diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-07 12:16:39 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-07 12:16:39 +0200 |
commit | f807371b592e95511bb87c4a1ee2819e835663fc (patch) | |
tree | 1aabc971f583ff2674b272325e31aefbb7891040 /id/server | |
parent | ebd93e9389e630450e5b052a18a6a6fc8d05f611 (diff) | |
download | moa-id-spss-f807371b592e95511bb87c4a1ee2819e835663fc.tar.gz moa-id-spss-f807371b592e95511bb87c4a1ee2819e835663fc.tar.bz2 moa-id-spss-f807371b592e95511bb87c4a1ee2819e835663fc.zip |
some more refactoring stuff
Diffstat (limited to 'id/server')
13 files changed, 46 insertions, 844 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index e72780cab..fdf806f78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -47,9 +47,9 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; @@ -58,6 +58,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; @@ -100,7 +101,7 @@ import iaik.x509.X509Certificate; * */ @Service("AuthenticationDataBuilder") -public class AuthenticationDataBuilder extends MOAIDAuthConstants { +public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected AuthConfiguration authConfig; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index a43e6a7fb..7f47d3dfe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -51,13 +51,13 @@ import java.util.Calendar; import java.util.List; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java deleted file mode 100644 index 14d78c88e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ /dev/null @@ -1,820 +0,0 @@ -/** - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.data; - -import java.io.Serializable; -import java.text.DateFormat; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; -import java.util.Map; - -import org.apache.commons.collections4.map.HashedMap; -import org.w3c.dom.Element; - -import at.gv.egiz.eaaf.core.api.idp.IAuthData; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -public class AuthenticationData implements IAuthData, Serializable { - - private static final long serialVersionUID = -1042697056735596866L; - public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private Date issueInstant; - /** - * user identification value (Stammzahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * user identification type - */ - private String identificationType; - - /** - * user identityLink specialized to OAParamter - */ - private IIdentityLink identityLink; - - /** - * application specific user identifier (bPK/wbPK) - */ - private String bPK; - - /** - * application specific user identifier type - */ - private String bPKType; - - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private Date dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - - /** - * URL of the BKU - */ - private String bkuURL; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - - private boolean isBaseIDTransferRestrication = true; - - - /** - * STORK attributes from response - */ - private String ccc = null; - - private Map<String, Object> genericDataStorate = new HashedMap<String, Object>(); - - private byte[] signerCertificate = null; - - private String authBlock = null; - private List<String> encbPKList = null; - - //ISA 1.18 attributes - private List<AuthenticationRole> roles = null; - private String pvpAttribute_OU = null; - - private boolean useMandate = false; - private IMISMandate mandate = null; - private String mandateReferenceValue = null; - - private boolean foreigner =false; - private String QAALevel = null; - - private boolean ssoSession = false; - private Date ssoSessionValidTo = null; - -// private boolean interfederatedSSOSession = false; -// private String interfederatedIDP = null; - - private String sessionIndex = null; - private String nameID = null; - private String nameIDFormat = null; - - public AuthenticationData() { - issueInstant = new Date(); - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the bPK. - * @return String - */ - public String getBPK() { - return bPK; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityIdentification The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the bPK. - * @param bPK The bPK to set - */ - public void setBPK(String bPK) { - this.bPK = bPK; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public Date getDateOfBirth() { - return dateOfBirth; - } - - public String getFormatedDateOfBirth() { - DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - if (getDateOfBirth() != null) - return pvpDateFormat.format(getDateOfBirth()); - else - return "2999-12-31"; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Holds the baseID of a citizen - * - * @return baseID - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Holds the type of the baseID - * - * @return baseID-Type - */ - public String getIdentificationType() { - return identificationType; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstantString() { - return DateTimeUtils.buildDateTimeUTC(issueInstant); - - } - - /** - * Returns the issueInstant. - * @return String - */ - public Date getIssueInstant() { - return issueInstant; - - } - - public void setIssueInstant(Date date) { - this.issueInstant = date; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(Date dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - public void setDateOfBirth(String dateOfBirth) { - try { - if (MiscUtil.isNotEmpty(dateOfBirth)) { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); - } - - } catch (ParseException e) { - Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); - - } - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the identificationType. - * @param identificationType The identificationType to set - */ - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the bkuURL - * @param url The BKU URL to set - */ - public void setBkuURL(String url) { - this.bkuURL = url; - } - - public String getBPKType() { - return bPKType; - } - - public void setBPKType(String bPKType) { - this.bPKType = bPKType; - } - - /** - * @return the identityLink - */ - public IIdentityLink getIdentityLink() { - return identityLink; - } - - /** - * @param identityLink the identityLink to set - */ - public void setIdentityLink(IIdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * @return the signerCertificate - */ - public byte[] getSignerCertificate() { - return signerCertificate; - } - - - /** - * @param signerCertificate the signerCertificate to set - */ - public void setSignerCertificate(byte[] signerCertificate) { - this.signerCertificate = signerCertificate; - } - - - /** - * @return the authBlock - */ - public String getAuthBlock() { - return authBlock; - } - - - /** - * @param authBlock the authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - - /** - * @return the mandate - */ - public IMISMandate getMISMandate() { - return mandate; - } - - public Element getMandate() { - if (mandate == null) - return null; - - //parse Element from mandate XML - try { - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - } - catch (Throwable e) { - Logger.warn("Mandate content could not be generated from MISMandate."); - return null; - } - } - - - /** - * @param mandate the mandate to set - */ - public void setMISMandate(IMISMandate mandate) { - this.mandate = mandate; - } - - - /** - * @return the useMandate - */ - public boolean isUseMandate() { - return useMandate; - } - - - /** - * @param useMandate the useMandate to set - */ - public void setUseMandate(boolean useMandate) { - this.useMandate = useMandate; - } - - - /** - * @return - */ - public String getQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("eIDAS QAA-level:" + this.QAALevel - + " can not be mapped to STORK QAA-level! Use " - + PVPConstants.STORK_QAA_1_1 + " as default value."); - return PVPConstants.STORK_QAA_1_1; - - } - - - } else - return this.QAALevel; - } - - - public String getEIDASQAALevel() { - if (this.QAALevel != null && - this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) { - String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel); - if (MiscUtil.isNotEmpty(mappedQAA)) - return mappedQAA; - - else { - Logger.error("STORK QAA-level:" + this.QAALevel - + " can not be mapped to eIDAS QAA-level! Use " - + PVPConstants.EIDAS_QAA_LOW + " as default value."); - return PVPConstants.EIDAS_QAA_LOW; - - } - - - } else - return this.QAALevel; - - } - - - /** - * @return - */ - public boolean isForeigner() { - return this.foreigner; - } - - - /** - * @param foreigner the foreigner to set - */ - public void setForeigner(boolean foreigner) { - this.foreigner = foreigner; - } - - - /** - * Store QAA level in eIDAS format to authentication Data - * - * @param qAALevel the qAALevel to set - * @throws AssertionAttributeExtractorExeption - */ - public void setQAALevel(String qAALevel) { - QAALevel = qAALevel; - - } - - /** - * @return the ssoSession - */ - public boolean isSsoSession() { - return ssoSession; - } - - - /** - * @param ssoSession the ssoSession to set - */ - public void setSsoSession(boolean ssoSession) { - this.ssoSession = ssoSession; - } - - /** - * @return the mandateReferenceValue - */ - public String getMandateReferenceValue() { - return mandateReferenceValue; - } - - /** - * @param mandateReferenceValue the mandateReferenceValue to set - */ - public void setMandateReferenceValue(String mandateReferenceValue) { - this.mandateReferenceValue = mandateReferenceValue; - } - - /** - * CountryCode of the citizen which is identified and authenticated - * - * @return the CountryCode <pre>like. AT, SI, ...</pre> - */ - public String getCcc() { - return ccc; - } - - /** - * @param ccc the ccc to set - */ - public void setCcc(String ccc) { - this.ccc = ccc; - } - - /** - * @return the sessionIndex - */ - public String getSessionIndex() { - return sessionIndex; - } - - /** - * @param sessionIndex the sessionIndex to set - */ - public void setSessionIndex(String sessionIndex) { - this.sessionIndex = sessionIndex; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() - */ - @Override - public String getNameID() { - return this.nameID; - } - - /** - * @param nameID the nameID to set - */ - public void setNameID(String nameID) { - this.nameID = nameID; - } - - /** - * @return the nameIDFormat - */ - public String getNameIDFormat() { - return nameIDFormat; - } - - /** - * @param nameIDFormat the nameIDFormat to set - */ - public void setNameIDFormat(String nameIDFormat) { - this.nameIDFormat = nameIDFormat; - } - -// /** -// * @return the interfederatedSSOSession -// */ -// public boolean isInterfederatedSSOSession() { -// return interfederatedSSOSession; -// } -// -// /** -// * @param interfederatedSSOSession the interfederatedSSOSession to set -// */ -// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { -// this.interfederatedSSOSession = interfederatedSSOSession; -// } -// -// /** -// * @return the interfederatedIDP -// */ -// public String getInterfederatedIDP() { -// return interfederatedIDP; -// } -// -// /** -// * @param interfederatedIDP the interfederatedIDP to set -// */ -// public void setInterfederatedIDP(String interfederatedIDP) { -// this.interfederatedIDP = interfederatedIDP; -// } - - /** - * @return the ssoSessionValidTo - */ - public Date getSsoSessionValidTo() { - return ssoSessionValidTo; - } - - /** - * @param ssoSessionValidTo the ssoSessionValidTo to set - */ - public void setSsoSessionValidTo(Date ssoSessionValidTo) { - this.ssoSessionValidTo = ssoSessionValidTo; - } - - /** - * @return the encbPKList - */ - public List<String> getEncbPKList() { - return encbPKList; - } - - /** - * @param encbPKList the encbPKList to set - */ - public void setEncbPKList(List<String> encbPKList) { - this.encbPKList = encbPKList; - } - - /** - * @return the roles - */ - public List<AuthenticationRole> getAuthenticationRoles() { -// if (this.roles == null) { -// this.roles = new ArrayList<AuthenticationRole>(); -// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole")); -// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole")); -// } - - return roles; - } - - //ISA 1.18 attributes - /** - * @param roles the roles to set - */ - public void addAuthenticationRole(AuthenticationRole role) { - if (this.roles == null) - this.roles = new ArrayList<AuthenticationRole>(); - - this.roles.add(role); - } - - /** - * @return the pvpAttribute_OU - */ - public String getPvpAttribute_OU() { - return pvpAttribute_OU; - } - - /** - * @param pvpAttribute_OU the pvpAttribute_OU to set - */ - public void setPvpAttribute_OU(String