+				errors.add(error);
+		}
+		
+		return errors;
+	}
+
+	
+	private String testMOASessionDatabase() throws Exception{
+		Logger.trace("Start Test: MOASessionDatabase");
+		
+		Date expioredate = new Date(new Date().getTime() - 120);
+ 
+		try {
+			List<AssertionStore> results;
+			Session session = MOASessionDBUtils.getCurrentSession();
+			
+			synchronized (session) {			
+				session.beginTransaction();
+				Query query = session.getNamedQuery("getAssertionWithTimeOut");
+				query.setTimestamp("timeout", expioredate);		
+				results = query.list();
+				session.getTransaction().commit();
+			}
+			
+			Logger.trace("Finish Test: MOASessionDatabase");
+			return null;
+			
+		} catch (Throwable e) {
+			Logger.warn("Failed Test: MOASessionDatabase", e);
+			return "MOASessionDatabase: " + e.getMessage();
+		}
+	}
+	
+	private String testMOAConfigurationDatabase() throws Exception{
+		
+		MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();	
+		ConfigurationDBUtils.closeSession();
+		
+		if (moaidconfig == null)
+			return ("MOA-ID 2.x configuration can not be loaded from Database.");
+		
+		return null;
+	}
+	
+	private String testMOAAdvancedLoggingDatabase() {
+		
+		Date expioredate = new Date(new Date().getTime() - 120);
+		try {
+			Session session = StatisticLogDBUtils.getCurrentSession();
+		
+			List<StatisticLog> results;
+		
+			synchronized (session) {			
+				session.beginTransaction();
+				Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp");
+				query.setTimestamp("timeout", expioredate);		
+				results = query.list();
+				session.getTransaction().commit();
+			}
+		
+			Logger.trace("Finish Test: AdvancedLoggingDataBase");
+			return null;
+			
+		} catch (Throwable e) {
+			Logger.warn("Failed Test: AdvancedLoggingDataBase", e);
+			return "AdvancedLoggingDataBase: " + e.getMessage();
+		}
+	}
+
+
+	public String getName() {
+		return "DatabaseTest";
+	}
+
+
+	public void initializeTest(long delayParam, String url) throws Exception {
+		// TODO Auto-generated method stub
+		
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
new file mode 100644
index 000000000..b5220914c
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -0,0 +1,109 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class IdentityLinkTestModule implements TestModuleInterface {
+
+	private static IdentityLink identityLink = null;
+	
+	public void initializeTest(long delayParam, String url) throws Exception{
+		
+		if (MiscUtil.isNotEmpty(url)) {
+			
+		  	URL keystoreURL = new URL(url);					
+			InputStream idlstream = keystoreURL.openStream();
+			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
+		}
+		
+	}
+	
+	public List<String> performTests()  throws Exception{
+		Logger.trace("Start MOA-ID IdentityLink Test");
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		IdentityLinkValidator.getInstance().validate(identityLink);
+		// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+				.build(identityLink, config
+						.getMoaSpIdentityLinkTrustProfileID());
+
+		// invokes the call
+		Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+				.verifyXMLSignature(domVerifyXMLSignatureRequest);
+		// parses the <VerifyXMLSignatureResponse>
+		try {
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+		
+			DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters();
+			oaParam.setBusinessService(true);
+			
+			VerifyXMLSignatureResponseValidator.getInstance().validate(
+					verifyXMLSignatureResponse,
+					config.getIdentityLinkX509SubjectNames(),
+					VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+					oaParam);
+			
+		} catch (ValidateException e) {
+			//check if default Monitoring IDL is used then error is ignored
+			if ("validator.07".equals(e.getMessageId()) 
+					&& e.getMessage().contains("Das Zertifikat der Personenbindung ist"))
+				return null;
+			
+			else
+				throw e;
+			
+		}
+		
+		Logger.trace("Finished MOA-ID IdentityLink Test without errors");
+		
+		return null;
+	}
+
+	public String getName() {
+		return "IdentityLinkTest";
+	}
+
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
new file mode 100644
index 000000000..84581abe8
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+public class TestManager {
+
+	private static TestManager instance;
+	
+	private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
+	
+	public static TestManager getInstance() throws ConfigurationException {
+		if (instance == null)
+			instance = new TestManager();
+		
+		return instance;
+	}
+	
+	private TestManager() throws ConfigurationException {
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		//add Database test
+		DatabaseTestModule test1 = new DatabaseTestModule();
+		tests.put(test1.getName(), test1);
+		
+		//add IdentityLink verification test
+		IdentityLinkTestModule test2 = new IdentityLinkTestModule();
+		String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
+		try {
+			test2.initializeTest(0, idlurl);
+			tests.put(test2.getName(), test2);;
+			
+		} catch (Exception e) {
+			Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
+		}
+	}
+	
+	public List<String> executeTests() {
+		Logger.debug("Start MOA-ID-Auth testing");
+
+		
+		List<String> errors;
+		
+		for (TestModuleInterface test : tests.values()) {
+			try {
+				errors = test.performTests();
+				if (errors != null && errors.size() > 0)
+					return errors;
+				
+			} catch (Exception e) {
+				Logger.warn("General Testing Eception during Test " + test.getClass() + ": ", e);
+				return Arrays.asList(e.getMessage());
+			}
+		}
+		
+		return null;	
+	}
+	
+	public List<String> executeTest(String testname) {
+		
+		TestModuleInterface test = tests.get(testname);
+		
+		if (test != null) {
+			try {
+				return test.performTests();
+				
+			} catch (Exception e) {
+				Logger.warn("General Testing Eception during Test " + test.getName() + ": ", e);
+				return Arrays.asList(e.getMessage());
+			}
+			
+		} else {
+			Logger.info("TestModule with Name " + testname + " is not implemented");
+			return null;
+		}
+	}
+	
+	public boolean existsModule(String modulename) {
+		return tests.containsKey(modulename);
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
new file mode 100644
index 000000000..4e26b1ce8
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.List;
+
+public interface TestModuleInterface {
+
+	public List<String> performTests() throws Exception;
+	
+	public void initializeTest(long delayParam, String url) throws Exception; 
+	
+	public String getName();
+}