diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
| -rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 594 |
1 files changed, 334 insertions, 260 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e9d9c7175..bc3e075be 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -67,21 +68,21 @@ import at.gv.egovernment.moa.util.FileUtils; * @version $Id$ */ public class AuthenticationServer implements MOAIDAuthConstants { - - /** single instance */ - private static AuthenticationServer instance; - /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); - /** - * time out in milliseconds used by {@link cleanup} for session store - */ - private long sessionTimeOut = 10*60*1000; // default 10 minutes - /** - * time out in milliseconds used by {@link cleanup} for authentication data store - */ - private long authDataTimeOut = 2*60*1000; // default 2 minutes + + /** single instance */ + private static AuthenticationServer instance; + /** session data store (session ID -> AuthenticationSession) */ + private static Map sessionStore = new HashMap(); + /** authentication data store (assertion handle -> AuthenticationData) */ + private static Map authenticationDataStore = new HashMap(); + /** + * time out in milliseconds used by {@link cleanup} for session store + */ + private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + /** + * time out in milliseconds used by {@link cleanup} for authentication data store + */ + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of <code>AuthenticationServer</code>. @@ -122,24 +123,35 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException while building the HTML form */ public String selectBKU( - String authURL, String target, String oaURL, String bkuSelectionTemplateURL, String templateURL) + String authURL, + String target, + String oaURL, + String bkuSelectionTemplateURL, + String templateURL) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL"); if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA); - if (! authURL.startsWith("https:")) - throw new AuthenticationException("auth.07", null); - ConnectionParameter bkuConnParam = AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); + + ConnectionParameter bkuConnParam = + AuthConfigurationProvider.getInstance().getBKUConnectionParameter(); if (bkuConnParam == null) - throw new ConfigurationException("config.08", new Object[] {"BKUSelection/ConnectionParameter"}); - OAAuthParameter oaParam = + throw new ConfigurationException( + "config.08", + new Object[] { "BKUSelection/ConnectionParameter" }); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] {oaURL}); + throw new AuthenticationException("auth.00", new Object[] { oaURL }); AuthenticationSession session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); @@ -147,32 +159,37 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); session.setTemplateURL(templateURL); - String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); + String returnURL = + new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL; return redirectURL; - } - else { + } else { // bkuSelectionType==HTMLSelect String bkuSelectTag; try { bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam); - } - catch (Throwable ex) { - throw new AuthenticationException("auth.03", new Object[] {bkuConnParam.getUrl(), ex.toString()}, ex); + } catch (Throwable ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuConnParam.getUrl(), ex.toString()}, + ex); } String bkuSelectionTemplate = null; if (bkuSelectionTemplateURL != null) { try { bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL)); - } - catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] {bkuSelectionTemplateURL, ex.toString()}, ex); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { bkuSelectionTemplateURL, ex.toString()}, + ex); } } - String htmlForm = new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); + String htmlForm = + new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag); return htmlForm; } } @@ -186,47 +203,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException on any data error * @throws GeneralSecurityException on security errors */ - private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) + private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - + if (connParam.isHTTPSURL()) return new String(SSLUtils.readHttpsURL(conf, connParam)); else return new String(FileUtils.readURL(connParam.getUrl())); } /** - * Processes the beginning of an authentication session. - * <ul> - * <li>Starts an authentication session</li> - * <li>Creates an <code><InfoboxReadRequest></code></li> - * <li>Creates an HTML form for querying the identity link from the - * security layer implementation. - * <br>Form parameters include - * <ul> - * <li>the <code><InfoboxReadRequest></code></li> - * <li>the data URL where the security layer implementation sends it response to</li> - * </ul> - * </ul> + * Processes the beginning of an authentication session. + * <ul> + * <li>Starts an authentication session</li> + * <li>Creates an <code><InfoboxReadRequest></code></li> + * <li>Creates an HTML form for querying the identity link from the + * security layer implementation. + * <br>Form parameters include + * <ul> + * <li>the <code><InfoboxReadRequest></code></li> + * <li>the data URL where the security layer implementation sends it response to</li> + * </ul> + * </ul> * @param