pvpAttribute_OU) { - this.pvpAttribute_OU = pvpAttribute_OU; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() - */ - @Override - public boolean isBaseIDTransferRestrication() { - return isBaseIDTransferRestrication; - } - - /** - * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set - */ - public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) { - this.isBaseIDTransferRestrication = isBaseIDTransferRestrication; - } - - /** - * Returns a generic data-object with is stored with a specific identifier - * - * @param key The specific identifier of the data object - * @param clazz The class type which is stored with this key - * @return The data object or null if no data is found with this key - */ - public <T> T getGenericData(String key, final Class<T> clazz) { - if (MiscUtil.isNotEmpty(key)) { - Object data = genericDataStorate.get(key); - - if (data == null) - return null; - - try { - @SuppressWarnings("unchecked") - T test = (T) data; - return test; - - } catch (Exception e) { - Logger.warn("Generic authentication-data object can not be casted to requsted type", e); - return null; - - } - - } - - Logger.warn("Can not load generic session-data with key='null'"); - return null; - - } - - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage - */ - public void setGenericData(String key, Object object) throws SessionDataStorageException { - if (MiscUtil.isEmpty(key)) { - Logger.warn("Generic session-data can not be stored with a 'null' key"); - throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null); - - } - - if (object != null) { - if (!Serializable.class.isInstance(object)) { - Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface"); - throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null); - - } - } - - if (genericDataStorate.containsKey(key)) - Logger.debug("Overwrite generic data with key:" + key); - else - Logger.trace("Add generic data with key:" + key + " to session."); - - genericDataStorate.put(key, object); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index b36b5af30..718f730b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -28,6 +28,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -38,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; @@ -114,6 +116,25 @@ public class SSOManager { } + protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq, IAuthenticationSession moaSession) { + Logger.debug("Add SSO information to MOASession."); + + //Store SSO information into database + String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), + pendingReq.getSPEntityId()); + + //set SSO cookie to response + if (StringUtils.isNotEmpty(newSSOSessionId)) { + setSSOSessionID(req, resp, newSSOSessionId); + + } else { + deleteSSOSessionID(req, resp); + + } + + return newSSOSessionId; + } public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e6298527b..038e384f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -55,8 +55,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException; @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -100,7 +101,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class PVP2XProtocol extends AbstractAuthProtocolModulController { +public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired IDPCredentialProvider pvpCredentials; @Autowired SAMLVerificationEngineSP samlVerificationEngine; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index 958fb25ce..c56116255 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -77,8 +77,6 @@ public class MOAIDConstants { public static final List<String> ALLOWED_eIDAS_LOA; public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND; - public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier"; - public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low"; public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial"; public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java index db413b0f5..e816349c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java @@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.commons.api.data; * @author tlenz * */ -public interface AuthProzessDataConstants { +public interface AuthProzessDataConstants extends EAAFConstants { public static final String GENERIC_PREFIX = "generic_"; @@ -37,10 +37,9 @@ public interface AuthProzessDataConstants { public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk"; - - public static final String VALUE_CREATED = "direct_created"; + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; - public static final String VALUE_SESSIONID = "direct_sessionId"; + public static final String VALUE_SIGNER_CERT = "direct_signerCert"; public static final String VALUE_IDENTITYLINK = "direct_idl"; public static final String VALUE_BKUURL = "direct_bkuUrl"; diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java index e3468b89f..aed2efff2 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java @@ -31,10 +31,9 @@ import java.util.Date; import java.util.GregorianCalendar; import java.util.TimeZone; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import junit.framework.TestCase; -import at.gv.egovernment.moa.util.DateTimeUtils; - /** * @author Patrick Peck * @version $Id$ diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f12ef1994..97f56c6f4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -28,6 +28,7 @@ import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 019a61b7c..8ed9e1f2e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,8 +43,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -81,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * @author tlenz */ @Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController { +public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 55348b5f8..5acb1c547 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -18,6 +18,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; @@ -34,7 +35,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index add6d78e4..2ad19e088 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.esi.sva.util.X509Utils; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..8dfe10268 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,19 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; |