aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
commitc9370266c7553db65e9d18f7fe2a0230ab94d912 (patch)
tree041eaa2f9b715205bf377b586d4e8381887b2951 /id/server/modules
parent98cdf5c84739362a2d41702f538c370fa3d2c86e (diff)
downloadmoa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.gz
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.bz2
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.zip
refactor authentication process to use service-provider configuration from pending-request
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java231
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java47
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java45
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java53
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java58
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java30
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java59
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java64
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java107
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java79
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java53
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java35
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java29
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java52
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java15
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java51
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java146
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java32
22 files changed, 357 insertions, 848 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 065f3866b..21e7f2027 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -59,9 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -90,6 +88,7 @@ import iaik.x509.X509ExtensionInitException;
public class AuthenticationServer extends BaseAuthenticationServer {
@Autowired private MOAReversionLogger revisionsLogger;
+ @Autowired private AuthConfiguration authConfig;
/**
* Constructor for AuthenticationServer.
@@ -142,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
//load OnlineApplication configuration
- OAAuthParameter oaParam =
- authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()});
+ throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()});
//load Template
+ String templateURL = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
String template = null;
- if (session.getTemplateURL() != null) {
+ if (MiscUtil.isNotEmpty(templateURL)) {
try {
-
- template = new String(FileUtils.readURL(session.getTemplateURL()));
+ template = new String(FileUtils.readURL(templateURL));
+
} catch (IOException ex) {
throw new AuthenticationException("auth.03", new Object[]{
- session.getTemplateURL(), ex.toString()}, ex);
+ templateURL, ex.toString()}, ex);
+
}
+
+ } else {
+ throw new AuthenticationException("auth.04", new Object[]{
+ "SecurityLayerTemplate", "No template definde"});
+
}
String infoboxReadRequest = "";
-
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
- //do not use SSO if no Target is set
- Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
- session.setSsoRequested(false);
-
- }
-
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
Logger.info("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
-
+ String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
if (domainIdentifier.startsWith(PREFIX_WPBK)) {
-
isbuisness = true;
} else {
@@ -196,9 +192,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
-
+ //build DataURL for BKU request
String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
+ pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
//removed in MOAID 2.0
String pushInfobox = "";
@@ -263,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
// check if an identity link was found
// Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform
// (SL1.2))
@@ -295,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
IdentityLinkValidator.getInstance().validate(identityLink);
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(identityLink, authConf
+ .build(identityLink, authConfig
.getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
// invokes the call
@@ -305,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(
verifyXMLSignatureResponse,
- authConf.getIdentityLinkX509SubjectNames(),
+ authConfig.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
oaParam);
@@ -351,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyCertificate(AuthenticationSession session,
+ public void verifyCertificate(AuthenticationSession session,
X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, MOAIDException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
try {
@@ -375,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
session.setOW(false);
}
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam, pendingReq);
-
- return returnvalue;
}
/**
@@ -398,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* layer implementation</li>
* </ul>
* @param pendingReq
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -405,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(AuthenticationSession session, MISMandate mandate)
+ public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
@@ -413,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
GET_MIS_SESSIONID, PARAM_SESSIONID});
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
try {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
@@ -442,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
/**
* @param session
- * @param authConf
- * @param oaParam
* @param pendingReq
* @return
* @throws ConfigurationException
@@ -451,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws ValidateException
*/
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
- AuthenticationSession session, AuthConfiguration authConf,
- IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException,
+ AuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
BuildException, ValidateException {
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = authConfig;
- if (oaParam == null)
- oaParam = authConfig
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
// builds the <CreateXMLSignatureRequest>
- List<String> transformsInfos = authConf.getTransformsInfos();
+ List<String> transformsInfos = authConfig.getTransformsInfos();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
@@ -483,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* <ul>
* <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param cert The certificate from the user
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(AuthenticationSession session,
+ public String createXMLSignatureRequestForeignID(IRequest pendingReq,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
- cert);
- }
-
- public String getCreateXMLSignatureRequestForeigID(
- AuthenticationSession session, AuthConfiguration authConf,
- OAAuthParameter oaParam, X509Certificate cert)
- throws ConfigurationException {
-
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = authConfig;
- if (oaParam == null)
- oaParam = authConfig
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
Principal subject = cert.getSubjectDN();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .buildForeignID(subject.toString(), oaParam, session);
+ .buildForeignID(subject.toString(), pendingReq);
return createXMLSignatureRequest;
+
}
-// /**
-// * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
-// * security layer implementation.<br>
-// * <ul>
-// * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Parses response enclosed in
-// * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Verifies signature by calling the MOA SP component</li>
-// * <li>Returns the signer certificate</li>
-// * </ul>
-// *
-// * @param sessionID ID of associated authentication session data
-// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
-// * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
-// * @throws BKUException
-// */
-// public X509Certificate verifyXMLSignature(String sessionID,
