aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
commitc9370266c7553db65e9d18f7fe2a0230ab94d912 (patch)
tree041eaa2f9b715205bf377b586d4e8381887b2951 /id/server
parent98cdf5c84739362a2d41702f538c370fa3d2c86e (diff)
downloadmoa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.gz
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.bz2
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.zip
refactor authentication process to use service-provider configuration from pending-request
Diffstat (limited to 'id/server')
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java352
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java239
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java15
-rw-r--r--id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml6
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java231
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java47
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java45
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java53
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java58
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java30
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java59
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java64
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java107
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java79
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java53
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java35
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java29
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java5
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java52
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java15
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java51
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java146
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java32
46 files changed, 667 insertions, 1417 deletions
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 2b0115d4a..af133525e 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -674,7 +674,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function bkuHandyClicked() {
@@ -691,7 +691,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function storkClicked() {
@@ -714,7 +714,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function generateIFrame(iFrameURL) {
@@ -876,7 +876,7 @@
type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#">
+ name="pendingid" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
role="button" onclick="setMandateSelection();">
</form>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 082ebcdcd..d76021bbd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -177,4 +177,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID";
public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
+ //General protocol-request data-store keys
+ public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
+ public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
+ public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5bde82899..2f882f41e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -198,7 +198,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
IOAAuthParameters oaParam = null;
if (reqAttributes == null) {
//get OnlineApplication from MOA-ID-Auth configuration
- oaParam = authConfig.getOnlineApplicationParameter(oaID);
+ oaParam = protocolRequest.getOnlineApplicationConfiguration();
//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
if (oaParam.isSTORKPVPGateway())
@@ -879,7 +879,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- authData.setIssuer(session.getAuthURL());
+ authData.setIssuer(protocolRequest.getAuthURL());
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index bbbfacbd1..e763c5355 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -50,9 +50,10 @@ import java.text.MessageFormat;
import java.util.Calendar;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
@@ -156,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param session current session
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+ public String buildForeignID(String subject, IRequest pendingReq) {
String request = "";
request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">";
@@ -165,7 +166,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "<sl:DataObject>";
request += "<sl:XMLContent>";
- request += buildForeignIDTextToBeSigned(subject, oaParam, session);
+ request += buildForeignIDTextToBeSigned(subject,pendingReq);
request += "</sl:XMLContent>";
request += "</sl:DataObject>";
@@ -180,9 +181,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
return request;
}
- public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
-
- String target = session.getTarget();
+ public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) {
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ String target = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
Calendar cal = Calendar.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3849eb8a2..196415ddc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -75,53 +75,12 @@ public class AuthenticationSession implements Serializable {
private String sessionID;
private Date sessionCreated = null;
-
- /**
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code> if the
- * online application is a business application
- */
- private String target;
- /**
- * Friendly name for the target, if target is configured via MOA-ID configuration
- */
- private String targetFriendlyName;
-
- /**
- * SourceID
- */
- private String sourceID;
-
- /**
- * public online application URL requested
- */
- private String oaURLRequested;
- /**
- * public online application URL prefix
- */
- private String oaPublicURLPrefix;
- /**
- * URL of MOA ID authentication component
- */
- private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
-
+
/**
* URL of the BKU
*/
private String bkuURL;
- /**
- * Indicates whether the corresponding online application is a business service or not
- */
- private boolean businessService;
-
- /**
- * Indicates whether the corresponding online application is a stork service or not
- */
- private boolean storkService;
// Store Mandate
/**
@@ -132,11 +91,6 @@ public class AuthenticationSession implements Serializable {
private boolean isOW = false;
/**
- * STORK
- */
- private String ccc;
-
- /**
*
* Mandate element
*/
@@ -158,12 +112,6 @@ public class AuthenticationSession implements Serializable {
*/
private IdentityLink identityLink;
- // /**
- // * timestamp logging when identity link has been received
- // */
- // private Date timestampIdentityLink;
-
- // store Authblock
/**
* authentication block to be signed by the user
*/
@@ -176,11 +124,9 @@ public class AuthenticationSession implements Serializable {
*/
private String issueInstant;
- // Signer certificate
/**
* Signer certificate of the foreign citizen or for mandate mode
*/
- // private X509Certificate signerCertificate;
private byte[] signerCertificate;
/**
@@ -200,26 +146,8 @@ public class AuthenticationSession implements Serializable {
* the AUTHBlock.
*/
private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
-
-// /**
-// * If infobox validators are needed after signing, they can be stored in this list.
-// */
-// private List infoboxValidators;
-
- /**
- * The register and number in the register parameter in case of a business service application.
- */
- private String domainIdentifier;
-
- /**
- * This string contains all identifiers of infoboxes, the online application is configured to
- * accept. The infobox identifiers are comma separated.
- */
- private String pushInfobox;
-
+
private boolean authenticated;
-
- private boolean ssoRequested = false;
private String QAALevel = null;
@@ -228,15 +156,8 @@ public class AuthenticationSession implements Serializable {
private boolean isForeigner;
private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
-
- public boolean isAuthenticated() {
- return authenticated;
- }
-
- public void setAuthenticated(boolean authenticated) {
- this.authenticated = authenticated;
- }
-
+
+
/**
* Constructor for AuthenticationSession.
*
@@ -249,6 +170,14 @@ public class AuthenticationSession implements Serializable {
}
+ public boolean isAuthenticated() {
+ return authenticated;
+ }
+
+ public void setAuthenticated(boolean authenticated) {
+ this.authenticated = authenticated;
+ }
+
public X509Certificate getSignerCertificate() {
try {
return new X509Certificate(signerCertificate);
@@ -311,24 +240,6 @@ public class AuthenticationSession implements Serializable {
}
/**
- * Returns the oaURLRequested.
- *
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- *
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
* Returns the BKU URL.
*
* @return String
@@ -336,54 +247,7 @@ public class AuthenticationSession implements Serializable {
public String getBkuURL() {
return bkuURL;
}
-
- /**
- * Returns the target.
- *
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Returns the sourceID.
- *
- * @return String
- */
- public String getSourceID() {
- return sourceID;
- }
-
- /**
- * Returns the target friendly name.
- *
- * @return String
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the oaURLRequested.
- *
- * @param oaURLRequested
- * The oaURLRequested to set
- */
- public void setOAURLRequested(String oaURLRequested) {
- this.oaURLRequested = oaURLRequested;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- *
- * @param oaPublicURLPrefix
- * The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
- this.oaPublicURLPrefix = oaPublicURLPrefix;
- }
-
+
/**
* Sets the bkuURL
*
@@ -393,63 +257,7 @@ public class AuthenticationSession implements Serializable {
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- *
- * @param target
- * The target to set
- */
- public void setTarget(String target) {
- if (target != null && target.startsWith(TARGET_PREFIX_)) {
- // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
- // prefix
- this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: " + this.target);
- } else {
- this.target = target;
- }
- }
-
- /**
- * Sets the sourceID
- *
- * @param sourceID
- * The sourceID to set
- */
- public void setSourceID(String sourceID) {
- this.sourceID = sourceID;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- *
- * @param target
- * The target to set
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- /**
- * Returns the authURL.