authURL URL of the servlet to be used as data URL * @param target "Geschäftsbereich" of the online application requested * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be <code>null</code>; in this case, the default location will be used * @param templateURL URL providing an HTML template for the HTML form generated - * @return HTML form + * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder - */ - public String startAuthentication( - String authURL, String target, String oaURL, String templateURL, String bkuURL, String sessionID) - throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { + */ + public String startAuthentication( + String authURL, + String target, + String oaURL, + String templateURL, + String bkuURL, + String sessionID) + throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (isEmpty(sessionID)) { if (isEmpty(authURL)) throw new WrongParametersException("StartAuthentication", "AuthURL"); - if (! authURL.startsWith("https:")) - throw new AuthenticationException("auth.07", null); + + //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = + AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET); if (isEmpty(oaURL)) @@ -234,105 +261,128 @@ public class AuthenticationServer implements MOAIDAuthConstants { } AuthenticationSession session; if (sessionID != null) - session = getSession(sessionID); - else { - OAAuthParameter oaParam = + session = getSession(sessionID); + else { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] {oaURL}); + throw new AuthenticationException("auth.00", new Object[] { oaURL }); session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); + Logger.info("MOASession " + session.getSessionID() + " angelegt"); + session.setTarget(target); + session.setOAURLRequested(oaURL); + session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + session.setAuthURL(authURL); session.setTemplateURL(templateURL); } - String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session.getSessionID()); + String infoboxReadRequest = new InfoboxReadRequestBuilder().build(); + String dataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_VERIFY_IDENTITY_LINK, + session.getSessionID()); String template = null; if (session.getTemplateURL() != null) { - try { - template = new String(FileUtils.readURL(session.getTemplateURL())); - } - catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] {session.getTemplateURL(), ex.toString()}, ex); + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException( + "auth.03", + new Object[] { session.getTemplateURL(), ex.toString()}, + ex); } } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); - String certInfoDataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); - String htmlForm = new GetIdentityLinkFormBuilder().build( - template, bkuURL, infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL); - return htmlForm; - } - /** - * Processes an <code><InfoboxReadResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><InfoboxReadResponse></code></li> - * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> - * <li>Verifies identity link by calling the MOA SP component</li> - * <li>Checks certificate authority of identity link</li> - * <li>Stores identity link in the session</li> - * <li>Creates an authentication block to be signed by the user</li> - * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> - * containg the authentication block, meant to be returned to the - * security layer implementation</li> - * </ul> - * - * @param sessionID ID of associated authentication session data - * @param xmlInfoboxReadResponse String representation of the - * <code><InfoboxReadResponse></code> - * @return String representation of the <code><CreateXMLSignatureRequest></code> - */ - public String verifyIdentityLink (String sessionID, String xmlInfoboxReadResponse) - throws AuthenticationException, ParseException, ConfigurationException, ValidateException, ServiceException, WrongParametersException { - + String certInfoDataURL = + new DataURLBuilder().buildDataURL( + session.getAuthURL(), + REQ_START_AUTHENTICATION, + session.getSessionID()); + String htmlForm = + new GetIdentityLinkFormBuilder().build( + template, + bkuURL, + infoboxReadRequest, + dataURL, + certInfoRequest, + certInfoDataURL); + return htmlForm; + } + /** + * Processes an <code><InfoboxReadResponse></code> sent by the + * security layer implementation.<br> + * <ul> + * <li>Validates given <code><InfoboxReadResponse></code></li> + * <li>Parses identity link enclosed in <code><InfoboxReadResponse></code></li> + * <li>Verifies identity link by calling the MOA SP component</li> + * <li>Checks certificate authority of identity link</li> + * <li>Stores identity link in the session</li> + * <li>Creates an authentication block to be signed by the user</li> + * <li>Creates and returns a <code><CreateXMLSignatureRequest></code> + * containg the authentication block, meant to be returned to the + * security layer implementation</li> + * </ul> + * + * @param sessionID ID of associated authentication session data + * @param xmlInfoboxReadResponse String representation of the + * <code><InfoboxReadResponse></code> + * @return String representation of the <code><CreateXMLSignatureRequest></code> + */ + public String verifyIdentityLink(String sessionID, String xmlInfoboxReadResponse) + throws + AuthenticationException, + ParseException, + ConfigurationException, + ValidateException, + ServiceException { + if (isEmpty(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID}); if (isEmpty(xmlInfoboxReadResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE); - AuthenticationSession session = getSession(sessionID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", new Object[] {sessionID}); - session.setTimestampIdentityLink(); + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses the <InfoboxReadResponse> - IdentityLink identityLink = new InfoboxReadResponseParser(xmlInfoboxReadResponse). - parseIdentityLink(); + IdentityLink identityLink = + new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); // validates the identity link - IdentityLinkValidator.getInstance().validate(identityLink); + IdentityLinkValidator.getInstance().validate(identityLink); // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP - Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build( - identityLink, authConf.getMoaSpIdentityLinkTrustProfileID()); + Element domVerifyXMLSignatureRequest = + new VerifyXMLSignatureRequestBuilder().build( + identityLink, + authConf.getMoaSpIdentityLinkTrustProfileID()); // debug output - debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); + if(null != domVerifyXMLSignatureRequest) + debugOutputXMLFile("VerifyIdentityLinkRequest.xml", domVerifyXMLSignatureRequest); // invokes the call - Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker(). - verifyXMLSignature(domVerifyXMLSignatureRequest); + Element domVerifyXMLSignatureResponse = + new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponse verifyXMLSignatureResponse = - new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + VerifyXMLSignatureResponse verifyXMLSignatureResponse = + new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); // debug output - debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); + if(null != domVerifyXMLSignatureResponse) + debugOutputXMLFile("VerifyIdentityLinkResponse.xml", domVerifyXMLSignatureResponse); // validates the <VerifyXMLSignatureResponse> - VerifyXMLSignatureResponseValidator.getInstance().validate( - verifyXMLSignatureResponse, + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); - - session.setIdentityLink(identityLink); + + session.setIdentityLink(identityLink); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); - session.setAuthBlock(authBlock); + session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformInfos = authConf.getTransformsInfos(); - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder(). - build(authBlock, transformInfos); - return createXMLSignatureRequest; - } + String[] transformInfos = authConf.getTransformsInfos(); + String createXMLSignatureRequest = + new CreateXMLSignatureRequestBuilder().build(authBlock, transformInfos); + return createXMLSignatureRequest; + } /** * Builds an authentication block <code><saml:Assertion></code> from given session data. * @param session authentication session @@ -345,74 +395,92 @@ public class AuthenticationServer implements MOAIDAuthConstants { String authURL = session.getAuthURL(); String target = session.getTarget(); String oaURL = session.getPublicOAURLPrefix(); - String authBlock = new AuthenticationBlockAssertionBuilder(). - build(issuer, issueInstant, authURL, target, oaURL); + String authBlock = + new AuthenticationBlockAssertionBuilder().build(issuer, issueInstant, authURL, target, oaURL); return authBlock; } - /** - * Processes a <code><CreateXMLSignatureResponse></code> sent by the - * security layer implementation.<br> - * <ul> - * <li>Validates given <code><CreateXMLSignatureResponse></code></li> - * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> - * <li>Parses authentication block enclosed in - * <code><CreateXMLSignatureResponse></code></li> - * <li>Verifies authentication block by calling the MOA SP component</li> - * <li>Creates authentication data</li> - * <li>Creates a corresponding SAML artifact</li> - * <li>Stores authentication data in the authentication data store - * indexed by the SAML artifact</li> - * <li>Deletes authentication session</li> - * <li>Returns the SAML artifact, encoded BASE64</li> - * </ul> - * - * @param sessionID session ID of the running authentication session - * @param xmlCreateXMLSignatureReadResponse String representation of the - * <code><CreateXMLSignatureResponse></code> - * @return SAML artifact needed for retrieving authentication data, encoded BASE64 - */ - public String verifyAuthenticationBlock( - String sessionID, String xmlCreateXMLSignatureReadResponse) - throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, WrongParametersException { + /** + * Processes a <code><CreateXMLSignatureResponse></code> sent by the + * security layer implementation.