-// Map<String, String> createXMLSignatureResponseParameters)
-// throws AuthenticationException, BuildException, ParseException,
-// ConfigurationException, ValidateException, ServiceException, BKUException {
-//
-// if (isEmpty(sessionID))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
-//
-// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
-// .get(PARAM_XMLRESPONSE);
-//
-// if (isEmpty(xmlCreateXMLSignatureResponse))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
-//
-// AuthConfiguration authConf = AuthConfigurationProviderFactory
-// .getInstance();
-//
-// // parses the <CreateXMLSignatureResponse>
-// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
-// xmlCreateXMLSignatureResponse);
-// CreateXMLSignatureResponse createXMLSignatureResponse = p
-// .parseResponseDsig();
-//
-// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
-// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
-// .buildDsig(createXMLSignatureResponse, authConf
-// .getMoaSpAuthBlockTrustProfileID());
-//
-// // invokes the call
-// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
-// .verifyXMLSignature(domVerifyXMLSignatureRequest);
-//
-// // parses the <VerifyXMLSignatureResponse>
-// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
-// domVerifyXMLSignatureResponse).parseData();
-//
-// return verifyXMLSignatureResponse.getX509certificate();
-//
-// }
-
/**
* Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
* security layer implementation.<br>
@@ -650,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
String identificationValue = null;
String identificationType = null;
+ //get processing data from pending-request
+ String authURL = pendingReq.getAuthURL();
+ String requestedTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+
+
//set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
- if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
+ if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) {
identificationType = "";
identificationValue = "";
@@ -668,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
else
identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
- } else {
+ } else {
String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
+ .getIdentificationValue(), requestedTarget);
identificationValue = bpkBase64;
- identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget;
}
@@ -682,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
+ //set AuthBlock generation time to session
String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
.getInstance());
session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
@@ -696,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer {
List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
String oaURL = pendingReq.getAuthURL();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
- } else {
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ } else {
+ String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
+ .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
@@ -1034,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
xmlCreateXMLSignatureReadResponse).parseResponse();
@@ -1052,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
}
// validates <CreateXMLSignatureResponse>
- if (session.isSsoRequested())
+ if (pendingReq.needSingleSignOnFunctionality())
new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq);
+
else
new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq);
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
+ List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
// debug output
@@ -1089,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
}
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 79f407ca3..9ae1dc6a7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -52,7 +52,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -175,7 +174,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- IOAAuthParameters oaParam2)
+ IOAAuthParameters oaParam)
throws BuildException
{
@@ -193,7 +192,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//adding type of wbPK domain identifier
ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
- new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
@@ -255,7 +254,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
//adding friendly name of OA
- String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName();
+ String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
ExtendedSAMLAttribute oaFriendlyNameAttribute =
new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
@@ -264,15 +263,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
-
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
@@ -345,25 +338,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //BZ.., reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
- //..BZ
-
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -419,14 +401,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//..BZ
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 6ff0177ac..a2dc54a37 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -122,6 +122,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
} catch (IOException e) {
throw new TaskExecutionException(e.getMessage(), e);
+ } catch (MOADatabaseException e1) {
+ throw new TaskExecutionException(e1.getMessage(), e1);
+
} finally {
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ef17700d3..370236bf4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -13,14 +13,10 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
@@ -66,42 +62,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
try {
-
- IRequest pendingReq = requestStoreage.getPendingRequest(
- (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
-
-
-
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
//normal MOA-ID authentication
Logger.debug("Starting normal MOA-ID authentication");
String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq);
@@ -122,8 +85,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
}
} catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
throw new TaskExecutionException(ex.getMessage(), ex);
+
}
catch (MOAIDException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 5c88afc56..50b71a660 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
@@ -14,8 +13,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@@ -23,8 +20,6 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -37,13 +32,11 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
/**
@@ -93,54 +86,18 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
}
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
+ //check if response exists
String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
}
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.debug(xmlCreateXMLSignatureResponse);
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
- Logger.debug(xmlCreateXMLSignatureResponse);
-
+
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
.parseResponseDsig();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 938b4ce77..8f7f5fd80 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -1,7 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.security.GeneralSecurityException;
import java.util.List;
@@ -11,8 +10,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@@ -20,22 +17,17 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import iaik.pki.PKIException;
/**
@@ -73,57 +65,22 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
Logger.debug("POST GetMISSessionIDServlet");
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+ //get MIS sessionID
String misSessionID = moasession.getMISSessionID();
+ //get mandates from MIS
ConnectionParameter connectionParameters = authConfig
.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
authConfig,
connectionParameters);
-
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
+ //check if mandates received
if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
throw new AuthenticationException("auth.15", null);
@@ -136,8 +93,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
- // TODO[tlenz]: UTF-8 ?
