diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java | 748 |
1 files changed, 104 insertions, 644 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 59482c4a8..196415ddc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -36,21 +36,22 @@ package at.gv.egovernment.moa.id.auth.data; -import iaik.x509.X509Certificate; - import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.Map; +import org.apache.commons.collections4.map.HashedMap; -import eu.stork.peps.auth.commons.IPersonalAttributeList; -import eu.stork.peps.auth.commons.STORKAuthnRequest; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * Session data to be stored between <code>AuthenticationServer</code> API calls. @@ -74,53 +75,12 @@ public class AuthenticationSession implements Serializable { private String sessionID; private Date sessionCreated = null; - - /** - * "Geschäftsbereich" the online application belongs to; maybe <code>null</code> if the - * online application is a business application - */ - private String target; - /** - * Friendly name for the target, if target is configured via MOA-ID configuration - */ - private String targetFriendlyName; - - /** - * SourceID - */ - private String sourceID; - - /** - * public online application URL requested - */ - private String oaURLRequested; - /** - * public online application URL prefix - */ - private String oaPublicURLPrefix; - /** - * URL of MOA ID authentication component - */ - private String authURL; - /** - * HTML template URL - */ - private String templateURL; - + /** * URL of the BKU */ private String bkuURL; - /** - * Indicates whether the corresponding online application is a business service or not - */ - private boolean businessService; - - /** - * Indicates whether the corresponding online application is a stork service or not - */ - private boolean storkService; // Store Mandate /** @@ -131,11 +91,6 @@ public class AuthenticationSession implements Serializable { private boolean isOW = false; /** - * STORK - */ - private String ccc; - - /** * * Mandate element */ @@ -157,12 +112,6 @@ public class AuthenticationSession implements Serializable { */ private IdentityLink identityLink; - // /** - // * timestamp logging when identity link has been received - // */ - // private Date timestampIdentityLink; - - // store Authblock /** * authentication block to be signed by the user */ @@ -175,11 +124,9 @@ public class AuthenticationSession implements Serializable { */ private String issueInstant; - // Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - // private X509Certificate signerCertificate; private byte[] signerCertificate; /** @@ -199,193 +146,18 @@ public class AuthenticationSession implements Serializable { * the AUTHBlock. */ private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH; - -// /** -// * If infobox validators are needed after signing, they can be stored in this list. -// */ -// private List infoboxValidators; - - /** - * The register and number in the register parameter in case of a business service application. - */ - private String domainIdentifier; - - /** - * This string contains all identifiers of infoboxes, the online application is configured to - * accept. The infobox identifiers are comma separated. - */ - private String pushInfobox; - - /** - * The STORK AuthRequest to be sent to the C-PEPS - */ - private STORKAuthnRequest storkAuthnRequest; - - private String storkAuthnResponse; - - // private AuthenticationData authData; - - // protocol selection - private String action; - private String modul; - + private boolean authenticated; - private boolean authenticatedUsed = false; - - private boolean ssoRequested = false; - + private String QAALevel = null; - -// private OAuth20SessionObject oAuth20SessionObject; - - // /** - // * Indicates if target from configuration is used or not - // */ - // private boolean useTargetFromConfig; - - // /** - // * Authentication data for the assertion - // */ - // private AuthenticationData assertionAuthData; - // - // /** - // * Persondata for the assertion - // */ - // private String assertionPrPerson; - // - // /** - // * Authblock for the assertion - // */ - // private String assertionAuthBlock; - // - // /** - // * Identitylink assertion for the (MOA) assertion - // */ - // private String assertionIlAssertion; - // - // /** - // * Signer certificate (base64 encoded) for the assertion - // */ - // private String assertionSignerCertificateBase64; - // - // /** - // * bussiness service for the assertion - // */ - // boolean assertionBusinessService; - // - // /** - // * timestamp logging when authentication session has been created - // */ - // private Date timestampStart; - // private CreateXMLSignatureResponse XMLCreateSignatureResponse; - + private VerifyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; - - private IPersonalAttributeList storkAttributes; - - //Temporary store SignRequest for local processing - private String