aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java219
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java192
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java73
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ITargetConfiguration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/TargetConfigurationImpl.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java118
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java164
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java295
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java41
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginForm.html55
19 files changed, 1565 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
new file mode 100644
index 000000000..69e654f56
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+
+public class LoginConfirmationBuilder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+
+ private static final String OA_URL_TAG = "<OA_URL>";
+ private static final String FORM_METHOD_TAG = "<FORM_METHOD_URL>";
+ private static final String ATTR_NAME_TAG = "<ATTR_NAME_URL>";
+ private static final String ATTR_VALUE_TAG = "<ATTR_VALUE_URL>";
+ private static final String ATTR_TEMP_TAG = "<ATTR_TEMP_URL>";
+ private static final String OA_TAG = "<OA_TAG>";
+ private static final String NAME_TAG = "<NAME_URL>";
+
+ private static final String METHOD_GET = "GET";
+ private static final String METHOD_POST = "POST";
+
+
+ private static final String ATTR_TEMPLATE =
+ " <input type=\"hidden\" " + nl +
+ " name=\"" + ATTR_NAME_TAG + "\"" + nl +
+ " value=\"" + ATTR_VALUE_TAG + "\"/>" + nl;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Anmeldung mit B&uuml;rgerkarte</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<p>Wollen Sie sich als <b>"+NAME_TAG+"</b> bei <b>"+OA_TAG+
+ "</b> anmelden?</p>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"" + OA_URL_TAG + "\"" + nl +
+ " method=\"" + FORM_METHOD_TAG + "\">" + nl +
+ ATTR_TEMP_TAG +
+ " <input type=\"submit\" value=\"Anmeldung durchf&uuml;hren\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ private String template;
+
+ public LoginConfirmationBuilder(){
+ init(METHOD_GET);
+ }
+
+ public LoginConfirmationBuilder(String method) {
+ init(method);
+ }
+
+ public void init(String method) {
+ if(method.equals(METHOD_POST)) {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_POST);
+ } else {
+ template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_GET);
+ }
+ }
+
+ public void addParameter(String name, String value) {
+ String attr_template = ATTR_TEMPLATE + ATTR_TEMP_TAG;
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_NAME_TAG, name);
+ //Logger.info("Attr Template: " + attr_template);
+ attr_template = attr_template.replace(ATTR_VALUE_TAG, value);
+ //Logger.info("Attr Template: " + attr_template);
+ template = template.replace(ATTR_TEMP_TAG, attr_template);
+ //Logger.info("Template: " + template);
+ }
+
+ public String finish(String oaURL, String userName, String oa) {
+ template = template.replace(NAME_TAG, userName);
+ template = template.replace(OA_TAG, oa);
+ template = template.replace(OA_URL_TAG, oaURL);
+ return template.replace(ATTR_TEMP_TAG, "");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
new file mode 100644
index 000000000..6816c854e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.InputStream;
+import java.io.StringWriter;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class LoginFormBuilder {
+
+ private static String AUTH_URL = "#AUTH_URL#";
+ private static String OA_URL = "#OA_URL#";
+ private static String RED_URL = "#RED_URL#";
+
+ private static String template;
+
+ private static String getTemplate() {
+
+ if (template == null) {
+ try {
+ String classpathLocation = "resources/templates/loginForm.html";
+ InputStream input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(classpathLocation);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+ template = template.replace(AUTH_URL, "StartBKUAuthentication");
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+ }
+ }
+
+ return template;
+ }
+
+ public static String buildLoginForm(String oaURL) {
+ String value = getTemplate();
+
+ if(value != null) {
+ value = value.replace(OA_URL, oaURL);
+ }
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 5178e27d3..61b55f73d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
try {
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
@@ -174,7 +174,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
else {
// @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID),
- // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber fr OW nicht in
+ // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in
// AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
boolean useMandate = session.getUseMandate();
if (useMandate) { // Mandate modus
@@ -199,6 +199,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
else {
+ Logger.info("Normal");
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
new file mode 100644
index 000000000..e78d9345c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java
@@ -0,0 +1,219 @@