- String sMandate = new String(mandate.getMandate());
+ String sMandate = new String(mandate.getMandate(), "UTF-8");
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
throw new AuthenticationException("auth.15",
@@ -152,7 +108,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
null, null).getDocumentElement();
// extract RepresentationType
- authServer.verifyMandate(moasession, mandate);
+ authServer.verifyMandate(pendingReq, moasession, mandate);
moasession.setMISMandate(mandate);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index 86d8de047..ba2c9d108 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -27,6 +27,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -52,6 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("InitializeBKUAuthenticationTask")
public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
+ @Autowired StartAuthentificationParameterParser authInitialisationParser;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -88,7 +91,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
Logger.info("Start Authentication Module: " + pendingReq.requestedModule()
+ " Action: " + pendingReq.requestedAction());
- StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq);
+ authInitialisationParser.parse(executionContext, request, moasession, pendingReq);
} else {
String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU);
@@ -104,7 +107,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
else {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
@@ -147,23 +150,24 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
useMandate = "false";
//parse all OA parameters i
- StartAuthentificationParameterParser.parse(moasession,
- target,
- moasession.getOAURLRequested(),
- bkuURL,
- templateURL,
- useMandate,
- ccc,
- request,
- pendingReq);
+ authInitialisationParser.parse( moasession,
+ target,
+ pendingReq.getOAURL(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ request,
+ pendingReq);
}
}
executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate());
- // make sure moa session has been persisted before running the process
+ // make sure MOASession and Pending-Request has been persisted before running the process
try {
- authenticatedSessionStorage.storeSession(moasession);
+ authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 1c5f3c202..bd8377373 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -1,29 +1,19 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/>
@@ -58,54 +48,17 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
Logger.debug("Process CreateAuthBlock Task");
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ //initialize task
+ defaultTaskInitialization(req, executionContext);
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
-
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-
+ //build authBlock
String createXMLSignatureRequest = authServer
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq);
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
+ //store MOASession
authenticatedSessionStorage.storeSession(moasession);
+ //write response
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq,
createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
"VerifyIdentityLink");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 3d8b94239..6c0fe3774 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.util.List;
@@ -31,13 +30,10 @@ import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -49,14 +45,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -75,46 +69,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//mandate Mode
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
+ //perform default task initialization
+ defaultTaskInitialization(request, executionContext);
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
@@ -131,14 +88,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
GET_MIS_SESSIONID,
pendingReq.getRequestID());
- String oaURL = pendingReq.getOAURL();
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
- if (oaParam == null) {
- oaParam = authConfig.getOnlineApplicationParameter(oaURL);
- Logger.info("No Service info in PendingRequest --> load service info from configuration");
-
- }
-
List<String> profiles = oaParam.getMandateProfiles();
if (profiles == null) {
@@ -153,15 +103,12 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//TODO: check in case of SSO!!!