<br> + * <ul> + * <li>Validates given <code><CreateXMLSignatureResponse></code></li> + * <li>Parses <code><CreateXMLSignatureResponse></code> for error codes</li> + * <li>Parses authentication block enclosed in + * <code><CreateXMLSignatureResponse></code></li> + * <li>Verifies authentication block by calling the MOA SP component</li> + * <li>Creates authentication data</li> + * <li>Creates a corresponding SAML artifact</li> + * <li>Stores authentication data in the authentication data store + * indexed by the SAML artifact</li> + * <li>Deletes authentication session</li> + * <li>Returns the SAML artifact, encoded BASE64</li> + * </ul> + * + * @param sessionID session ID of the running authentication session + * @param xmlCreateXMLSignatureReadResponse String representation of the + * <code><CreateXMLSignatureResponse></code> + * @return SAML artifact needed for retrieving authentication data, encoded BASE64 + */ + public String verifyAuthenticationBlock( + String sessionID, + String xmlCreateXMLSignatureReadResponse) + throws + AuthenticationException, + BuildException, + ParseException, + ConfigurationException, + ServiceException, + ValidateException { if (isEmpty(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); if (isEmpty(xmlCreateXMLSignatureReadResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE); - AuthenticationSession session = getSession(sessionID); + throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> - CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + CreateXMLSignatureResponse csresp = + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix()); + new CreateXMLSignatureResponseValidator().validate( + csresp, + session.getTarget(), + session.getPublicOAURLPrefix()); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); + if(null != domVsreq) + AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockRequest.xml", domVsreq); // invokes the call Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); // parses the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); // debug output - AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); + if(null != domVsresp) + AuthenticationServer.debugOutputXMLFile("VerifyAuthenticationBlockResponse.xml", domVsresp); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( - vsresp, null,VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); + vsresp, + null, + VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK); // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(vsresp, session.getIdentityLink()); - + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, + session.getIdentityLink()); + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); - String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); - storeAuthenticationData(samlArtifact, authData); + AuthenticationData authData = buildAuthenticationData(session, vsresp); + String samlArtifact = + new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); + storeAuthenticationData(samlArtifact, authData); // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); + sessionStore.remove(sessionID); + Logger.info( + "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; - } + } /** * Builds the AuthenticationData object together with the * corresponding <code><saml:Assertion></code> @@ -422,20 +490,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws ConfigurationException while accessing configuration data * @throws BuildException while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) - throws ConfigurationException, BuildException { - + private AuthenticationData buildAuthenticationData( + AuthenticationSession session, + VerifyXMLSignatureResponse verifyXMLSigResp) + throws ConfigurationException, BuildException { + IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); + AuthenticationData authData = new AuthenticationData(); authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - String vpkBase64 = new VPKBuilder().buildVPK( - identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget()); + String vpkBase64 = + new VPKBuilder().buildVPK( + identityLink.getIdentificationValue(), + identityLink.getDateOfBirth(), + session.getTarget()); authData.setVPK(vpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -443,57 +514,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - String prPerson = new PersonDataBuilder().build( - identityLink, oaParam.getProvideZMRZahl()); - - try { - String ilAssertion = - oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( + session.getPublicOAURLPrefix()); + String prPerson = new PersonDataBuilder().build(identityLink, oaParam.getProvideZMRZahl()); + + try { + String ilAssertion = + oaParam.getProvideIdentityLink() + ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) + : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, prPerson, authBlock, ilAssertion); + String samlAssertion = + new AuthenticationDataAssertionBuilder().build(authData, prPerson, authBlock, ilAssertion); authData.setSamlAssertion(samlAssertion); - return authData; - } - catch (Throwable ex) { - throw new BuildException( - "builder.00", - new Object[] { "AuthenticationData", ex.toString() }, - ex); - } - } - /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) throws AuthenticationException { + return authData; + } catch (Throwable ex) { + throw new BuildException( + "builder.00", + new Object[] { "AuthenticationData", ex.toString()}, + ex); + } + } + /** + * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. + * The <code>AuthenticationData</code> is deleted from the store upon end of this call. + * + * @return <code>AuthenticationData</code> + */ + public AuthenticationData getAuthenticationData(String samlArtifact) + throws AuthenticationException { String assertionHandle; try { assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); - } - catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] {samlArtifact, ex.toString()}); + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()}); } AuthenticationData