+package at.gv.egovernment.moa.id.entrypoints;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.ITargetConfiguration;
+import at.gv.egovernment.moa.id.moduls.ModulStorage;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthDispatcherServlet extends HttpServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String PARAM_TARGET_PATH = "mod";
+ public static final String PARAM_TARGET_PROTOCOL = "action";
+ public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets";
+ public static final String PARAM_DISPATCHER_TYPE = "DispatcherType";
+ public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH";
+ public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH";
+ public static String SYSTEM_NEWLINE = System.getProperty("line.separator");
+
+ private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new HashMap<String, HashMap<String, HttpServlet>>();
+
+ private void registerModule(IModulInfo modulInfo) {
+
+ HashMap<String, HttpServlet> tempMap = new HashMap<String, HttpServlet>();
+
+ try {
+
+ String path = modulInfo.getPath();
+
+ if (path == null) {
+ throw new Exception(String.format(
+ "%s does not return a valid target path!",
+ new Object[] { modulInfo.getClass().getName() }));
+ }
+
+ Logger.debug("Registering: " + modulInfo.getName() + " under "
+ + path);
+
+ List<ServletInfo> servletInfos = modulInfo.getServlets();
+
+ Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator();
+
+ while (servletInfoIterator.hasNext()) {
+
+ ServletInfo servletInfo = servletInfoIterator.next();
+
+ if (servletInfo.getType() == ServletType.AUTH) {
+ HttpServlet servlet = servletInfo.getServletInstance();
+ String target = servletInfo.getTarget();
+
+ if (target == null) {
+ throw new Exception(
+ String.format(
+ "%s does not return a valid target identifier!",
+ new Object[] { servlet.getClass()
+ .getName() }));
+ }
+
+ if (tempMap.containsKey(target)) {
+ throw new Exception(String.format(
+ "%s tried to overwrite %s/%s", new Object[] {
+ servlet.getClass().getName(), path,
+ target }));
+ }
+
+ tempMap.put(target, servlet);
+ Logger.info("Registered Servlet class: "
+ + servlet.getClass().getName() + " OK");
+ }
+
+ }
+
+ // when there was no error we register all servlets into the real
+ // endpoint map ...
+ if (!tempMap.isEmpty()) {
+ endpointMap.put(path, tempMap);
+ }
+ } catch (Throwable e) {
+ Logger.error("Registering Modul class: "
+ + modulInfo.getClass().getName() + " FAILED!!", e);
+ }
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException {
+ try {
+ super.init(config);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+ "init.00", null));
+ } catch (Exception ex) {
+ Logger.fatal(
+ MOAIDMessageProvider.getInstance().getMessage("init.02",
+ null), ex);
+ throw new ServletException(ex);
+ }
+ Logger.info("Auth dispatcher Servlet initialization");
+
+ List<IModulInfo> modules = ModulStorage.getAllModules();
+ Iterator<IModulInfo> it = modules.iterator();
+ while (it.hasNext()) {
+ IModulInfo info = it.next();
+ String targetClass = info.getClass().getName();
+ try {
+ registerModule(info);
+ } catch (Throwable e) {
+ Logger.error("Registering Class " + targetClass + " FAILED!!",
+ e);
+ }
+ }
+ }
+
+ protected void processRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
+ try {
+ Object pathObject = req.getAttribute(PARAM_TARGET_PATH);
+ String path = null;
+
+ HttpSession session = req.getSession();
+
+ if (pathObject != null && (pathObject instanceof String)) {
+ path = (String) pathObject;
+ }
+
+ if (path == null) {
+ path = (String) session.getAttribute(PARAM_TARGET_PATH);
+ }
+
+ Object protocolObject = req.getAttribute(PARAM_TARGET_PROTOCOL);
+ String protocol = null;
+ if (protocolObject != null && (protocolObject instanceof String)) {
+ protocol = (String) protocolObject;
+ }
+
+ if (protocol == null) {
+ protocol = (String) session.getAttribute(PARAM_TARGET_PROTOCOL);
+ }
+
+ Logger.debug("dispatching to " + path + " protocol " + protocol);
+
+ if (path != null && protocol != null
+ && endpointMap.containsKey(path)) {
+ IModulInfo info = ModulStorage.getModuleByPath(path);
+ if (info == null) {
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ Logger.error("Path " + path + " has no module registered");
+ return;
+ }
+
+ ITargetConfiguration configuration = info.preProcess(req, resp);
+
+ if (!AuthenticationManager.isAuthenticated(req, resp)) {
+
+ session.setAttribute(PARAM_TARGET_PATH, path);
+ session.setAttribute(PARAM_TARGET_PROTOCOL, protocol);
+
+ AuthenticationManager.doAuthentication(req, resp,
+ configuration);
+ return;
+ }
+
+ HashMap<String, HttpServlet> pathMap = endpointMap.get(path);
+ Logger.debug("found path");
+ if (pathMap.containsKey(protocol)) {
+ Logger.debug("found protocol");
+ try {
+ HttpServlet servlet = (HttpServlet) pathMap
+ .get(protocol);
+ String forward = servlet.getClass().getName();
+ Logger.info("Forwarding to Servlet: " + forward);
+ getServletContext().getNamedDispatcher(forward)
+ .forward(req, resp);
+ return;
+ } catch (Throwable e) {
+ e.printStackTrace();
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ }
+ }
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ } catch (Throwable e) {