- *
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- *
- * @param authURL
- * The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
+
/**
* Returns the authBlock.
*
@@ -469,61 +277,6 @@ public class AuthenticationSession implements Serializable {
this.authBlock = authBlock;
}
- /**
- * Returns the businessService.
- *
- * @return <code>true</code> if the corresponding online application is a business application,
- * otherwise <code>false</code>
- */
- public boolean getBusinessService() {
- return businessService;
- }
-
- /**
- * Sets the businessService variable.
- *
- * @param businessService
- * the value for setting the businessService variable.
- */
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
-
- /**
- * Returns the storkService.
- *
- * @return <code>true</code> if the corresponding online application is a stork application,
- * otherwise <code>false</code>
- */
- public boolean getStorkService() {
- return storkService;
- }
-
- /**
- * Sets the storkService variable.
- *
- * @param storkService
- * the value for setting the storkService variable.
- */
- public void setStorkService(boolean storkService) {
- this.storkService = storkService;
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
- /**
- * @param string
- * the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
/**
* Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
@@ -610,54 +363,6 @@ public class AuthenticationSession implements Serializable {
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
-
- /**
- * Returns domain identifier (the register and number in the register parameter).
- * <code>null</code> in the case of not a business service.
- *
- * @return the domainIdentifier
- */
- public String getDomainIdentifier() {
- return domainIdentifier;
- }
-
- /**
- * Sets the register and number in the register parameter if the application is a business
- * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be
- * stripped off.
- *
- * @param domainIdentifier
- * the domain identifier to set
- */
- public void setDomainIdentifier(String domainIdentifier) {
- if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
- } else {
- this.domainIdentifier = domainIdentifier;
- }
- }
-
- /**
- * Gets all identifiers of infoboxes, the online application is configured to accept. The
- * infobox identifiers are comma separated.
- *
- * @return the string containing infobox identifiers
- */
- public String getPushInfobox() {
- if (pushInfobox == null) return "";
- return pushInfobox;
- }
-
- /**
- * @param pushInfobox
- * the infobox identifiers to set (comma separated)
- */
- public void setPushInfobox(String pushInfobox) {
- this.pushInfobox = pushInfobox;
- }
/**
*
@@ -713,15 +418,7 @@ public class AuthenticationSession implements Serializable {
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
-
- public String getCcc() {
- return ccc;
- }
-
- public void setCcc(String ccc) {
- this.ccc = ccc;
- }
-
+
public boolean isForeigner() {
return isForeigner;
}
@@ -745,24 +442,7 @@ public class AuthenticationSession implements Serializable {
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
-
- /**
- * @return the ssoRequested
- */
-
- // TODO: SSO only allowed without mandates, actually!!!!!!
- public boolean isSsoRequested() {
- return ssoRequested && !useMandate;
- }
-
- /**
- * @param ssoRequested
- * the ssoRequested to set
- */
- public void setSsoRequested(boolean ssoRequested) {
- this.ssoRequested = ssoRequested;
- }
-
+
/**
* @return the isOW
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index a73fd6858..66f91266f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -7,6 +7,7 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACH
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -29,19 +30,24 @@ import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
@@ -66,6 +72,51 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
protected static final String ERROR_CODE_PARAM = "errorid";
+ protected IRequest pendingReq = null;
+ protected AuthenticationSession moasession = null;
+
+ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
+ String pendingRequestID = StringEscapeUtils.escapeHtml(
+ ObjectUtils.defaultIfNull(
+ (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID),
+ req.getParameter(PARAM_TARGET_PENDINGREQUESTID)));
+
+ if (MiscUtil.isEmpty(pendingRequestID)) {
+ Logger.info("No PendingRequestID received");
+ throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+ }
+
+ pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ try {
+ moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+
+ if (moasession == null) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ }
+
protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
HttpServletRequest req, HttpServletResponse resp) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index f1ab58ee0..053f5d7ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
@@ -103,7 +104,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
try {
OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);
- OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+ IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration();
String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index fe3e8680c..9db5baeab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -56,7 +56,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
//load pending request
- String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+ String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);
IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
@@ -86,7 +86,8 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
Enumeration<String> reqParamNames = request.getParameterNames();
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName))
+ if (MiscUtil.isNotEmpty(paramName) &&
+ !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName))
executionContext.put(paramName, request.getParameter(paramName));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 1bdc132d9..cb0b63276 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -80,7 +80,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
if (publicURLPreFix.endsWith("/"))
publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(),
- pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID);
+ pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID());
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 8af8ed238..3699633bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -27,6 +27,8 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -34,8 +36,8 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -44,9 +46,12 @@ import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+@Service("StartAuthentificationParameterParser")
public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
- public static void parse(AuthenticationSession moasession,
+ @Autowired AuthConfiguration authConfig;
+
+ public void parse(AuthenticationSession moasession,
String target,
String oaURL,
String bkuURL,
@@ -57,30 +62,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
IRequest protocolReq) throws WrongParametersException, MOAIDException {
String targetFriendlyName = null;
-
-// String sso = req.getParameter(PARAM_SSO);
-
+
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
ccc = StringEscapeUtils.escapeHtml(ccc);
- // sso = StringEscapeUtils.escapeHtml(sso);
-
- // check parameter
-
- //pvp2.x can use general identifier (equals oaURL in SAML1)
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ //validate parameters
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-// if (!ParamValidatorUtils.isValidUseMandate(sso))
-// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+
//check UseMandate flag
String useMandateString = null;
@@ -100,161 +95,98 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
//load OnlineApplication configuration
- OAAuthParameter oaParam;
- if (moasession.getPublicOAURLPrefix() != null) {
- Logger.debug("Loading OA parameters for PublicURLPrefix: " + moasession.getPublicOAURLPrefix());
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- moasession.getPublicOAURLPrefix());
-
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { moasession.getPublicOAURLPrefix() });
-
- } else {
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
+ IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration();
+ if (oaParam == null)
throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ new Object[] { protocolReq.getOAURL() });
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(targetConfig)
- || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&
- !StringUtils.isEmpty(target))
- ) {
- //INFO: ONLY SAML1 legacy mode
- // if SAML1 is used and target attribute is given in request
- // use requested target
- // check target parameter
- if (!ParamValidatorUtils.isValidTarget(target)) {
- Logger.error("Selected target is invalid. Using target: " + target);
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- }
- if (MiscUtil.isNotEmpty(targetConfig))
- targetFriendlyName = targetFriendlyNameConfig;
+ if (!oaParam.getBusinessService()) {
+ if (StringUtils.isEmpty(targetConfig)
+ || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&
+ !StringUtils.isEmpty(target))
+ ) {
+ //INFO: ONLY SAML1 legacy mode
+ // if SAML1 is used and target attribute is given in request
+ // use requested target
+ // check target parameter
+ if (!ParamValidatorUtils.isValidTarget(target)) {
+ Logger.error("Selected target is invalid. Using target: " + target);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ }
+ if (MiscUtil.isNotEmpty(targetConfig))
+ targetFriendlyName = targetFriendlyNameConfig;
+
+ else {
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+ if (MiscUtil.isNotEmpty(sectorName))
+ targetFriendlyName = sectorName;
else {
- String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
- if (MiscUtil.isNotEmpty(sectorName))
- targetFriendlyName = sectorName;
-
- else {