authData = null; synchronized (authenticationDataStore) { - authData = (AuthenticationData)authenticationDataStore.get(assertionHandle); - if (authData == null) { + authData = (AuthenticationData) authenticationDataStore.get(assertionHandle); + if (authData == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); - throw new AuthenticationException("1206", new Object[] {samlArtifact}); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); } authenticationDataStore.remove(assertionHandle); - } + } long now = new Date().getTime(); if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] {samlArtifact}); + throw new AuthenticationException("1207", new Object[] { samlArtifact }); Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } + return authData; + } /** * Stores authentication data indexed by the assertion handle contained in the * given saml artifact. @@ -501,26 +572,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param authData authentication data * @throws AuthenticationException when SAML artifact is invalid */ - private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) + private void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { - - try { + + try { SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); // check type code 0x0001 byte[] typeCode = parser.parseTypeCode(); if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", new Object[] {samlArtifact}); + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); String assertionHandle = parser.parseAssertionHandle(); - synchronized(authenticationDataStore) { + synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); authenticationDataStore.put(assertionHandle, authData); } - } - catch (AuthenticationException ex) { + } catch (AuthenticationException ex) { throw ex; - } - catch (Throwable ex) { - throw new AuthenticationException("auth.06", new Object[] {samlArtifact}); + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); } } /** @@ -533,13 +602,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { * already for the given session ID */ private static AuthenticationSession newSession() throws AuthenticationException { - String sessionID = Random.nextRandom(); + String sessionID = Random.nextRandom(); AuthenticationSession newSession = new AuthenticationSession(sessionID); synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession)sessionStore.get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (session != null) + throw new AuthenticationException("auth.01", new Object[] { sessionID }); + sessionStore.put(sessionID, newSession); } return newSession; } @@ -551,38 +620,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { * <code>null</code> if session ID unknown */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession)sessionStore.get(id); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(id); if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); + throw new AuthenticationException("auth.02", new Object[] { id }); return session; } /** * Cleans up expired session and authentication data stores. */ public void cleanup() { - long now = new Date().getTime(); - synchronized(sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext(); ) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.02", new Object[] {sessionID})); - sessionStore.remove(sessionID); - } - } - } - synchronized(authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext(); ) { - String samlArtifact = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore.get(samlArtifact); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage("cleaner.03", new Object[] {samlArtifact})); - authenticationDataStore.remove(samlArtifact); - } - } - } + long now = new Date().getTime(); + synchronized (sessionStore) { + Set keys = new HashSet(sessionStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String sessionID = (String) iter.next(); + AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID); + if (now - session.getTimestampStart().getTime() > sessionTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.02", + new Object[] { sessionID })); + sessionStore.remove(sessionID); + } + } + } + synchronized (authenticationDataStore) { + Set keys = new HashSet(authenticationDataStore.keySet()); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + String samlArtifact = (String) iter.next(); + AuthenticationData authData = + (AuthenticationData) authenticationDataStore.get(samlArtifact); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) { + Logger.info( + MOAIDMessageProvider.getInstance().getMessage( + "cleaner.03", + new Object[] { samlArtifact })); + authenticationDataStore.remove(samlArtifact); + } + } + } } /** @@ -599,7 +675,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public void setSecondsAuthDataTimeOut(long seconds) { authDataTimeOut = 1000 * seconds; } - + /** * Checks a parameter. * @param param parameter @@ -620,8 +696,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { try { String xmlString = new String(DOMUtils.serializeNode(rootElem)); debugOutputXMLFile(filename, xmlString); - } - catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } @@ -639,8 +714,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { byte[] xmlData = xmlString.getBytes("UTF-8"); fout.write(xmlData); fout.close(); - } - catch (Exception ex) { + } catch (Exception ex) { ex.printStackTrace(); } } |