+ e.printStackTrace();
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
new file mode 100644
index 000000000..ccc0f1ccc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -0,0 +1,192 @@
+package at.gv.egovernment.moa.id.entrypoints;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.ModulStorage;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class DispatcherServlet extends HttpServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ public static final String PARAM_TARGET_PATH = "mod";
+ public static final String PARAM_TARGET_PROTOCOL = "action";
+ public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets";
+ public static final String PARAM_DISPATCHER_TYPE = "DispatcherType";
+ public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH";
+ public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH";
+ public static String SYSTEM_NEWLINE = System.getProperty("line.separator");
+
+ private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new HashMap<String, HashMap<String, HttpServlet>>();
+
+ private void registerModule(IModulInfo modulInfo) {
+
+ HashMap<String, HttpServlet> tempMap = new HashMap<String, HttpServlet>();
+
+ try {
+
+ String path = modulInfo.getPath();
+
+ if (path == null) {
+ throw new Exception(String.format(
+ "%s does not return a valid target path!",
+ new Object[] { modulInfo.getClass().getName() }));
+ }
+
+ Logger.debug("Registering: " + modulInfo.getName() + " under "
+ + path);
+
+ List<ServletInfo> servletInfos = modulInfo.getServlets();
+
+ Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator();
+
+ while (servletInfoIterator.hasNext()) {
+
+ ServletInfo servletInfo = servletInfoIterator.next();
+
+ if (servletInfo.getType() == ServletType.UNAUTH) {
+ HttpServlet servlet = servletInfo.getServletInstance();
+ String target = servletInfo.getTarget();
+
+ if (target == null) {
+ throw new Exception(
+ String.format(
+ "%s does not return a valid target identifier!",
+ new Object[] { servlet.getClass()
+ .getName() }));
+ }
+
+ if (tempMap.containsKey(target)) {
+ throw new Exception(String.format(
+ "%s tried to overwrite %s/%s", new Object[] {
+ servlet.getClass().getName(), path,
+ target }));
+ }
+
+ tempMap.put(target, servlet);
+ Logger.info("Registered Servlet class: "
+ + servlet.getClass().getName() + " OK");
+ }
+
+ }
+
+ // when there was no error we register all servlets into the real
+ // endpoint map ...
+ if (!tempMap.isEmpty()) {
+ endpointMap.put(path, tempMap);
+ }
+ } catch (Throwable e) {
+ Logger.error("Registering Modul class: "
+ + modulInfo.getClass().getName() + " FAILED!!", e);
+ }
+ }
+
+ @Override
+ public void init(ServletConfig config) throws ServletException {
+ try {
+ super.init(config);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+ "init.00", null));
+ } catch (Exception ex) {
+ Logger.fatal(
+ MOAIDMessageProvider.getInstance().getMessage("init.02",
+ null), ex);
+ throw new ServletException(ex);
+ }
+ Logger.info("Dispatcher Servlet initialization");
+
+ List<IModulInfo> modules = ModulStorage.getAllModules();
+ Iterator<IModulInfo> it = modules.iterator();
+ while (it.hasNext()) {
+ IModulInfo info = it.next();
+ String targetClass = info.getClass().getName();
+ try {
+ registerModule(info);
+ } catch (Throwable e) {
+ Logger.error("Registering Class " + targetClass + " FAILED!!",
+ e);
+ }
+ }
+ }
+
+ protected void processRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
+ Object pathObject = req.getAttribute(PARAM_TARGET_PATH);
+ String path = null;
+ if (pathObject != null && (pathObject instanceof String)) {
+ path = (String) pathObject;
+ }
+
+ if (path == null) {
+ path = (String) req.getAttribute(PARAM_TARGET_PATH);
+ }
+
+ Object protocolObject = req.getAttribute(PARAM_TARGET_PROTOCOL);
+ String protocol = null;
+ if (protocolObject != null && (protocolObject instanceof String)) {
+ protocol = (String) protocolObject;
+ }
+
+ if (protocol == null) {
+ protocol = req.getParameter(PARAM_TARGET_PROTOCOL);
+ }
+
+ Logger.debug("dispatching to " + path + " protocol " + protocol);
+
+ if (path != null && protocol != null && endpointMap.containsKey(path)) {
+ HashMap<String, HttpServlet> pathMap = endpointMap.get(path);
+ Logger.debug("found path");
+ if (pathMap.containsKey(protocol)) {
+ Logger.debug("found protocol");
+ try {
+ HttpServlet servlet = (HttpServlet) pathMap.get(protocol);
+ String forward = servlet.getClass().getName();
+ Logger.info("Forwarding to Servlet: " + forward);
+ getServletContext().getNamedDispatcher(forward).forward(
+ req, resp);
+ return;
+ } catch (Throwable e) {
+ Logger.error("Failed to process request!", e);
+ IModulInfo info = ModulStorage.getModuleByPath(path);
+ if(info != null) {
+ if(info.generateErrorMessage(e, req, resp)) {
+ return;
+ }
+ }
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ }
+ }
+ }
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ processRequest(req, resp);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
new file mode 100644
index 000000000..e631523a2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthenticationManager implements MOAIDAuthConstants {
+