- //check target contains subSector
- int delimiter = target.indexOf("-");
- if (delimiter > 0) {
- targetFriendlyName =
- TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter));
-
- }
- }
- }
-
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
+ //check target contains subSector
+ int delimiter = target.indexOf("-");
+ if (delimiter > 0) {
+ targetFriendlyName =
+ TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter));
+
+ }
+ }
}
- moasession.setTarget(target);
- moasession.setTargetFriendlyName(targetFriendlyName);
-
+
} else {
- Logger.debug("Business: " + moasession.getBusinessService() + " stork: " + moasession.getStorkService());
- moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
-
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
}
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
-// //check useSSO flag
-// String useSSOString = null;
-// boolean useSSOBoolean = false;
-// if ((sso != null) && (sso.compareTo("") != 0)) {
-// useSSOString = sso;
-// } else {
-// useSSOString = "false";
-// }
- //
-// if (useSSOString.compareToIgnoreCase("true") == 0)
-// useSSOBoolean = true;
-// else
-// useSSOBoolean = false;
-
- //moasession.setSsoRequested(useSSOBoolean);
- moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
+ protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, target);
+ protocolReq.setGenericDataToSession(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, targetFriendlyName);
+ Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + target);
+
+ } else {
+ Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier());
- //Validate BKU URI
- List<String> allowedbkus = oaParam.getBKUURL();
- allowedbkus.addAll(AuthConfigurationProviderFactory.getInstance().getDefaultBKUURLs());
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-
- moasession.setBkuURL(bkuURL);
-
- if ((!oaParam.getBusinessService())) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
-
- } else {
- if (useMandateBoolean) {
- Logger.error("Online-Mandate Mode for business application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for business application not supported.");
+ throw new AuthenticationException("auth.17", null);
}
- moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moasession.setBusinessService(oaParam.getBusinessService());
-
- //moasession.setStorkService(oaParam.getStorkService());
- }
-
- //check OnlineApplicationURL
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
- moasession.setOAURLRequested(oaURL);
-
- //check AuthURL
- String authURL = protocolReq.getAuthURL();
- if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed())
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
-
- //set Auth URL from configuration
- moasession.setAuthURL(authURL);
-
- //check and set SourceID
- if (oaParam.getSAML1Parameter() != null) {
- String sourceID = oaParam.getSAML1Parameter().getSourceID();
- if (MiscUtil.isNotEmpty(sourceID))
- moasession.setSourceID(sourceID);
}
-
+
+ //Validate BKU URI
+ List<String> allowedbkus = oaParam.getBKUURL();
+ allowedbkus.addAll(authConfig.getDefaultBKUURLs());
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ moasession.setBkuURL(bkuURL);
+
+ //validate securityLayer-template
if (MiscUtil.isEmpty(templateURL)) {
List<String> templateURLList = oaParam.getTemplateURL();
List<String> defaulTemplateURLList =
- AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates();
+ authConfig.getSLRequestTemplates();
if ( templateURLList != null && templateURLList.size() > 0
&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {
templateURL = FileUtils.makeAbsoluteURL(
oaParam.getTemplateURL().get(0),
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
templateURL = FileUtils.makeAbsoluteURL(
defaulTemplateURLList.get(0),
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")");
} else {
@@ -267,13 +199,22 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- moasession.setTemplateURL(templateURL);
-
- moasession.setCcc(ccc);
-
+ protocolReq.setGenericDataToSession(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE,
+ templateURL);
+
+
+ //validate SSO functionality
+ String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
+ if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) {
+ //do not use SSO if no Target is set
+ Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ protocolReq.setNeedSingleSignOnFunctionality(false);
+
+ }
}
- public static void parse(ExecutionContext ec, HttpServletRequest req,
+ public void parse(ExecutionContext ec, HttpServletRequest req,
AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
//get Parameters from request
@@ -294,7 +235,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
oaURL = request.getOAURL();
//only needed for SAML1
- String target = request.getGenericData("target", String.class);
+ String target = request.getGenericData("saml1_target", String.class);
parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
@@ -307,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
* parameter
* @return true if the parameter is null or empty
*/
- private static boolean isEmpty(String param) {
+ private boolean isEmpty(String param) {
return param == null || param.length() == 0;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 48292cee1..87d41dbf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -110,10 +110,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
- handleErrorNoRedirect(e, req, resp);
+ handleErrorNoRedirect(e, req, resp, false);
} catch (MOADatabaseException e) {
- handleErrorNoRedirect(e, req, resp);
+ handleErrorNoRedirect(e, req, resp, false);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 7f0a1c157..58034cc7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -66,6 +66,11 @@ public interface IOAAuthParameters {
public boolean getBusinessService();
+ /**
+ * Get target of a public service-provider
+ *
+ * @return target identifier without prefix
+ */
public String getTarget();
public String getTargetFriendlyName();
@@ -77,6 +82,8 @@ public interface IOAAuthParameters {
public boolean isRemovePBKFromAuthBlock();
/**
+ * Return the private-service domain-identifier with PreFix
+ *
* @return the identityLinkDomainIdentifier
*/
public String getIdentityLinkDomainIdentifier();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index b6df5e5c6..4131e49fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -496,6 +496,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
AuthenticationSession moasession;
try {
moasession = authenticatedSessionStore.createSession(pendingReq);
+ pendingReq.setMOASessionIdentifier(moasession.getSessionID());
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
@@ -514,7 +515,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
boolean leagacyMode = (legacyallowed && legacyparamavail);
executionContext.put("isLegacyRequest", leagacyMode);
- executionContext.put("performBKUSelection", leagacyMode
+ executionContext.put("performBKUSelection", !leagacyMode
&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
//add leagcy parameters to context
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
index 6f46edce3..d26af89a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.moduls;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
/**
* @author tlenz
@@ -36,6 +37,6 @@ public interface IRequestStorage {
public void removePendingRequest(String requestID);
- public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException;
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 66ca42398..c49df43fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -44,14 +44,19 @@ public class RequestStorage implements IRequestStorage{
try {
IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
-
+ if (pendingRequest == null) {
+ Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);
+ return null;
+
+ }
+
//set transactionID and sessionID to Logger
TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());
return pendingRequest;
- } catch (MOADatabaseException e) {
+ } catch (MOADatabaseException | NullPointerException e) {
Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);
return null;
@@ -106,16 +111,17 @@ public class RequestStorage implements IRequestStorage{
* @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
*/
@Override
- public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException {
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException {
if (pendingRequest instanceof RequestImpl) {
String newRequestID = Random.nextRandom();
+ String oldRequestID = pendingRequest.getRequestID();
Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID()
+ " to " + newRequestID);
((RequestImpl)pendingRequest).setRequestID(newRequestID);
- storePendingRequest(pendingRequest);
+ transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
return newRequestID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c9a34496a..36145375b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -107,7 +107,7 @@ public class AttributQueryAction implements IAction {
List<String> attrList = addDefaultAttributes(attrQuery, authData);
//build PVP 2.1 assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex());
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(req, attrQuery, attrList, authData, date, authData.getSessionIndex());
//build PVP 2.1 response
Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 07367e1d0..181e89806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -36,8 +36,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -98,9 +96,7 @@ public class PVPTargetConfiguration extends RequestImpl {
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-
+ try {
SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -136,15 +132,12 @@ public class PVPTargetConfiguration extends RequestImpl {
reqAttr.put(attr.getName(), "");
}
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
} catch (NoMetadataInformationException e) {
Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
return null;