String targetType = null;
- if(oaParam.getBusinessService()) {
- String id = oaParam.getIdentityLinkDomainIdentifier();
- if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetType = id;
- else
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier();
+ if(oaParam.getBusinessService()){
+ targetType = oaParam.getIdentityLinkDomainIdentifier();
} else {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+
}
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
@@ -182,6 +129,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+
}
String redirectMISGUI = misSessionID.getRedirectURL();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 78be6c8c8..e8f68c514 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import java.io.IOException;
@@ -10,26 +9,19 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
@@ -88,80 +80,39 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- String redirectURL = null;
- try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
+ try {
+ //check if authblock is received
+ if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
- authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
-
- //store all changes in session DAO
- authenticatedSessionStorage.storeSession(moasession);
-
- }
-
- catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
-
- } catch (Exception e) {
- Logger.error("AuthBlockValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
-
- }
-
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
- finally {
-
- }
-
-
+ //verify authBlock
+ authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
+
+ //store all changes in session DAO
+ authenticatedSessionStorage.storeSession(moasession);
+
+ }
+
+ catch (MOAIDException ex) {
+ throw new TaskExecutionException(ex.getMessage(), ex);
+
+ } catch (Exception e) {
+ Logger.error("AuthBlockValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+
+ finally {
+
+ }
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5c9a069ee..6c220fd79 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
import java.io.IOException;
@@ -10,28 +9,22 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
/**
@@ -83,62 +76,27 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
+ //read certificate from response
X509Certificate cert = authServer.getCertificate(pendingReq, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
}
-
- boolean useMandate = moasession.getUseMandate();
-
- if (useMandate) {
+
+ if (moasession.getUseMandate()) {
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq);
+ // verify certificate for OrganWalter
+ authServer.verifyCertificate(moasession, cert, pendingReq);
+
+ //create AuthBlock
+ String createXMLSignatureRequestOrRedirect =
+ authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
try {
authenticatedSessionStorage.storeSession(moasession);
@@ -149,8 +107,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
- }
- else {
+ } else {
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
@@ -164,21 +121,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
- String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert);
+ String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert);
+
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
pendingReq.getAuthURL(),
REQ_GET_FOREIGN_ID,
pendingReq.getRequestID());
-
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
+
CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 2c23254e4..267d5ea0b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -1,31 +1,23 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Verifies the identity link.<p/>
@@ -72,52 +64,19 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
}
try {
-
- String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
+
+ //verify identityLink
boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
+ //store session
authenticatedSessionStorage.storeSession(moasession);
+ //set 'identityLink exists' flag to context
executionContext.put("identityLinkAvailable", identityLinkAvailable);
} catch (ParseException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8a9c19c80..5e0a69fd4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,6 +56,7 @@ import javax.xml.bind.DatatypeConverter;
import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -66,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -132,10 +133,14 @@ public class CreateXMLSignatureResponseValidator {
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
- String gbTarget = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- boolean businessService = session.getBusinessService();
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ String gbTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+ String oaURL = oaParam.getPublicURLPrefix();
+ boolean businessService = oaParam.getBusinessService();
IdentityLink identityLink = session.getIdentityLink();
@@ -227,8 +232,7 @@ public class CreateXMLSignatureResponseValidator {
}
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- String targetFriendlyName = session.getTargetFriendlyName();
+ foundGB = true;
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget);
if (StringUtils.isEmpty(sectorName)) {
if (targetFriendlyName != null)
@@ -293,23 +297,18 @@ public class CreateXMLSignatureResponseValidator {
samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.info("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
-
-
+
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
} else {
throw new ValidateException("validator.35", null);
+
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index bb180d8e9..1f9d9e3a0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,14 +27,12 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -59,13 +59,12 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonPrimitive;
-
public final class OAuth20AttributeBuilder {
private OAuth20AttributeBuilder() {
@@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+ final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
for (IAttributeBuilder b : builders) {
try {
//TODO: better solution requires more refactoring :(
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
}
public static void addScopeOpenId(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData,
+ final IOAAuthParameters oaParam, final IAuthData authData,
final OAuth20AuthRequest oAuthRequest) {
addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
}
public static void addScopeProfile(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
}
public static void addScopeEID(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
}
public static void addScopeEIDGov(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
}
public static void addScopeMandate(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
}
public static void addScopeSTORK(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index d2636c259..d08a3b4f0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder {
return g.buildStringAttribute(this.getName(), "", null);
}
- public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
IAttributeGenerator<ATT> g) throws AttributeException {
if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index fcde874b4..17d0738e3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -36,8 +36,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -153,7 +152,7 @@ class OAuth20AuthAction implements IAction {