+ public static final String MOA_SESSION = "MoaAuthenticationSession";
+ public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+
+ public static AuthenticationSession getAuthenticationSession(HttpSession session) {
+ String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
+ if(sessionID != null) {
+ return AuthenticationSessionStore.getSession(sessionID);
+ }
+ return null;
+ }
+
+ /**
+ * Checks if the session is authenticated
+ * @param request
+ * @param response
+ * @return
+ */
+ public static boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) {
+ Logger.info("Checking authentication");
+
+ HttpSession session = request.getSession();
+
+ String sessionID = (String)request.getAttribute(PARAM_SESSIONID);
+ if(sessionID != null) {
+ AuthenticationSession authSession = AuthenticationSessionStore.getSession(sessionID);
+ if(authSession != null) {
+ if(authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) {
+ session.invalidate();
+ session = request.getSession();
+ HTTPSessionUtils.setHTTPSessionBoolean(session, MOA_AUTHENTICATED, true);
+ authSession.setAuthenticatedUsed(true);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID);
+ }
+ }
+ }
+
+ return HTTPSessionUtils.getHTTPSessionBoolean(session, MOA_AUTHENTICATED, false);
+ }
+
+ public static void doAuthentication(HttpServletRequest request, HttpServletResponse response,
+ ITargetConfiguration target)
+ throws ServletException, IOException {
+ HttpSession session = request.getSession();
+ Logger.info("Starting authentication ...");
+ String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+ return;
+ // TODO: Build authentication form
+ //session.getServletContext().getNamedDispatcher("StartAuthenticationServlet").forward(request, response);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
new file mode 100644
index 000000000..c0bf29844
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java
@@ -0,0 +1,75 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class AuthenticationSessionStore {
+
+ private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+
+ public static boolean isAuthenticated(String moaSessionID) {
+ synchronized (sessionStore) {
+ if (sessionStore.containsKey(moaSessionID)) {
+ return sessionStore.get(moaSessionID).isAuthenticated();
+ }
+ }
+ return false;
+ }
+
+ public static AuthenticationSession createSession() {
+ String id = Random.nextRandom();
+ AuthenticationSession session = new AuthenticationSession(id);
+ synchronized (sessionStore) {
+ sessionStore.put(id, session);
+ }
+ return session;
+ }
+
+ public static void dumpSessionStore() {
+ synchronized (sessionStore) {
+ Set<String> keys = sessionStore.keySet();
+ Iterator<String> keyIterator = keys.iterator();
+ while(keyIterator.hasNext()) {
+ String key = keyIterator.next();
+ AuthenticationSession session = sessionStore.get(key);
+ Logger.info("Key: " + key + " -> " + session.toString());
+ }
+ }
+ }
+
+ public static String changeSessionID(AuthenticationSession session)
+ throws MOAIDException {
+ synchronized (sessionStore) {
+ if (sessionStore.containsKey(session.getSessionID())) {
+ AuthenticationSession theSession = sessionStore.get(session
+ .getSessionID());
+ if (theSession != session) {
+ throw new MOAIDException("TODO!", null);
+ }
+
+ sessionStore.remove(session.getSessionID());
+ String id = Random.nextRandom();
+ session.setSessionID(id);
+ sessionStore.put(id, session);
+ return id;
+ }
+ }
+ throw new MOAIDException("TODO!", null);
+ }
+
+ public static AuthenticationSession getSession(String sessionID) {
+ synchronized (sessionStore) {
+ if (sessionStore.containsKey(sessionID)) {
+ return sessionStore.get(sessionID);
+ }
+ }
+ Logger.info("No MOA Session with id: " + sessionID);
+ return null;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
new file mode 100644
index 000000000..1f51feff6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+public interface IModulInfo {
+ public List<ServletInfo> getServlets();
+ public String getName();
+ public String getPath();
+
+ public ITargetConfiguration preProcess(HttpServletRequest request, HttpServletResponse response)
+ throws MOAIDException;
+
+ public boolean generateErrorMessage(Throwable e,HttpServletRequest request, HttpServletResponse response);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ITargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ITargetConfiguration.java
new file mode 100644
index 000000000..e86f20496
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ITargetConfiguration.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public interface ITargetConfiguration {
+ public String getOAURL();
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
new file mode 100644
index 000000000..8b13bf9a1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ModulStorage {
+
+ private static final String[] modulClasses = new String[]{
+ "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"
+ };
+
+
+ private static List<IModulInfo> registeredModules = new ArrayList<IModulInfo>();
+
+ public static List<IModulInfo> getAllModules() {
+ return registeredModules;
+ }
+
+ public static IModulInfo getModuleByPath(String modname) {