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 065118e2b..208cd67f2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -55,7 +55,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.w3c.dom.Element;
-
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
@@ -64,21 +63,18 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
@@ -90,7 +86,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
- public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery,
+ public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery,
List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
@@ -136,12 +132,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = null;
- return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date,
+ return buildGenericAssertion(pendingReq, attrQuery.getIssuer().getValue(), date,
authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
new DateTime(authData.getSsoSessionValidTo().getTime()));
}
- public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest,
+ public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
@@ -153,9 +149,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- peerEntity.getEntityID());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (reqAuthnContext == null) {
authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
@@ -416,12 +410,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
sloInformation.setNameIDFormat(subjectNameID.getFormat());
sloInformation.setSessionIndex(sessionIndex);
- return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
+ return buildGenericAssertion(pendingReq, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
}
/**
*
- * @param authURL IDP PublicURL PreFix
+ * @param pendingReq IDP PublicURL PreFix
* @param entityID Service Provider EntityID
* @param date
* @param authnContextClassRef
@@ -434,7 +428,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
* @throws ConfigurationException
*/
- private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date,
+ private static Assertion buildGenericAssertion(IRequest pendingReq, String entityID, DateTime date,
AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
String sessionIndex, DateTime isValidTo) throws ConfigurationException {
@@ -486,6 +480,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ String authURL = pendingReq.getAuthURL();
if (authURL.endsWith("/"))
authURL = authURL.substring(0, authURL.length()-1);
issuer.setValue(authURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 974d90e11..4fbca5b13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -81,7 +81,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
SLOInformationImpl sloInformation = new SLOInformationImpl();
//build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData,
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj, authnRequest, authData,
peerEntity, date, consumerService, sloInformation);
Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index f33a7549c..ff631a720 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -53,28 +53,38 @@ public class DBTransactionStorage implements ITransactionStorage {
}
- public void put(String key, Object value) throws MOADatabaseException {
- //setup AssertionStore element
- AssertionStore element = new AssertionStore();
- element.setArtifact(key);
- element.setType(value.getClass().getName());
- element.setDatatime(new Date());
-
- //serialize the Assertion for Database storage
- byte[] data = SerializationUtils.serialize((Serializable) value);
- element.setAssertion(data);
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException {
+ //search if key already exists
+ AssertionStore element = searchInDatabase(oldKey);
+ if (element == null) {
+ Logger.info("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+
+ }
- //store AssertionStore element to Database
- try {
- MOASessionDBUtils.saveOrUpdate(element);
- Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database");
- } catch (MOADatabaseException e) {
- Logger.warn("Sessioninformation could not be stored.");
- throw new MOADatabaseException(e);
+ put(element, newKey, value);
+
+ }
+
+ public void put(String key, Object value) throws MOADatabaseException {
+ //search if key already exists
+ AssertionStore element = searchInDatabase(key);
+
+ //create a new entry if key does not exists already
+ if (element == null) {
+ element = new AssertionStore();
+
}
+ put(element, key, value);
}
-
+
public <T> T get(String key,
final Class<T> clazz) throws MOADatabaseException {
@@ -93,6 +103,9 @@ public class DBTransactionStorage implements ITransactionStorage {
AssertionStore element = searchInDatabase(key);
+ if (element == null)
+ return null;
+
if (dataTimeOut > -1) {
//check timeout
long now = new Date().getTime();
@@ -155,13 +168,18 @@ public class DBTransactionStorage implements ITransactionStorage {
try {
AssertionStore element = searchInDatabase(key);
+ if (element == null) {
+ Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key
+ + "not found)");
+ return;
+ }
+
cleanDelete(element);
- Logger.info("Remove stored information with ID: " + key);
+ Logger.debug("Remove stored information with ID: " + key);
} catch (MOADatabaseException e) {
- Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key
- + "not found)");
+ Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
} catch (HibernateException e) {
Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
@@ -206,10 +224,34 @@ public class DBTransactionStorage implements ITransactionStorage {
//Assertion requires an unique artifact
if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No sessioninformation found with this ID");
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+
}
return (AssertionStore) result.get(0);
}
+
+ private void put(AssertionStore element, String key, Object value) throws MOADatabaseException {
+ element.setArtifact(key);
+ element.setType(value.getClass().getName());
+ element.setDatatime(new Date());
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) value);
+ element.setAssertion(data);
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(element);
+ Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Sessioninformation could not be stored.");
+ throw new MOADatabaseException(e);
+
+ }
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index d05689e68..48283d2b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -55,7 +55,7 @@ public interface ITransactionStorage {
*
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
- * @return The transaction-data object from type class
+ * @return The transaction-data object from type class, or null
* @throws MOADatabaseException In case of load operation failed
*/
public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException;
@@ -66,12 +66,23 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
* @param Data-object timeout in [ms]
- * @return The transaction-data object from type class
+ * @return The transaction-data object from type class, or null
* @throws MOADatabaseException In case of load operation failed
* @throws AuthenticationException In case of data-object timeout occurs
*/
public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException;
+
+ /**
+ * Change the key of a data object and store it under the new key
+ *
+ * @param oldKey Old key of the data object
+ * @param newKey New key, which should be used to store the data object
+ * @param value Data object which should be stored
+ * @throws MOADatabaseException In case of store operation failed
+ */
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException;
+
/**
* Remove a data object from transaction storage
*
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
index b61ee5f2d..307ba836a 100644
--- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
@@ -5,9 +5,9 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="initializeBKUSelection" class="GenerateBKUSelectionFrameTask" async="true"/>
- <pd:Task id="parseBKUSelection" class="EvaluateBKUSelectionTask" />
- <pd:Task id="restartAuthProzessManagement" class="RestartAuthnProcessManagment"/>
+ <pd:Task id="initializeBKUSelection" class="GenerateBKUSelectionFrameTask"/>
+ <pd:Task id="parseBKUSelection" class="EvaluateBKUSelectionTask" async="true"/>
+ <pd:Task id="restartAuthProzessManagement" class="RestartAuthProzessManagement"/>
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 05ceb65f4..82579977c 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -15,6 +15,9 @@
<bean id="AuthenticationDataBuilder"
class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
+ <bean id="StartAuthentificationParameterParser"
+ class="at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser"/>
+
<bean id="MOAID_SSOManager"
class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 2b0115d4a..af133525e 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -674,7 +674,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function bkuHandyClicked() {
@@ -691,7 +691,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function storkClicked() {
@@ -714,7 +714,7 @@
/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
iFrameURL += "&MODUL=" + "#MODUL#";
iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
+ iFrameURL += "&pendingid=" + "#SESSIONID#";
generateIFrame(iFrameURL);
}
function generateIFrame(iFrameURL) {
@@ -876,7 +876,7 @@
type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#">
+ name="pendingid" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
role="button" onclick="setMandateSelection();">
</form>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 065f3866b..21e7f2027 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -59,9 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -90,6 +88,7 @@ import iaik.x509.X509ExtensionInitException;
public class AuthenticationServer extends BaseAuthenticationServer {
@Autowired private MOAReversionLogger revisionsLogger;
+ @Autowired private AuthConfiguration authConfig;
/**
* Constructor for AuthenticationServer.