private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+ IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index ecef9b0a3..416445fa6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -212,38 +212,30 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-
- for (String s : scope.split(" ")) {
- if (s.equalsIgnoreCase("profile")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
- reqAttr.put(el.getName(), "");
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
- } else if (s.equalsIgnoreCase("eID")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("eID_gov")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("mandate")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("stork")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
- reqAttr.put(el.getName(), "");
-
- }
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
}
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
-
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 52204d7f6..22ceda4f1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController {
*/
public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
// validation is done inside creation
- OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
- Logger.debug("Created: " + res);
- return res;
+
+ try {
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
+ Logger.debug("Created: " + res);
+ return res;
+
+ } catch (OAuth20Exception e) {
+ Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
+ throw new InvalidProtocolRequestException(e.getMessage(), null);
+
+ }
}
/*
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b4c8c37d4..61a73335c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction {
}
try {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
// add other stork attributes to MOA assertion if available
IPersonalAttributeList storkAttributes = authData.getGenericData(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1d06bb48a..5eb39880e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
Throwable error = null;
- //synchronized (authenticationDataStore) {
- try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
- authenticationDataStore.remove(samlArtifact);
-
- } catch (MOADatabaseException e) {
+ if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
+
}
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
- //}
-
return error;
}
@@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- String authData = null;
- //synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
-
- try {
- authData = authenticationDataStore
- .get(samlArtifact, String.class, authDataTimeOut);
+ String authData = null;
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, String.class, authDataTimeOut);
- } catch (MOADatabaseException e) {
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- //}
+
+ }
- authenticationDataStore.remove(samlArtifact);
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ authenticationDataStore.remove(samlArtifact);
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ public String BuildSAMLArtifact(IOAAuthParameters oaParam,
SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
@@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 417bf4dc9..3facdb50f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
- public static final String REQ_DATA_SOURCEID = "sourceID";
- public static final String REQ_DATA_TARGET = "target";
+ public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
+ public static final String REQ_DATA_TARGET = "saml1_target";
public static final String NAME = SAML1Protocol.class.getName();
public static final String PATH = "id_saml1";
@@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController {
public void preProcess(HttpServletRequest request,
HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+ try {
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
- String oaURL = (String) request.getParameter(PARAM_OA);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- String target = (String) request.getParameter(PARAM_TARGET);
- target = StringEscapeUtils.escapeHtml(target);
-
- String sourceID = request.getParameter(PARAM_SOURCEID);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
-
- //the target parameter is used to define the OA in SAML1 standard
- if (target != null && target.startsWith("http")) {
- oaURL = target;
- target = null;
- }
-
- if (MiscUtil.isEmpty(oaURL)) {
- Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
- }
-
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
-
- pendingRequest.setOAURL(oaURL);
-
- Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
-
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-
-
- //load Target only from OA config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ String sourceID = request.getParameter(PARAM_SOURCEID);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (MiscUtil.isEmpty(oaURL)) {
+ Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ pendingRequest.setOAURL(oaURL);
+
+ Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+
+ SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+ if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+ Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+ }
+ pendingRequest.setOnlineApplicationConfiguration(oaParam);
+
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null &&
+ MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) {
+ pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID());
- SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
- if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
- Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ } else
+ pendingRequest.setSourceID(sourceID);
+
+ revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+
+ if (MiscUtil.isNotEmpty(target))
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+
+ else
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+
+ //AuthnRequest needs authentication
+ pendingRequest.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingRequest.setAction(AuthenticationAction.class.getName());
+
+ } catch (WrongParametersException e) {
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+
+ } catch (InvalidProtocolRequestException e) {
+ throw e;
+
}
- pendingRequest.setOnlineApplicationConfiguration(oaParam);
- pendingRequest.setSourceID(sourceID);
-
- revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
-
- if (MiscUtil.isNotEmpty(target))
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
-
- else
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
-
- //AuthnRequest needs authentication
- pendingRequest.setNeedAuthentication(true);
-
- //set protocol action, which should be executed after authentication
- pendingRequest.setAction(AuthenticationAction.class.getName());
}
@@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController {
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
-
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (!oa.getSAML1Parameter().isProvideAllErrors())
+ if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
return false;
else {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 3da7cab80..5867bbac6 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
- SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter();
- if (saml1 != null) {
- if (saml1.isProvideAUTHBlock())
- reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-
- if (saml1.isProvideCertificate())
- reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-
- if (saml1.isProvideFullMandatorData())
- reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+ SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator());
}