+ Iterator<IModulInfo> it = registeredModules.iterator();
+ while (it.hasNext()) {
+ IModulInfo info = it.next();
+ if (info.getPath().equals(modname)) {
+ return info;
+ }
+ }
+ return null;
+ }
+
+ static {
+ Logger.info("Loading modules:");
+ for(int i = 0; i < modulClasses.length; i++) {
+ String modulClassName = modulClasses[i];
+ try {
+ @SuppressWarnings("unchecked")
+ Class<IModulInfo> moduleClass = (Class<IModulInfo>)Class.forName(modulClassName);
+ IModulInfo module = moduleClass.newInstance();
+ Logger.info("Loading Modul Information: " + module.getName());
+ registeredModules.add(module);
+ } catch(Throwable e) {
+ Logger.error("Check configuration! " + modulClassName +
+ " is not a valid IModulInfo", e);
+ }
+ }
+ Logger.info("Loading modules done");
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
new file mode 100644
index 000000000..0181233d5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import javax.servlet.http.HttpServlet;
+
+
+public class ServletInfo {
+ Class<? extends HttpServlet> servletClass;
+ String servletTarget;
+ ServletType type;
+
+ public ServletInfo(Class<? extends HttpServlet> servletClass,
+ String servletTarget, ServletType type) {
+ super();
+ this.servletClass = servletClass;
+ this.servletTarget = servletTarget;
+ this.type = type;
+ }
+
+ public HttpServlet getServletInstance()
+ throws InstantiationException, IllegalAccessException {
+ return servletClass.newInstance();
+ }
+
+ public String getTarget() {
+ return servletTarget;
+ }
+
+ public ServletType getType() {
+ return type;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
new file mode 100644
index 000000000..50b1702f8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public enum ServletType {
+ UNAUTH, AUTH, NONE
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/TargetConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/TargetConfigurationImpl.java
new file mode 100644
index 000000000..fadedce0b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/TargetConfigurationImpl.java
@@ -0,0 +1,15 @@
+package at.gv.egovernment.moa.id.moduls;
+
+public class TargetConfigurationImpl implements ITargetConfiguration {
+
+ private String oaURL;
+
+ public void setOAURL(String value) {
+ oaURL = value;
+ }
+
+ public String getOAURL() {
+ return oaURL;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
new file mode 100644
index 000000000..4dc4a2b35
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -0,0 +1,118 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginConfirmationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class GetArtifactServlet extends AuthServlet {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 3593264832041467899L;
+
+ /**
+ * Constructor for GetArtifactServlet.
+ */
+ public GetArtifactServlet() {
+ super();
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ HttpSession httpSession = req.getSession();
+
+ AuthenticationSession session = AuthenticationManager
+ .getAuthenticationSession(httpSession);
+
+ String oaURL = (String) req.getAttribute(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+
+ try {
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.12");
+
+ String samlArtifactBase64 = SAML1AuthenticationServer
+ .BuildSAMLArtifact(session);
+
+ /*
+ * String redirectURL = oaURL;//session.getOAURLRequested(); if
+ * (!session.getBusinessService()) { redirectURL =
+ * addURLParameter(redirectURL, PARAM_TARGET,
+ * URLEncoder.encode(session.getTarget(), "UTF-8"));
+ *
+ * } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
+ * URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL =
+ * resp.encodeRedirectURL(redirectURL);
+ *
+ * resp.setContentType("text/html"); resp.setStatus(302);
+ *
+ * resp.addHeader("Location", redirectURL);
+ * Logger.debug("REDIRECT TO: " + redirectURL);
+ */
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+
+ String friendlyName = oaParam.getFriendlyName();
+ if(friendlyName == null) {
+ friendlyName = oaURL;
+ }
+
+ LoginConfirmationBuilder builder = new LoginConfirmationBuilder();
+ builder.addParameter(PARAM_SAMLARTIFACT,
+ samlArtifactBase64);
+ String form = builder.finish(oaURL, session.getIdentityLink()
+ .getName(), friendlyName);
+
+ resp.setContentType("text/html");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(form.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+
+ } catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ } catch (ConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (BuildException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (AuthenticationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
new file mode 100644
index 000000000..3a9b79163
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.util.Calendar;
+
+import org.apache.axis.AxisFault;
+import org.w3c.dom.Element;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Web service for picking up authentication data created in the MOA-ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $
+ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
+ */
+public class GetAuthenticationDataService implements Constants {
+
+ /**
+ * Constructor for GetAuthenticationDataService.