@@ -142,40 +141,37 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
//load OnlineApplication configuration
- OAAuthParameter oaParam =
- authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()});
+ throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()});
//load Template
+ String templateURL = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
String template = null;
- if (session.getTemplateURL() != null) {
+ if (MiscUtil.isNotEmpty(templateURL)) {
try {
-
- template = new String(FileUtils.readURL(session.getTemplateURL()));
+ template = new String(FileUtils.readURL(templateURL));
+
} catch (IOException ex) {
throw new AuthenticationException("auth.03", new Object[]{
- session.getTemplateURL(), ex.toString()}, ex);
+ templateURL, ex.toString()}, ex);
+
}
+
+ } else {
+ throw new AuthenticationException("auth.04", new Object[]{
+ "SecurityLayerTemplate", "No template definde"});
+
}
String infoboxReadRequest = "";
-
- String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
- if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
- //do not use SSO if no Target is set
- Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
- session.setSsoRequested(false);
-
- }
-
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
Logger.info("SSO Login requested");
//load identityLink with SSO Target
boolean isbuisness = false;
-
+ String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
if (domainIdentifier.startsWith(PREFIX_WPBK)) {
-
isbuisness = true;
} else {
@@ -196,9 +192,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
-
+ //build DataURL for BKU request
String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
+ pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
//removed in MOAID 2.0
String pushInfobox = "";
@@ -263,9 +259,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
// check if an identity link was found
// Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform
// (SL1.2))
@@ -295,7 +288,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
IdentityLinkValidator.getInstance().validate(identityLink);
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(identityLink, authConf
+ .build(identityLink, authConfig
.getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
// invokes the call
@@ -305,13 +298,12 @@ public class AuthenticationServer extends BaseAuthenticationServer {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(
verifyXMLSignatureResponse,
- authConf.getIdentityLinkX509SubjectNames(),
+ authConfig.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
oaParam);
@@ -351,15 +343,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String verifyCertificate(AuthenticationSession session,
+ public void verifyCertificate(AuthenticationSession session,
X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, MOAIDException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
// check if person is a Organwalter
// if true - don't show bPK in AUTH Block
try {
@@ -375,16 +363,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
session.setOW(false);
}
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam, pendingReq);
-
- return returnvalue;
}
/**
@@ -398,6 +376,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* layer implementation</li>
* </ul>
* @param pendingReq
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -405,7 +384,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public void verifyMandate(AuthenticationSession session, MISMandate mandate)
+ public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ValidateException, ServiceException {
@@ -413,9 +392,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
GET_MIS_SESSIONID, PARAM_SESSIONID});
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
try {
// sets the extended SAML attributes for OID (Organwalter)
setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
@@ -442,8 +419,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
/**
* @param session
- * @param authConf
- * @param oaParam
* @param pendingReq
* @return
* @throws ConfigurationException
@@ -451,26 +426,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @throws ValidateException
*/
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
- AuthenticationSession session, AuthConfiguration authConf,
- IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException,
+ AuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
BuildException, ValidateException {
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = authConfig;
- if (oaParam == null)
- oaParam = authConfig
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
// builds the <CreateXMLSignatureRequest>
- List<String> transformsInfos = authConf.getTransformsInfos();
+ List<String> transformsInfos = authConfig.getTransformsInfos();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
@@ -483,112 +448,26 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* <ul>
* <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param cert The certificate from the user
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String createXMLSignatureRequestForeignID(AuthenticationSession session,
+ public String createXMLSignatureRequestForeignID(IRequest pendingReq,
X509Certificate cert) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException {
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
-
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
- cert);
- }
-
- public String getCreateXMLSignatureRequestForeigID(
- AuthenticationSession session, AuthConfiguration authConf,
- OAAuthParameter oaParam, X509Certificate cert)
- throws ConfigurationException {
-
- // // check for intermediate processing of the infoboxes
- // if (session.isValidatorInputPending())
- // return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = authConfig;
- if (oaParam == null)
- oaParam = authConfig
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
Principal subject = cert.getSubjectDN();
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .buildForeignID(subject.toString(), oaParam, session);
+ .buildForeignID(subject.toString(), pendingReq);
return createXMLSignatureRequest;
+
}
-// /**
-// * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
-// * security layer implementation.<br>
-// * <ul>
-// * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Parses response enclosed in
-// * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-// * <li>Verifies signature by calling the MOA SP component</li>
-// * <li>Returns the signer certificate</li>
-// * </ul>
-// *
-// * @param sessionID ID of associated authentication session data
-// * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
-// * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
-// * @throws BKUException
-// */
-// public X509Certificate verifyXMLSignature(String sessionID,
-// Map<String, String> createXMLSignatureResponseParameters)
-// throws AuthenticationException, BuildException, ParseException,
-// ConfigurationException, ValidateException, ServiceException, BKUException {
-//
-// if (isEmpty(sessionID))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
-//
-// String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
-// .get(PARAM_XMLRESPONSE);
-//
-// if (isEmpty(xmlCreateXMLSignatureResponse))
-// throw new AuthenticationException("auth.10", new Object[]{
-// REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
-//
-// AuthConfiguration authConf = AuthConfigurationProviderFactory
-// .getInstance();
-//
-// // parses the <CreateXMLSignatureResponse>
-// CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
-// xmlCreateXMLSignatureResponse);
-// CreateXMLSignatureResponse createXMLSignatureResponse = p
-// .parseResponseDsig();
-//
-// // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
-// Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
-// .buildDsig(createXMLSignatureResponse, authConf
-// .getMoaSpAuthBlockTrustProfileID());
-//
-// // invokes the call
-// Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
-// .verifyXMLSignature(domVerifyXMLSignatureRequest);
-//
-// // parses the <VerifyXMLSignatureResponse>
-// VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
-// domVerifyXMLSignatureResponse).parseData();
-//
-// return verifyXMLSignatureResponse.getX509certificate();
-//
-// }
-
/**
* Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
* security layer implementation.<br>
@@ -650,8 +529,16 @@ public class AuthenticationServer extends BaseAuthenticationServer {
String identificationValue = null;
String identificationType = null;
+ //get processing data from pending-request
+ String authURL = pendingReq.getAuthURL();
+ String requestedTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+
+
//set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
- if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
+ if (session.isOW() || pendingReq.needSingleSignOnFunctionality() || oaParam.isRemovePBKFromAuthBlock()) {
identificationType = "";
identificationValue = "";
@@ -668,11 +555,11 @@ public class AuthenticationServer extends BaseAuthenticationServer {
else
identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
- } else {
+ } else {
String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
+ .getIdentificationValue(), requestedTarget);
identificationValue = bpkBase64;
- identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ identificationType = Constants.URN_PREFIX_CDID + "+" + requestedTarget;
}
@@ -682,12 +569,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
+ //set AuthBlock generation time to session
String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
.getInstance());
session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
// Bug #485
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
@@ -696,22 +581,22 @@ public class AuthenticationServer extends BaseAuthenticationServer {
List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
- if (session.isSsoRequested()) {
+ if (pendingReq.needSingleSignOnFunctionality()) {
String oaURL = pendingReq.getAuthURL();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
- } else {
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ } else {
+ String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&amp;");
String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
+ .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget,
targetFriendlyName, identificationValue,
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
@@ -1034,8 +919,6 @@ public class AuthenticationServer extends BaseAuthenticationServer {
throw new AuthenticationException("auth.10", new Object[]{
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- AuthConfiguration authConf = AuthConfigurationProviderFactory
- .getInstance();
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
xmlCreateXMLSignatureReadResponse).parseResponse();
@@ -1052,14 +935,15 @@ public class AuthenticationServer extends BaseAuthenticationServer {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
}
// validates <CreateXMLSignatureResponse>
- if (session.isSsoRequested())
+ if (pendingReq.needSingleSignOnFunctionality())
new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq);
+
else
new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq);
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
+ List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
vtids, tpid);
// debug output
@@ -1089,8 +973,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
}
- OAAuthParameter oaParam = authConfig
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 79f407ca3..9ae1dc6a7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -52,7 +52,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -175,7 +174,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
- IOAAuthParameters oaParam2)
+ IOAAuthParameters oaParam)
throws BuildException
{
@@ -193,7 +192,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//adding type of wbPK domain identifier
ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute =
- new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+ new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
@@ -255,7 +254,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
//adding friendly name of OA
- String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName();
+ String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
ExtendedSAMLAttribute oaFriendlyNameAttribute =
new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
@@ -264,15 +263,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
-
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
@@ -345,25 +338,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String oaURL,
String gebDat,
List<ExtendedSAMLAttribute> extendedSAMLAttributes,
- AuthenticationSession session)
+ AuthenticationSession session,
+ IOAAuthParameters oaParam)
throws BuildException
{
session.setSAMLAttributeGebeORwbpk(true);
String gebeORwbpk = "";
String wbpkNSDeclaration = "";
-
- //BZ.., reading OA parameters
- OAAuthParameter oaParam;
- try {
- oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } catch (ConfigurationException e) {
- Logger.error("Error on building AUTH-Block: " + e.getMessage());
- throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
- }
- //..BZ
-
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -419,14 +401,9 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
//..BZ
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.debug("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 6ff0177ac..a2dc54a37 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -122,6 +122,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
} catch (IOException e) {
throw new TaskExecutionException(e.getMessage(), e);
+ } catch (MOADatabaseException e1) {
+ throw new TaskExecutionException(e1.getMessage(), e1);
+
} finally {
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ef17700d3..370236bf4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -13,14 +13,10 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
@@ -66,42 +62,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
try {
-
- IRequest pendingReq = requestStoreage.getPendingRequest(
- (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
-
-
-
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+
//normal MOA-ID authentication
Logger.debug("Starting normal MOA-ID authentication");
String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq);
@@ -122,8 +85,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
}
} catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
throw new TaskExecutionException(ex.getMessage(), ex);
+
}
catch (MOAIDException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 5c88afc56..50b71a660 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
@@ -14,8 +13,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@@ -23,8 +20,6 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -37,13 +32,11 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
/**
@@ -93,54 +86,18 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
}
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
+ //check if response exists
String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
}
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.debug(xmlCreateXMLSignatureResponse);
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
- Logger.debug(xmlCreateXMLSignatureResponse);
-
+
CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
.parseResponseDsig();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 938b4ce77..8f7f5fd80 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -1,7 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.security.GeneralSecurityException;
import java.util.List;
@@ -11,8 +10,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
@@ -20,22 +17,17 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import iaik.pki.PKIException;
/**
@@ -73,57 +65,22 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
Logger.debug("POST GetMISSessionIDServlet");
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
+ //get MIS sessionID
String misSessionID = moasession.getMISSessionID();
+ //get mandates from MIS
ConnectionParameter connectionParameters = authConfig
.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
authConfig,
connectionParameters);
-
List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
+ //check if mandates received
if (list == null || list.size() == 0) {
Logger.error("Keine Vollmacht gefunden.");
throw new AuthenticationException("auth.15", null);
@@ -136,8 +93,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
- // TODO[tlenz]: UTF-8 ?