signedDoc; - //Temporary store SAMLResponse for processing after user signed signedDoc locally - private String SAMLResponse; - // - private StringBuffer returnURL; - private IPersonalAttributeList authnResponseGetPersonalAttributeList; - private String authnContextClassRef; - // private String requestedProtocolURL = null; - - private String processInstanceId; - - public String getAuthnContextClassRef() { - return authnContextClassRef; - } + private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>(); - public void setAuthnContextClassRef(String authnContextClassRef) { - this.authnContextClassRef = authnContextClassRef; - } - public IPersonalAttributeList getAuthnResponseGetPersonalAttributeList() { - return authnResponseGetPersonalAttributeList; - } - - public void setAuthnResponseGetPersonalAttributeList(IPersonalAttributeList authnResponseGetPersonalAttributeList) { - this.authnResponseGetPersonalAttributeList = authnResponseGetPersonalAttributeList; - } - - public String getSAMLResponse() { - return SAMLResponse; - } - - public void setSAMLResponse(String samlResponse) { - SAMLResponse = samlResponse; - } - - public StringBuffer getReturnURL() { - return returnURL; - } - - public void setReturnURL(StringBuffer returnURL) { - this.returnURL = returnURL; - } - - public String getSignedDoc() { - return signedDoc; - } - - public void setSignedDoc(String signedDoc) { - this.signedDoc = signedDoc; - } - - public String getModul() { - return modul; - } - - public void setModul(String modul) { - this.modul = modul; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - // public AuthenticationData getAuthData() { - // return authData; - // } - // - // public void setAuthData(AuthenticationData authData) { - // this.authData = authData; - // } - - public boolean isAuthenticatedUsed() { - return authenticatedUsed; - } - - public void setAuthenticatedUsed(boolean authenticatedUsed) { - this.authenticatedUsed = authenticatedUsed; - } - - public boolean isAuthenticated() { - return authenticated; - } - - public void setAuthenticated(boolean authenticated) { - this.authenticated = authenticated; - } - - // public String getRequestedProtocolURL() { - // return requestedProtocolURL; - // } - // - // public void setRequestedProtocolURL(String requestedProtocolURL) { - // this.requestedProtocolURL = requestedProtocolURL; - // } - /** * Constructor for AuthenticationSession. * @@ -395,10 +167,17 @@ public class AuthenticationSession implements Serializable { public AuthenticationSession(String id, Date created) { sessionID = id; sessionCreated = created; - // setTimestampStart(); -// infoboxValidators = new ArrayList(); + } + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + public X509Certificate getSignerCertificate() { try { return new X509Certificate(signerCertificate); @@ -461,24 +240,6 @@ public class AuthenticationSession implements Serializable { } /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - - /** * Returns the BKU URL. * * @return String @@ -486,54 +247,7 @@ public class AuthenticationSession implements Serializable { public String getBkuURL() { return bkuURL; } - - /** - * Returns the target. - * - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Returns the sourceID. - * - * @return String - */ - public String getSourceID() { - return sourceID; - } - - /** - * Returns the target friendly name. - * - * @return String - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the oaURLRequested. - * - * @param oaURLRequested - * The oaURLRequested to set - */ - public void setOAURLRequested(String oaURLRequested) { - this.oaURLRequested = oaURLRequested; - } - - /** - * Sets the oaPublicURLPrefix - * - * @param oaPublicURLPrefix - * The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String oaPublicURLPrefix) { - this.oaPublicURLPrefix = oaPublicURLPrefix; - } - + /** * Sets the bkuURL * @@ -543,63 +257,7 @@ public class AuthenticationSession implements Serializable { public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTarget(String target) { - if (target != null && target.startsWith(TARGET_PREFIX_)) { - // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove - // prefix - this.target = target.substring(TARGET_PREFIX_.length()); - Logger.debug("Target prefix stripped off; resulting target: " + this.target); - } else { - this.target = target; - } - } - - /** - * Sets the sourceID - * - * @param sourceID - * The sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * - * @param target - * The target to set - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - /** - * Returns the authURL. - * - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * - * @param authURL - * The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - + /** * Returns the authBlock. * @@ -619,61 +277,6 @@ public class AuthenticationSession implements Serializable { this.authBlock = authBlock; } - /** - * Returns the businessService. - * - * @return <code>true</code> if the corresponding online application is a business application, - * otherwise <code>false</code> - */ - public boolean getBusinessService() { - return businessService; - } - - /** - * Sets the businessService variable. - * - * @param businessService - * the value for setting the businessService variable. - */ - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - - /** - * Returns the storkService. - * - * @return <code>true</code> if the corresponding online application is a stork application, - * otherwise <code>false</code> - */ - public boolean getStorkService() { - return storkService; - } - - /** - * Sets the storkService variable. - * - * @param storkService - * the value for setting the storkService variable. - */ - public void setStorkService(boolean storkService) { - this.storkService = storkService; - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - /** - * @param string - * the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } /** * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. @@ -761,145 +364,6 @@ public class AuthenticationSession implements Serializable { this.issueInstant = issueInstant; } -// /** -// * Returns the iterator to the stored infobox validators. -// * -// * @return Iterator -// */ -// public Iterator getInfoboxValidatorIterator() { -// if (infoboxValidators == null) return null; -// return infoboxValidators.iterator(); -// } - - // /** - // * Adds an infobox validator class to the stored infobox validators. - // * - // * @param infoboxIdentifier - // * the identifier of the infobox the validator belongs to - // * @param infoboxFriendlyName - // * the friendly name of the infobox - // * @param infoboxValidator - // * the infobox validator to add - // */ - // public Iterator addInfoboxValidator(String infoboxIdentifier, - // String infoboxFriendlyName, InfoboxValidator infoboxValidator) { - // if (infoboxValidators == null) - // infoboxValidators = new ArrayList(); - // Vector v = new Vector(3); - // v.add(infoboxIdentifier); - // v.add(infoboxFriendlyName); - // v.add(infoboxValidator); - // infoboxValidators.add(v); - // return infoboxValidators.iterator(); - // } - -// /** -// * Tests for pending input events of the infobox validators. -// * -// * @return true if a validator has a form to show -// */ -// public boolean isValidatorInputPending() { -// boolean result = false; -// Iterator iter = getInfoboxValidatorIterator(); -// if (iter != null) { -// while (!result && iter.hasNext()) { -// Vector infoboxValidatorVector = (Vector) iter.next(); -// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); -// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true; -// } -// } -// return result; -// } - - // /** - // * Returns the first pending infobox validator. - // * - // * @return the infobox validator class - // */ - // public InfoboxValidator getFirstPendingValidator() { - // Iterator iter = getInfoboxValidatorIterator(); - // if (iter != null) { - // while (iter.hasNext()) { - // Vector infoboxValidatorVector = (Vector) iter.next(); - // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - // .get(2); - // String form = infoboxvalidator.getForm(); - // if (!ParepUtils.isEmpty(form)) - // return infoboxvalidator; - // } - // } - // return null; - // } - - // /** - // * Returns the input form of the first pending infobox validator input - // * processor. - // * - // * @return the form to show - // */ - // public String getFirstValidatorInputForm() { - // Iterator iter = getInfoboxValidatorIterator(); - // if (iter != null) { - // while (iter.hasNext()) { - // Vector infoboxValidatorVector = (Vector) iter.next(); - // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - // .get(2); - // String form = infoboxvalidator.getForm(); - // if (!ParepUtils.isEmpty(form)) - // return form; - // } - // } - // return null; - // } - - /** - * Returns domain identifier (the register and number in the register parameter). - * <code>null</code> in the case of not a business service. - * - * @return the domainIdentifier - */ - public String getDomainIdentifier() { - return domainIdentifier; - } - - /** - * Sets the register and number in the register parameter if the application is a business - * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be - * stripped off. - * - * @param domainIdentifier - * the domain identifier to set - */ - public void setDomainIdentifier(String domainIdentifier) { - if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); - } else { - this.domainIdentifier = domainIdentifier; - } - } - - /** - * Gets all identifiers of infoboxes, the online application is configured to accept. The - * infobox identifiers are comma separated. - * - * @return the string containing infobox identifiers - */ - public String getPushInfobox() { - if (pushInfobox == null) return ""; - return pushInfobox; - } - - /** - * @param pushInfobox - * the infobox identifiers