+ */
+ public GetAuthenticationDataService() {
+ super();
+ }
+
+ /**
+ * Takes a <code>lt;samlp:Request&gt;</code> containing a
+ * <code>SAML artifact</code> and returns the corresponding
+ * authentication data <code>lt;saml:Assertion&gt;</code>
+ * (obtained from the <code>AuthenticationServer</code>),
+ * enclosed in a <code>lt;samlp:Response&gt;</code>.
+ * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
+ * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
+ * The status codes are defined in the SAML specification.
+ *
+ * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
+ * only 1 request element is allowed
+ * @return response element of type <code>lt;samlp:Response&gt;</code>,
+ * packed into an <code>Element[]</code>
+ * @throws AxisFault thrown when an error occurs in assembling the
+ * <code>lt;samlp:Response&gt;</code>
+ */
+ public Element[] Request(Element[] requests)
+ throws AxisFault {
+
+ Element request = requests[0];
+ Element[] responses = new Element[1];
+ String requestID = "";
+ String statusCode = "";
+ String subStatusCode = null;
+ String statusMessageCode = null;
+ String statusMessage = null;
+ String samlAssertion = "";
+ boolean useUTC = false;
+ if (requests.length > 1) {
+ // more than 1 request given as parameter
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1201";
+ }
+ else {
+ try {
+ DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
+ NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
+ if (samlArtifactList.getLength() == 0) {
+ // no SAML artifact given in request
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1202";
+ }
+ else if (samlArtifactList.getLength() > 1) {
+ // too many SAML artifacts given in request
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1203";
+ }
+ else {
+ Element samlArtifactElem = (Element)samlArtifactList.item(0);
+ requestID = request.getAttribute("RequestID");
+ String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ try {
+
+ AuthenticationData authData = SAML1AuthenticationServer.getSaml1AuthenticationData(samlArtifact);
+
+ useUTC = authData.getUseUTC();
+
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+ catch (AuthenticationException ex) {
+ // no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+ }
+ }
+ catch (Throwable t) {
+ // invalid request format
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1204";
+ }
+ }
+ try {
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
+ if (statusMessage == null)
+ statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
+ responses[0] = new SAMLResponseBuilder().build(
+ responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+
+ }
+ catch (MOAIDException e) {
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ catch (Throwable t) {
+ MOAIDException e = new MOAIDException("1299", null, t);
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ return responses;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
new file mode 100644
index 000000000..56d02b557
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -0,0 +1,295 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class SAML1AuthenticationServer extends AuthenticationServer {
+
+ // TODO: for clustering we have to replicate this data to other servers
+ // We might need to introduce a openEJB to accomplish this
+ /** authentication data store (assertion handle -> AuthenticationData) */
+ private static Map authenticationDataStore = new HashMap();
+
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data
+ * store
+ */
+ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+ private static AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ boolean businessService = oaParam.getBusinessService();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
+ .getInstance(), useUTC));
+ authData.setIdentificationType(identityLink.getIdentificationType());
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp
+ .isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp
+ .getPublicAuthorityCode());
+ authData.setBkuURL(session.getBkuURL());
+ authData.setUseUTC(oaParam.getUseUTC());
+ boolean provideStammzahl = oaParam.getProvideStammzahl();
+ if (provideStammzahl) {
+ authData.setIdentificationValue(identityLink
+ .getIdentificationValue());
+ }
+ String prPerson = new PersonDataBuilder().build(identityLink,
+ provideStammzahl);
+
+ try {
+ String signerCertificateBase64 = "";
+ if (oaParam.getProvideCertifcate()) {
+ X509Certificate signerCertificate = verifyXMLSigResp
+ .getX509certificate();
+ if (signerCertificate != null) {
+ signerCertificateBase64 = Base64Utils
+ .encode(signerCertificate.getEncoded());
+ } else {
+ Logger
+ .info("\"provideCertificate\" is \"true\", but no signer certificate available");
+ }
+ }
+ authData.setSignerCertificate(signerCertificateBase64);
+ if(!isForeigner) {
+ //we have Austrian citizen
+ if (businessService) {
+ authData.setWBPK(identityLink.getIdentificationValue());
+ } else {
+ authData.setBPK(identityLink.getIdentificationValue());
+
+ // BZ.., calculation of bPK already before sending AUTHBlock
+ /*
+ * if(identityLink.getIdentificationType().equals(Constants.
