Merge branch 'EGIZ_project-SSO_session_transfer' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into EGIZ_project-SSO_session_transfer

Conflicts:
	id/server/auth/pom.xml
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
	id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml
	id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml
	id/server/modules/pom.xml

3 files changed, 284 insertions, 7 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 8fb4ec3cf..abc4eb4a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -29,6 +29,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("IDPCredentialProvider")
 public class IDPCredentialProvider extends AbstractCredentialProvider {	
@@ -70,7 +71,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KS_PASS).trim();
+		String value = props.getProperty(IDP_KS_PASS);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -81,7 +86,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEYALIASMETADATA).trim();
+		String value = props.getProperty(IDP_KEYALIASMETADATA);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -92,7 +101,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEY_PASSMETADATA).trim();
+		String value = props.getProperty(IDP_KEY_PASSMETADATA);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -103,7 +116,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEYALIASASSERTION).trim();
+		String value = props.getProperty(IDP_KEYALIASASSERTION);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -114,7 +131,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEY_PASSASSERTION).trim();
+		String value = props.getProperty(IDP_KEY_PASSASSERTION);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -125,7 +146,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEYALIASENCRYTPION).trim();
+		String value = props.getProperty(IDP_KEYALIASENCRYTPION);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
@@ -136,7 +161,11 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
-		return props.getProperty(IDP_KEYALIASENCRYTPION).trim();
+		String value = props.getProperty(IDP_KEY_PASSENCRYTPION);
+		if (MiscUtil.isNotEmpty(value))
+			return value.trim();
+		else
+			return null;
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
new file mode 100644
index 000000000..0bc4a4839
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Date;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import net.glxn.qrgen.QRCode;
+import net.glxn.qrgen.image.ImageType;
+
+
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession")
+public class SSOTransferGUIServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 3974201828186450839L;
+
+	public SSOTransferGUIServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'.");
+	}
+
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			throws ServletException, IOException {
+		super.doGet(req, resp);
+		
+		//search SSO session
+		SSOManager ssomanager = SSOManager.getInstance();		
+		String ssoid = ssomanager.getSSOSessionID(req);
+		
+		VelocityContext context = new VelocityContext();
+		
+		try {
+			if (ssomanager.isValidSSOSession(ssoid, null)) {
+				Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		
+				if (createQRObj != null && createQRObj instanceof Integer) {
+					
+					
+					
+				} else {
+					//create first step of SSO Transfer GUI
+					String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+					if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+							contains(authURL)) {						
+						Logger.warn("Requested URL is not allowed.");;
+						resp.sendError(500, "Requested URL is not allowed.");
+						
+					}
+					
+					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+					if (MiscUtil.isNotEmpty(moaSessionID)) {					
+						AuthenticationSession authSession = AuthenticationSessionStoreage
+								.getSession(moaSessionID);
+						if(authSession != null) {
+							Date now = new Date();
+							String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now);
+							
+							String token = Random.nextRandom();
+							AssertionStorage.getInstance().put(token, encodedSSOContainer);
+							
+							String containerURL = authURL
+									+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
+									+ "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
+							
+							JsonObject qrResult = new JsonObject();
+							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
+									SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
+							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+
+							ByteArrayOutputStream qrStream = 
+									QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
+							String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							
+							context.put("QRImage", base64EncodedImage);
+							
+							context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+							
+							GUIUtils.printSSOTransferGUI(context, resp);
+							
+						}
+					}
+				}
+								
+			} else {
+				context.put("errorMsg", 
+						"No active Single Sign-On session found! SSO Session transfer is not possible.");
+				GUIUtils.printSSOTransferGUI(context, resp);
+			}
+			
+		} catch (MOAIDException | MOADatabaseException e) {
+			e.printStackTrace();
+			resp.sendError(500, e.getMessage());
+		
+		}
+							
+	}
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
new file mode 100644
index 000000000..8ea15f985
--- /dev/null
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession")
+public class TransferToSmartPhoneServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 4323605569040872262L;
+	
+	private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes
+	
+	public TransferToSmartPhoneServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'.");
+	}
+	
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			throws ServletException, IOException {
+		super.doGet(req, resp);
+	
+		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		
+		if (tokenObj != null && tokenObj instanceof String) {
+			String token = (String)tokenObj;
+			try {						
+				String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut);
+				if (MiscUtil.isNotEmpty(signedEncSession)) {
+					resp.setContentType("text/html;charset=UTF-8");
+					PrintWriter out = new PrintWriter(resp.getOutputStream()); 
+					out.print(signedEncSession);
+					out.flush(); 
+					
+				} else {
+					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+							token + ", which references an empty data object.");
+					resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object.");
+					
+				}
+												
+			} catch (MOADatabaseException e) {
+				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+						token + ", which is UNKNOWN.");
+				resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:");
+				
+				
+			} catch (AuthenticationException e) {
+				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
+						token + ", which has a timeout.");
+				resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more.");
+				
+			}
+		
+		} else {
+			Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
+			resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid.");
+			
+		}
+		
+	}
+
+}