- String sMandate = new String(mandate.getMandate());
+ String sMandate = new String(mandate.getMandate(), "UTF-8");
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
throw new AuthenticationException("auth.15",
@@ -152,7 +108,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
null, null).getDocumentElement();
// extract RepresentationType
- authServer.verifyMandate(moasession, mandate);
+ authServer.verifyMandate(pendingReq, moasession, mandate);
moasession.setMISMandate(mandate);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index 86d8de047..ba2c9d108 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -27,6 +27,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -52,6 +53,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("InitializeBKUAuthenticationTask")
public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
+ @Autowired StartAuthentificationParameterParser authInitialisationParser;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
@@ -88,7 +91,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
Logger.info("Start Authentication Module: " + pendingReq.requestedModule()
+ " Action: " + pendingReq.requestedAction());
- StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq);
+ authInitialisationParser.parse(executionContext, request, moasession, pendingReq);
} else {
String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU);
@@ -104,7 +107,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
else {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
@@ -147,23 +150,24 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
useMandate = "false";
//parse all OA parameters i
- StartAuthentificationParameterParser.parse(moasession,
- target,
- moasession.getOAURLRequested(),
- bkuURL,
- templateURL,
- useMandate,
- ccc,
- request,
- pendingReq);
+ authInitialisationParser.parse( moasession,
+ target,
+ pendingReq.getOAURL(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ request,
+ pendingReq);
}
}
executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate());
- // make sure moa session has been persisted before running the process
+ // make sure MOASession and Pending-Request has been persisted before running the process
try {
- authenticatedSessionStorage.storeSession(moasession);
+ authenticatedSessionStorage.storeSession(moasession);
+ requestStoreage.storePendingRequest(pendingReq);
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 1c5f3c202..bd8377373 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -1,29 +1,19 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/>
@@ -58,54 +48,17 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
Logger.debug("Process CreateAuthBlock Task");
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ //initialize task
+ defaultTaskInitialization(req, executionContext);
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
-
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-
+ //build authBlock
String createXMLSignatureRequest = authServer
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq);
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
+ //store MOASession
authenticatedSessionStorage.storeSession(moasession);
+ //write response
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq,
createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
"VerifyIdentityLink");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 3d8b94239..6c0fe3774 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.util.List;
@@ -31,13 +30,10 @@ import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -49,14 +45,12 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -75,46 +69,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//mandate Mode
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- request.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
+ //perform default task initialization
+ defaultTaskInitialization(request, executionContext);
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter();
SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
@@ -131,14 +88,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
GET_MIS_SESSIONID,
pendingReq.getRequestID());
- String oaURL = pendingReq.getOAURL();
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
- if (oaParam == null) {
- oaParam = authConfig.getOnlineApplicationParameter(oaURL);
- Logger.info("No Service info in PendingRequest --> load service info from configuration");
-
- }
-
List<String> profiles = oaParam.getMandateProfiles();
if (profiles == null) {
@@ -153,15 +103,12 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
//TODO: check in case of SSO!!!
String targetType = null;
- if(oaParam.getBusinessService()) {
- String id = oaParam.getIdentityLinkDomainIdentifier();
- if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetType = id;
- else
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier();
+ if(oaParam.getBusinessService()){
+ targetType = oaParam.getIdentityLinkDomainIdentifier();
} else {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+
}
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
@@ -182,6 +129,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+
}
String redirectMISGUI = misSessionID.getRedirectURL();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 78be6c8c8..e8f68c514 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
import java.io.IOException;
@@ -10,26 +9,19 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
@@ -88,80 +80,39 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
- String redirectURL = null;
- try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
+ try {
+ //check if authblock is received
+ if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
- authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
-
- //store all changes in session DAO
- authenticatedSessionStorage.storeSession(moasession);
-
- }
-
- catch (MOAIDException ex) {
- throw new TaskExecutionException(ex.getMessage(), ex);
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
-
- } catch (Exception e) {
- Logger.error("AuthBlockValidation has an interal Error.", e);
- throw new TaskExecutionException(e.getMessage(), e);
-
- }
-
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
- finally {
-
- }
-
-
+ //verify authBlock
+ authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
+
+ //store all changes in session DAO
+ authenticatedSessionStorage.storeSession(moasession);
+
+ }
+
+ catch (MOAIDException ex) {
+ throw new TaskExecutionException(ex.getMessage(), ex);
+
+ } catch (Exception e) {
+ Logger.error("AuthBlockValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+
+ finally {
+
+ }
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5c9a069ee..6c220fd79 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -1,6 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
import java.io.IOException;
@@ -10,28 +9,22 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
/**
@@ -83,62 +76,27 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
try {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID),
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID)));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
+ //read certificate from response
X509Certificate cert = authServer.getCertificate(pendingReq, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
}
-
- boolean useMandate = moasession.getUseMandate();
-
- if (useMandate) {
+
+ if (moasession.getUseMandate()) {
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq);
+ // verify certificate for OrganWalter
+ authServer.verifyCertificate(moasession, cert, pendingReq);
+
+ //create AuthBlock
+ String createXMLSignatureRequestOrRedirect =
+ authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
try {
authenticatedSessionStorage.storeSession(moasession);
@@ -149,8 +107,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
- }
- else {
+ } else {
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
@@ -164,21 +121,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
- String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert);
+ String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert);
+
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
pendingReq.getAuthURL(),
REQ_GET_FOREIGN_ID,
pendingReq.getRequestID());
-
- try {
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
+
CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 2c23254e4..267d5ea0b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -1,31 +1,23 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Verifies the identity link.<p/>
@@ -72,52 +64,19 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
}
try {
-
- String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
-
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
-
- IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
-
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
- AuthenticationSession moasession = null;;
- try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
+ //execute default task initialization
+ defaultTaskInitialization(req, executionContext);
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
-
+
+ //verify identityLink
boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
+ //store session
authenticatedSessionStorage.storeSession(moasession);
+ //set 'identityLink exists' flag to context
executionContext.put("identityLinkAvailable", identityLinkAvailable);
} catch (ParseException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8a9c19c80..5e0a69fd4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,6 +56,7 @@ import javax.xml.bind.DatatypeConverter;
import org.jaxen.SimpleNamespaceContext;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -66,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -132,10 +133,14 @@ public class CreateXMLSignatureResponseValidator {
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
- String gbTarget = session.getTarget();
- String oaURL = session.getPublicOAURLPrefix();
- boolean businessService = session.getBusinessService();
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ String gbTarget = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
+ String targetFriendlyName = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
+ String oaURL = oaParam.getPublicURLPrefix();
+ boolean businessService = oaParam.getBusinessService();
IdentityLink identityLink = session.getIdentityLink();
@@ -227,8 +232,7 @@ public class CreateXMLSignatureResponseValidator {
}
}
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
- foundGB = true;
- String targetFriendlyName = session.getTargetFriendlyName();
+ foundGB = true;
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget);
if (StringUtils.isEmpty(sectorName)) {
if (targetFriendlyName != null)
@@ -293,23 +297,18 @@ public class CreateXMLSignatureResponseValidator {
samlSpecialText = samlSpecialText.replaceAll("'", "&#39;");
String text = "";
- try {
- OAAuthParameter oaparam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (MiscUtil.isNotEmpty(oaparam.getAditionalAuthBlockText())) {
- Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
- text = oaparam.getAditionalAuthBlockText();
- }
- } catch (ConfigurationException e) {
- Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+ if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) {
+ Logger.info("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix());
+ text = oaParam.getAditionalAuthBlockText();
}
-
-
+
String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
if (!samlSpecialText.equals(specialText)) {
- throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
}
} else {
throw new ValidateException("validator.35", null);
+
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index bb180d8e9..1f9d9e3a0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -27,14 +27,12 @@ import java.util.List;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttri
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -59,13 +59,12 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescA
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonPrimitive;
-
public final class OAuth20AttributeBuilder {
private OAuth20AttributeBuilder() {
@@ -207,7 +206,7 @@ public final class OAuth20AttributeBuilder {
}
private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+ final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
for (IAttributeBuilder b : builders) {
try {
//TODO: better solution requires more refactoring :(
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
}
public static void addScopeOpenId(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData,
+ final IOAAuthParameters oaParam, final IAuthData authData,
final OAuth20AuthRequest oAuthRequest) {
addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
}
public static void addScopeProfile(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
}
public static void addScopeEID(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
}
public static void addScopeEIDGov(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
}
public static void addScopeMandate(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
}
public static void addScopeSTORK(final JsonObject jsonObject,
- final OAAuthParameter oaParam, final IAuthData authData) {
+ final IOAAuthParameters oaParam, final IAuthData authData) {
addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index d2636c259..d08a3b4f0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -42,7 +41,7 @@ public class OpenIdNonceAttribute implements IAttributeBuilder {
return g.buildStringAttribute(this.getName(), "", null);
}
- public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
IAttributeGenerator<ATT> g) throws AttributeException {
if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index fcde874b4..17d0738e3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -36,8 +36,7 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -153,7 +152,7 @@ class OAuth20AuthAction implements IAction {
private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
throws MOAIDException, SignatureException {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+ IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
OAuthJsonToken token = new OAuthJsonToken(signer);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index ecef9b0a3..416445fa6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -212,38 +212,30 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-
- for (String s : scope.split(" ")) {
- if (s.equalsIgnoreCase("profile")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
- reqAttr.put(el.getName(), "");
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+ reqAttr.put(el.getName(), "");
- } else if (s.equalsIgnoreCase("eID")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("eID_gov")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("mandate")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
- reqAttr.put(el.getName(), "");
-
- } else if (s.equalsIgnoreCase("stork")) {
- for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
- reqAttr.put(el.getName(), "");
-
- }
+ } else if (s.equalsIgnoreCase("eID")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("mandate")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+ reqAttr.put(el.getName(), "");
+
+ } else if (s.equalsIgnoreCase("stork")) {
+ for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+ reqAttr.put(el.getName(), "");
+
}
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
-
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
}
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 52204d7f6..22ceda4f1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import com.google.gson.JsonObject;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -122,9 +123,17 @@ public class OAuth20Protocol extends AbstractProtocolModulController {
*/
public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
// validation is done inside creation
- OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
- Logger.debug("Created: " + res);
- return res;
+
+ try {
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
+ Logger.debug("Created: " + res);
+ return res;
+
+ } catch (OAuth20Exception e) {
+ Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
+ throw new InvalidProtocolRequestException(e.getMessage(), null);
+
+ }
}
/*
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b4c8c37d4..61a73335c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction {
}
try {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
// add other stork attributes to MOA assertion if available
IPersonalAttributeList storkAttributes = authData.getGenericData(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1d06bb48a..5eb39880e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
Throwable error = null;
- //synchronized (authenticationDataStore) {
- try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
- authenticationDataStore.remove(samlArtifact);
-
- } catch (MOADatabaseException e) {
+ if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
+
}
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
- //}
-
return error;
}
@@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- String authData = null;
- //synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
-
- try {
- authData = authenticationDataStore
- .get(samlArtifact, String.class, authDataTimeOut);
+ String authData = null;
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, String.class, authDataTimeOut);
- } catch (MOADatabaseException e) {
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- //}
+
+ }
- authenticationDataStore.remove(samlArtifact);
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ authenticationDataStore.remove(samlArtifact);
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ public String BuildSAMLArtifact(IOAAuthParameters oaParam,
SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
@@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 417bf4dc9..3facdb50f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
- public static final String REQ_DATA_SOURCEID = "sourceID";
- public static final String REQ_DATA_TARGET = "target";
+ public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
+ public static final String REQ_DATA_TARGET = "saml1_target";
public static final String NAME = SAML1Protocol.class.getName();
public static final String PATH = "id_saml1";
@@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController {
public void preProcess(HttpServletRequest request,
HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+ try {
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
- String oaURL = (String) request.getParameter(PARAM_OA);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- String target = (String) request.getParameter(PARAM_TARGET);
- target = StringEscapeUtils.escapeHtml(target);
-
- String sourceID = request.getParameter(PARAM_SOURCEID);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
-
- //the target parameter is used to define the OA in SAML1 standard
- if (target != null && target.startsWith("http")) {
- oaURL = target;
- target = null;
- }
-
- if (MiscUtil.isEmpty(oaURL)) {
- Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
- }
-
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
-
- pendingRequest.setOAURL(oaURL);
-
- Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
-
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-
-
- //load Target only from OA config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ String sourceID = request.getParameter(PARAM_SOURCEID);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (MiscUtil.isEmpty(oaURL)) {
+ Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ pendingRequest.setOAURL(oaURL);
+
+ Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+
+ SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+ if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+ Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+ }
+ pendingRequest.setOnlineApplicationConfiguration(oaParam);
+
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null &&
+ MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) {
+ pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID());
- SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
- if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
- Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ } else
+ pendingRequest.setSourceID(sourceID);
+
+ revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+
+ if (MiscUtil.isNotEmpty(target))
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+
+ else
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+
+ //AuthnRequest needs authentication
+ pendingRequest.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingRequest.setAction(AuthenticationAction.class.getName());
+
+ } catch (WrongParametersException e) {
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+
+ } catch (InvalidProtocolRequestException e) {
+ throw e;
+
}
- pendingRequest.setOnlineApplicationConfiguration(oaParam);
- pendingRequest.setSourceID(sourceID);
-
- revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
-
- if (MiscUtil.isNotEmpty(target))
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
-
- else
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
-
- //AuthnRequest needs authentication
- pendingRequest.setNeedAuthentication(true);
-
- //set protocol action, which should be executed after authentication
- pendingRequest.setAction(AuthenticationAction.class.getName());
}
@@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController {
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
-
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (!oa.getSAML1Parameter().isProvideAllErrors())
+ if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
return false;
else {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 3da7cab80..5867bbac6 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
- SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter();
- if (saml1 != null) {
- if (saml1.isProvideAUTHBlock())
- reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-
- if (saml1.isProvideCertificate())
- reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-
- if (saml1.isProvideFullMandatorData())
- reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+ SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator());
}