+ * URN_PREFIX_BASEID)) { // only compute bPK if online
+ * application is a public service and we have the Stammzahl
+ * String bpkBase64 = new BPKBuilder().buildBPK(
+ * identityLink.getIdentificationValue(), session.getTarget());
+ * authData.setBPK(bpkBase64); }
+ */
+
+ }
+ } else {
+ //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW
+ if (businessService) {
+ //since we have foreigner, wbPK is not calculated in BKU
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier());
+ authData.setWBPK(wbpkBase64);
+ }
+
+ } else {
+
+ if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ // only compute bPK if online application is a public service and we have the Stammzahl
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget());
+ authData.setBPK(bpkBase64);
+ }
+
+
+ }
+
+ }
+ String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink
+ .getSerializedSamlAssertion()
+ : "";
+ if (!oaParam.getProvideStammzahl()) {
+ ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink
+ .getIdentificationValue(), "");
+ }
+ String authBlock = oaParam.getProvideAuthBlock() ? session
+ .getAuthBlock() : "";
+
+ session.setAssertionAuthBlock(authBlock);
+ session.setAssertionAuthData(authData);
+ session.setAssertionBusinessService(businessService);
+ session.setAssertionIlAssertion(ilAssertion);
+ session.setAssertionPrPerson(prPerson);
+ session.setAssertionSignerCertificateBase64(signerCertificateBase64);
+
+ return authData;
+
+ } catch (Throwable ex) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", ex.toString() }, ex);
+ }
+ }
+
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of
+ * this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public static AuthenticationData getSaml1AuthenticationData(String samlArtifact)
+ throws AuthenticationException {
+ String assertionHandle;
+ try {
+ assertionHandle = new SAMLArtifactParser(samlArtifact)
+ .parseAssertionHandle();
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ AuthenticationData authData = null;
+ synchronized (authenticationDataStore) {
+ // System.out.println("assertionHandle: " + assertionHandle);
+ authData = (AuthenticationData) authenticationDataStore
+ .get(assertionHandle);
+ if (authData == null) {
+ Logger.error("Assertion not found for SAML Artifact: "
+ + samlArtifact);
+ throw new AuthenticationException("1206",
+ new Object[] { samlArtifact });
+ }
+ boolean keepAssertion = false;
+ try {
+ String boolStr = AuthConfigurationProvider.getInstance()
+ .getGenericConfigurationParameter(
+ "AuthenticationServer.KeepAssertion");
+ if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+ keepAssertion = true;// Only allowed for debug purposes!!!
+ } catch (ConfigurationException ex) {
+ throw new AuthenticationException("1205", new Object[] {
+ samlArtifact, ex.toString() });
+ }
+ if (!keepAssertion) {
+ authenticationDataStore.remove(assertionHandle);
+ }
+ }
+ long now = new Date().getTime();
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut)
+ throw new AuthenticationException("1207",
+ new Object[] { samlArtifact });
+ Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+ return authData;
+ }
+
+ public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException {
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
+ boolean useCondition = oaParam.getUseCondition();
+ int conditionLength = oaParam.getConditionLength();
+
+ // builds authentication data and stores it together with a SAML
+ // artifact
+ AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
+ useUTC, false);
+
+ String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData, session.getAssertionPrPerson(),
+ session.getAssertionAuthBlock(),
+ session.getAssertionIlAssertion(), session.getBkuURL(),
+ session.getAssertionSignerCertificateBase64(),
+ session.getAssertionBusinessService(),
+ session.getExtendedSAMLAttributesOA(), useCondition,
+ conditionLength);
+ authData.setSamlAssertion(samlAssertion);
+
+ String assertionFile = AuthConfigurationProvider.getInstance()
+ .getGenericConfigurationParameter(
+ "AuthenticationServer.WriteAssertionToFile");
+ if (!ParepUtils.isEmpty(assertionFile))
+ try {
+ ParepUtils.saveStringToFile(samlAssertion, new File(
+ assertionFile));
+ } catch (IOException e) {
+ throw new BuildException("builder.00", new Object[] {
+ "AuthenticationData", e.toString() }, e);
+ }
+
+ String samlArtifact = new SAMLArtifactBuilder().build(
+ session.getAuthURL(), session.getSessionID(),
+ session.getSourceID());
+
+ storeAuthenticationData(samlArtifact, authData);
+
+ Logger.info("Anmeldedaten zu MOASession " + session.getSessionID()
+ + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+
+ }
+
+ /**
+ * Stores authentication data indexed by the assertion handle contained in
+ * the given saml artifact.
