diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 270 |
1 files changed, 172 insertions, 98 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9ffd72cda..911920e83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; +import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -32,7 +33,7 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; +//import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; @@ -103,6 +104,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -113,8 +115,8 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore; import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -152,7 +154,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); + //private static Map sessionStore = new HashMap(); /** * time out in milliseconds used by {@link cleanup} for session store @@ -269,6 +271,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthURL(authURL); session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance() @@ -498,6 +508,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { pushInfobox = verifyInfoboxParameters.getPushInfobox(); session.setPushInfobox(pushInfobox); } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() @@ -641,8 +659,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam .getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + + return returnvalue; } /** @@ -673,7 +700,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String verifyCertificate(String sessionID, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { @@ -693,8 +720,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, authConf, oaParam, isOW); + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } + + + return returnvalue; } /** @@ -716,11 +752,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); @@ -731,7 +767,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -758,6 +794,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // set extended SAML attributes if provideMandatorData is true setExtendedSAMLAttributeForMandates(session, mandate, oaParam .getBusinessService(), oaParam.getProvideStammzahl()); + + //AuthenticationSessionStoreage.storeSession(session); + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -985,7 +1024,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1099,6 +1138,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session); + + return authBlock; } @@ -1806,18 +1847,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1930,24 +1973,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC, false); + //set Authblock + session.setAuthData(authData); + + //set signer certificate + session.setSignerCertificate(vsresp.getX509certificate()); + if (session.getUseMandate()) { // mandate mode + // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; } else { - session.setAuthData(authData); + session.setAuthenticatedUsed(false); session.setAuthenticated(true); - session.setXMLVerifySignatureResponse(vsresp); + //TODO: check if this element is needed!!! + //session.setXMLVerifySignatureResponse(vsresp); + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2015,15 +2066,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, + public String verifyAuthenticationBlockMandate(AuthenticationSession session, Element mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2089,7 +2141,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, + + // TODO: Check, if this element is in use!!!! + //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, // vsresp, // replacementIdentityLink); @@ -2143,13 +2197,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - session.setAuthData(authData); + //TODO: Check, if this element is in use!!! + //session.setAuthData(authData); + session.setMandateData(mandateData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2305,20 +2365,27 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC, true); session.setAuthData(authData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - session.setXMLVerifySignatureResponse(vsresp); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); + //TODO: check, if it element is in use!!!! + //session.setXMLVerifySignatureResponse(vsresp); + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; + //TODO: regenerate MOASession ID! /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( @@ -2379,8 +2446,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); authData.setMinorVersion(0); @@ -2399,28 +2468,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink .getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); + +// String prPerson = new PersonDataBuilder().build(identityLink, +// provideStammzahl); try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); +// String signerCertificateBase64 = ""; +// if (oaParam.getProvideCertifcate()) { +// X509Certificate signerCertificate = verifyXMLSigResp +// .getX509certificate(); +// if (signerCertificate != null) { +// signerCertificateBase64 = Base64Utils +// .encode(signerCertificate.getEncoded()); +// } else { +// Logger +// .info("\"provideCertificate\" is \"true\", but no signer certificate available"); +// } +// } +// authData.setSignerCertificate(signerCertificateBase64); + if(!isForeigner) { //we have Austrian citizen if (businessService) { @@ -2460,22 +2532,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; +// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink +// .getSerializedSamlAssertion() +// : ""; +// if (!oaParam.getProvideStammzahl()) { +// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink +// .getIdentificationValue(), ""); +// } +// String authBlock = oaParam.getProvideAuthBlock() ? session +// .getAuthBlock() : ""; - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); + + //TODO: check, if this elements are in use!!!! +// session.setAssertionAuthBlock(authBlock); +// session.setAssertionAuthData(authData); +// session.setAssertionBusinessService(businessService); +// session.setAssertionIlAssertion(ilAssertion); +// session.setAssertionPrPerson(prPerson); +// session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2498,20 +2572,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { private static AuthenticationSession newSession() throws AuthenticationException { - return AuthenticationSessionStore.createSession(); - - /* - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + try { + return AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); } - return newSession;*/ } /** @@ -2525,12 +2591,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = AuthenticationSessionStore.getSession(id); + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + /*(AuthenticationSession) sessionStore .get(id);*/ - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2538,20 +2611,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOut); + //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); assertionstore.clean(now, authDataTimeOut); @@ -2921,12 +2986,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + +// CertificateFactory cf; +// X509Certificate cert = null; +// cf = CertificateFactory.getInstance("X.509"); +// CertificateFactory +// cert = (X509Certificate)cf.generateCertificate(is); +// return cert; } } |