to set (comma separated) - */ - public void setPushInfobox(String pushInfobox) { - this.pushInfobox = pushInfobox; - } - /** * * @param useMandate @@ -954,34 +418,7 @@ public class AuthenticationSession implements Serializable { public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } - - /** - * Gets the STORK SAML AuthnRequest - * - * @return STORK SAML AuthnRequest - */ - public STORKAuthnRequest getStorkAuthnRequest() { - return storkAuthnRequest; - } - - /** - * Sets the STORK SAML AuthnRequest - * - * @param storkAuthnRequest - * STORK SAML AuthnRequest - */ - public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { - this.storkAuthnRequest = storkAuthnRequest; - } - - public String getCcc() { - return ccc; - } - - public void setCcc(String ccc) { - this.ccc = ccc; - } - + public boolean isForeigner() { return isForeigner; } @@ -1005,24 +442,7 @@ public class AuthenticationSession implements Serializable { public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } - - /** - * @return the ssoRequested - */ - - // TODO: SSO only allowed without mandates, actually!!!!!! - public boolean isSsoRequested() { - return ssoRequested && !useMandate; - } - - /** - * @param ssoRequested - * the ssoRequested to set - */ - public void setSsoRequested(boolean ssoRequested) { - this.ssoRequested = ssoRequested; - } - + /** * @return the isOW */ @@ -1054,24 +474,8 @@ public class AuthenticationSession implements Serializable { } /** - * Memorizes the stork attribute list. - * - * @param personalAttributeList the new stork attributes - */ - public void setStorkAttributes(IPersonalAttributeList personalAttributeList) { - this.storkAttributes = personalAttributeList; - } - - /** - * Recalls the stork attribute list. - * - * @return the stork attributes - */ - public IPersonalAttributeList getStorkAttributes() { - return this.storkAttributes; - } - - /** + * eIDAS QAA level + * * @return the qAALevel */ public String getQAALevel() { @@ -1079,6 +483,8 @@ public class AuthenticationSession implements Serializable { } /** + * set QAA level in eIDAS form + * * @param qAALevel the qAALevel to set */ public void setQAALevel(String qAALevel) { @@ -1086,40 +492,94 @@ public class AuthenticationSession implements Serializable { } /** - * @return the storkAuthnResponse - */ - public String getStorkAuthnResponse() { - return storkAuthnResponse; - } - - /** - * @param storkAuthnResponse the storkAuthnResponse to set - */ - public void setStorkAuthnResponse(String storkAuthnResponse) { - this.storkAuthnResponse = storkAuthnResponse; - } - - /** * @return the sessionCreated */ public Date getSessionCreated() { return sessionCreated; } + public Map<String, Object> getGenericSessionDataStorage() { + return genericSessionDataStorate; + } + /** - * Returns the identifier of the process instance associated with this moaid session. - * @return The process instance id (may be {@code null} if no process has been created yet). + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key */ - public String getProcessInstanceId() { - return processInstanceId; + public Object getGenericDataFromSession(String key) { + if (MiscUtil.isNotEmpty(key)) { + return genericSessionDataStorate.get(key); + + } + + Logger.warn("Can not load generic session-data with key='null'"); + return null; + + } + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + public <T> T getGenericDataFromSession(String key, final Class<T> clazz) { + if (MiscUtil.isNotEmpty(key)) { + Object data = genericSessionDataStorate.get(key); + + if (data == null) + return null; + + try { + @SuppressWarnings("unchecked") + T test = (T) data; + return test; + + } catch (Exception e) { + Logger.warn("Generic authentication-data object can not be casted to requsted type", e); + return null; + + } + + } + + Logger.warn("Can not load generic session-data with key='null'"); + return null; + } - + /** - * Sets the process instance identifier in order to associate a certain process instance with this moaid session. - * @param processInstanceId The process instance id. + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage */ - public void setProcessInstanceId(String processInstanceId) { - this.processInstanceId = processInstanceId; + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + if (MiscUtil.isEmpty(key)) { + Logger.warn("Generic session-data can not be stored with a 'null' key"); + throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null); + + } + + if (object != null) { + if (!Serializable.class.isInstance(object)) { + Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface"); + throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null); + + } + } + + if (genericSessionDataStorate.containsKey(key)) + Logger.debug("Overwrite generic session-data with key:" + key); + else + Logger.trace("Add generic session-data with key:" + key + " to session."); + + genericSessionDataStorate.put(key, object); } + } |