+ *
+ * @param samlArtifact
+ * SAML artifact
+ * @param authData
+ * authentication data
+ * @throws AuthenticationException
+ * when SAML artifact is invalid
+ */
+ private static void storeAuthenticationData(String samlArtifact,
+ AuthenticationData authData) throws AuthenticationException {
+
+ try {
+ SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
+ // check type code 0x0001
+ byte[] typeCode = parser.parseTypeCode();
+ if (typeCode[0] != 0 || typeCode[1] != 1)
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ String assertionHandle = parser.parseAssertionHandle();
+ synchronized (authenticationDataStore) {
+ Logger.debug("Assertion stored for SAML Artifact: "
+ + samlArtifact);
+ authenticationDataStore.put(assertionHandle, authData);
+ }
+ } catch (AuthenticationException ex) {
+ throw ex;
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06",
+ new Object[] { samlArtifact });
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
new file mode 100644
index 000000000..601425a9c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.protocols.saml1;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.ITargetConfiguration;
+import at.gv.egovernment.moa.id.moduls.ServletInfo;
+import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.moduls.TargetConfigurationImpl;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
+
+ public static final String NAME = SAML1Protocol.class.getName();
+ public static final String PATH = "id_saml1";
+
+ public static final String GETARTIFACT = "GetArtifact";
+
+ private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
+
+ static {
+ servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
+ ServletType.AUTH));
+
+ instance = new SAML1Protocol();
+ }
+
+ private static SAML1Protocol instance = null;
+
+ public static SAML1Protocol getInstance() {
+ if (instance == null) {
+ instance = new SAML1Protocol();
+ }
+ return instance;
+ }
+
+ public List<ServletInfo> getServlets() {
+ return servletList;
+ }
+
+
+ public String getName() {
+ return NAME;
+ }
+
+ public String getPath() {
+ return PATH;
+ }
+
+ public ITargetConfiguration preProcess(HttpServletRequest request,
+ HttpServletResponse response) throws MOAIDException {
+ TargetConfigurationImpl config = new TargetConfigurationImpl();
+ String oaURL = (String) request.getAttribute(PARAM_OA);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ config.setOAURL(oaURL);
+ request.getSession().setAttribute(PARAM_OA, oaURL);
+ return config;
+ }
+
+ public boolean generateErrorMessage(Throwable e,
+ HttpServletRequest request, HttpServletResponse response) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
new file mode 100644
index 000000000..a8eef06a7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.util;
+
+import javax.servlet.http.HttpSession;
+
+public class HTTPSessionUtils {
+
+ public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
+ Object obj = session.getAttribute(name);
+ if(obj == null) {
+ return fallback;
+ }
+
+ if(obj instanceof Boolean) {
+ Boolean b = (Boolean)obj;
+ if(b != null) {
+ return b.booleanValue();
+ }
+ }
+ return fallback;
+ }
+
+ public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
+ session.setAttribute(name, new Boolean(value));
+ }
+
+ public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
+ Object obj = session.getAttribute(name);
+ if(obj == null) {
+ return fallback;
+ }
+
+ if(obj instanceof String) {
+ return (String)obj;
+ }
+ return fallback;
+ }
+
+ public static void setHTTPSessionString(HttpSession session, String name, String value) {
+ session.setAttribute(name, value);
+ }
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
new file mode 100644
index 000000000..90deb3b04
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html
@@ -0,0 +1,55 @@
+<html>
+<head>
+
+</head>
+<body>
+ <div style="width: 250px">
+ <div id="bku_area">
+ <form action="#AUTH_URL#" method="get" id="fcard">
+ <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
+ <input type="hidden" name="OA" value="#OA_URL#">
+ <input type="checkbox" id="mandateCheckBox" name="useMandate" value="true">
+ <label for="mandateCheckBox">in Vertretung anmelden</label>
+ <div
+ style="float: left; width: 48%; text-align: center; position: relative;">
+ <div class="image">
+ <img src="img/karte.gif" alt="Login mit Karte" width="76"
+ height="50" style="margin-top: 1.5em;">
+ </div>
+ <input type="submit" id="startOnlineBku" name="startOnlineBku"
+ value="Karte" class="button">
+ </div>
+ <div
+ style="float: left; width: 48%; text-align: center; position: relative;">
+ <div class="image">
+ <img src="img/handy.gif" alt="Login mit Handy" width="34"
+ height="57" style="margin-top: 1em;">
+ </div>
+ <input type="submit" id="startMobileBku" name="startMobileBku"
+ value="Handy" class="button">
+ </div>
+ </form>
+ </div>
+ <form name="storkForm" method="POST"
+ action="#AUTH_URL#">
+ <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request">
+ <input type="hidden" name="OA" value="#OA_URL#">
+ <select name="CCC" size="1" style="width: 120px">
+ <option value="BE">België/Belgique</option>
+ <option value="EE">Eesti</option>
+ <option value="ES">España</option>
+ <option value="IS">Ísland</option>
+ <option value="IT">Italia</option>
+ <option value="LI">Liechtenstein</option>
+ <option value="LT">Lithuania</option>
+ <option value="PT">Portugal</option>
+ <option value="SI">Slovenija</option>
+ <option value="FI">Suomi</option>
+ <option value="SE">Sverige</option>
+ </select> <input type="submit" name="storkButton" value="Send" alt="Send"
+ class="button" /> <a href="info_stork.html" target="_blank"
+ class="infobutton" style="color: #FFF">i</a>
+ </form>
+ </div>
+</body>
+</html> \ No newline at end of file