diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
13 files changed, 441 insertions, 330 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index bbb322a4f..34d0d4be1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -74,20 +74,26 @@ public class AuthenticationSessionCleaner implements Runnable { ExceptionContainer exContainer = (ExceptionContainer) entry; if (exContainer.getExceptionThrown() != null) { - //add session and transaction ID to log if exists + //add session, transaction, and service-provider IDs into logging context if exists if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID())) TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID()); if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID())) TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID()); + if (MiscUtil.isNotEmpty(exContainer.getUniqueServiceProviderId())) + TransactionIDUtils.setServiceProviderId(exContainer.getUniqueServiceProviderId()); + //log exception to technical log logExceptionToTechnicalLog(exContainer.getExceptionThrown()); //remove session and transaction ID from thread - TransactionIDUtils.removeSessionId(); - TransactionIDUtils.removeTransactionId(); - } + TransactionIDUtils.removeAllLoggingVariables(); + + } else { + Logger.warn("Receive an ExceptionContainer that includes no 'Exception' object. Somethinge is suspect!!!!!"); + + } } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index cad3354f5..5a5d0bcf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -267,9 +267,9 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //#################################################### //set general authData info's authData.setIssuer(protocolRequest.getAuthURL()); - authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); - authData.setIsBusinessService(oaParam.getBusinessService()); - + authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality()); + authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction()); + //#################################################### //parse user info's from identityLink @@ -816,21 +816,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param oaParam Service-Provider configuration, never null * @param bPKType bPK-Type to check * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false + * @throws ConfigurationException */ - private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) { - String oaTarget = null; - if (oaParam.getBusinessService()) { - oaTarget = oaParam.getIdentityLinkDomainIdentifier(); - - } else { - oaTarget = Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget(); - - } - - if (oaTarget.equals(bPKType)) - return true; - else - return false; + private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException { + return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + } private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) { @@ -918,9 +908,10 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * * @return Pair<bPK, bPKType> which was received by PVP-Attribute and could be decrypted for this Service Provider, * or <code>null</code> if no attribute exists or can not decrypted + * @throws ConfigurationException */ private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, - AuthenticationData authData, IOAAuthParameters spConfig) { + AuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException { //set List of encrypted bPKs to authData DAO String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) { @@ -935,35 +926,44 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { String second = fullEncbPK.substring(0, index); int secIndex = second.indexOf("+"); if (secIndex >= 0) { - if (spConfig.getTarget().equals(second.substring(secIndex+1))) { - Logger.debug("Found encrypted bPK for online-application " - + spConfig.getPublicURLPrefix() - + " Start decryption process ..."); - PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey(); - if (privKey != null) { - try { - String bPK = BPKBuilder.decryptBPK(encbPK, spConfig.getTarget(), privKey); - if (MiscUtil.isNotEmpty(bPK)) { - Logger.info("bPK decryption process finished successfully."); - return Pair.newInstance(bPK, Constants.URN_PREFIX_CDID + "+" + spConfig.getTarget()); - - } else { - Logger.error("bPK decryption FAILED."); - + String oaTargetId = spConfig.getAreaSpecificTargetIdentifier(); + if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) { + String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length()); + if (publicServiceShortTarget.equals(second.substring(secIndex+1))) { + Logger.debug("Found encrypted bPK for online-application " + + spConfig.getPublicURLPrefix() + + " Start decryption process ..."); + PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey(); + if (privKey != null) { + try { + String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey); + if (MiscUtil.isNotEmpty(bPK)) { + Logger.info("bPK decryption process finished successfully."); + return Pair.newInstance(bPK, oaTargetId); + + } else { + Logger.error("bPK decryption FAILED."); + + } + } catch (BuildException e) { + Logger.error("bPK decryption FAILED.", e); + } - } catch (BuildException e) { - Logger.error("bPK decryption FAILED.", e); - } + } else { + Logger.info("bPK decryption FAILED, because no valid decryption key is found."); + + } } else { - Logger.info("bPK decryption FAILED, because no valid decryption key is found."); + Logger.info("Found encrypted bPK but " + + "encrypted bPK target does not match to online-application target"); - } + } } else { - Logger.info("Found encrypted bPK but " + - "encrypted bPK target does not match to online-application target"); + Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID + + " BUT oaTarget is " + oaTargetId); } } @@ -1066,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException { - if (oaParam.getBusinessService()) { + if (oaParam.hasBaseIdTransferRestriction()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); @@ -1097,69 +1097,45 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException { + private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException { - String bPK; - String bPKType; - String baseID = authData.getIdentificationValue(); - String baseIDType = authData.getIdentificationType(); - - if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) { - //Calculate eIDAS identifier - if (oaParam.getBusinessService() && - oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_EIDAS)) { - String[] splittedTarget = oaParam.getIdentityLinkDomainIdentifier().split("\\+"); - String cititzenCountryCode = splittedTarget[1]; - String eIDASOutboundCountry = splittedTarget[2]; - - if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { - Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); - - } - - Pair<String, String> eIDASID = new BPKBuilder().buildeIDASIdentifer(baseIDType, baseID, - cititzenCountryCode, eIDASOutboundCountry); - Logger.debug("Authenticate user with bPK:" + eIDASID.getFirst() + " Type:" + eIDASID.getSecond()); - return eIDASID; - - } else if (oaParam.getBusinessService()) { - //is Austrian private-service application - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - bPK = new BPKBuilder().buildbPKorwbPK(baseID, registerAndOrdNr); - bPKType = registerAndOrdNr; - - } else { - // only compute bPK if online application is a public service and we have the Stammzahl - String target = null; - Class<?> saml1RequstTemplate = null; - try { - saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); - if (saml1RequstTemplate != null && - saml1RequstTemplate.isInstance(pendingReq)) { - target = (String) pendingReq.getClass().getMethod("getTarget").invoke(pendingReq); + String baseIDType = authData.getIdentificationType(); + Pair<String, String> sectorSpecId = null; + + if (Constants.URN_PREFIX_BASEID.equals(baseIDType)) { + //SAML1 legacy target parameter work-around + String oaTargetId = null; + Class<?> saml1RequstTemplate = null; + try { + saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl"); + if (saml1RequstTemplate != null && + saml1RequstTemplate.isInstance(pendingReq)) { + oaTargetId = (String) pendingReq.getClass().getMethod("getTarget").invoke(pendingReq); - } + } - } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | java.lang.SecurityException | InvocationTargetException | NoSuchMethodException ex) { } + } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | java.lang.SecurityException | InvocationTargetException | NoSuchMethodException ex) { } + + if (MiscUtil.isEmpty(oaTargetId)) { + oaTargetId = oaParam.getAreaSpecificTargetIdentifier(); + Logger.debug("Use OA target identifier '" + oaTargetId + "' from configuration"); - if (MiscUtil.isEmpty(target)) - target = oaParam.getTarget(); - - bPK = new BPKBuilder().buildBPK(baseID, target); - bPKType = Constants.URN_PREFIX_CDID + "+" + target; - - } - + } else + Logger.info("Use OA target identifier '" + oaTargetId + "' from SAML1 request for bPK calculation"); + + //calculate sector specific unique identifier + sectorSpecId = new BPKBuilder().generateAreaSpecificPersonIdentifier(baseID, oaTargetId); + + } else { - Logger.warn("!!!baseID-element does not include a baseID. This should not be happen any more!!!"); - bPK = baseID; - bPKType = baseIDType; - + Logger.fatal("!!!baseID-element does not include a baseID. This should not be happen any more!!!"); + sectorSpecId = Pair.newInstance(baseID, baseIDType); + } - Logger.trace("Authenticate user with bPK:" + bPK + " Type:" + bPKType); - return Pair.newInstance(bPK, bPKType); + Logger.trace("Authenticate user with bPK:" + sectorSpecId.getFirst() + " Type:" + sectorSpecId.getSecond()); + return sectorSpecId; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 32ac8ad68..a7f6e873f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -60,6 +60,7 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -76,77 +77,192 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BPKBuilder { - /** - * Builds the bPK from the given parameters. - * - * @param identificationValue Base64 encoded "Stammzahl" - * @param target "Bereich lt. Verordnung des BKA" - * @return bPK in a BASE64 encoding - * @throws BuildException if an error occurs on building the bPK - */ - public String buildBPK(String identificationValue, String target) - throws BuildException { - - if ((identificationValue == null || - identificationValue.length() == 0 || - target == null || - target.length() == 0)) { - throw new BuildException("builder.00", - new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",target=" + target}); - } - String basisbegriff; - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - basisbegriff = identificationValue + "+" + target; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + /** + * Calculates an area specific unique person-identifier from a baseID + * + * @param baseID baseId from user but never null + * @param targetIdentifier target identifier for area specific identifier calculation but never null + * @return Pair<unique person identifier for this target, targetArea> but never null + * @throws BuildException if some input data are not valid + */ + public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{ + return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier); + + } + + /** + * Calculates an area specific unique person-identifier from an unique identifier with a specific type + * + * @param baseID baseId from user but never null + * @param baseIdType Type of the baseID but never null + * @param targetIdentifier target identifier for area specific identifier calculation but never null + * @return Pair<unique person identifier for this target, targetArea> but never null + * @throws BuildException if some input data are not valid + */ + public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{ + if (MiscUtil.isEmpty(baseID)) + throw new BuildException("builder.00", new Object[]{"baseID is empty or null"}); - return calculatebPKwbPK(basisbegriff); - } + if (MiscUtil.isEmpty(baseIdType)) + throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"}); + + if (MiscUtil.isEmpty(targetIdentifier)) + throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"}); + if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) { + Logger.trace("Find baseID. Starting unique identifier caluclation for this target"); + + if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) || + targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) || + targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) { + Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier); + return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier); + + } else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) { + Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier); + String[] splittedTarget = targetIdentifier.split("\\+"); + String cititzenCountryCode = splittedTarget[1]; + String eIDASOutboundCountry = splittedTarget[2]; + + if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) { + Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry"); + + } + return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry); + + + } else + throw new BuildException("builder.00", + new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"}); + + } else { + Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ..."); + if (baseIdType.equals(targetIdentifier)) { + Logger.debug("Unique identifier is already area specific. Is nothing todo"); + return Pair.newInstance(baseID, targetIdentifier); + + } else { + Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); + throw new BuildException("builder.00", + new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"}); + + } + } + } + + /** - * Builds the wbPK from the given parameters. + * Builds the storkeid from the given parameters. * - * @param identificationValue Base64 encoded "Stammzahl" - * @param registerAndOrdNr type of register + "+" + number in register. - * @return wbPK in a BASE64 encoding + * @param baseID baseID of the citizen + * @param baseIDType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs ID + * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * + * @return Pair<eIDAs, bPKType> in a BASE64 encoding * @throws BuildException if an error occurs on building the wbPK */ - public String buildWBPK(String identificationValue, String registerAndOrdNr) - throws BuildException { + private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) + throws BuildException { + String bPK = null; + String bPKType = null; + + // check if we have been called by public sector application + if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { + bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; + Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); + bPK = calculatebPKwbPK(baseID + "+" + bPKType); + + } else { // if not, sector identification value is already calculated by BKU + Logger.debug("eIDAS eIdentifier already provided by BKU"); + bPK = baseID; + } - if ((identificationValue == null || - identificationValue.length() == 0 || - registerAndOrdNr == null || - registerAndOrdNr.length() == 0)) { + if ((MiscUtil.isEmpty(bPK) || + MiscUtil.isEmpty(sourceCountry) || + MiscUtil.isEmpty(destinationCountry))) { throw new BuildException("builder.00", - new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + - identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + + bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); } - - String basisbegriff; - if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) - basisbegriff = identificationValue + "+" + registerAndOrdNr; - else - basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; - - return calculatebPKwbPK(basisbegriff); - } - - public String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { - if (MiscUtil.isEmpty(baseID) || - !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || - bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || - bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { - throw new BuildException("builder.00", - new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget - + " has an unkown prefix."}); - - } - - return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); - + + Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; + + return Pair.newInstance(eIdentifier, bPKType); } + +// /** +// * Builds the bPK from the given parameters. +// * +// * @param identificationValue Base64 encoded "Stammzahl" +// * @param target "Bereich lt. Verordnung des BKA" +// * @return bPK in a BASE64 encoding +// * @throws BuildException if an error occurs on building the bPK +// */ +// private String buildBPK(String identificationValue, String target) +// throws BuildException { +// +// if ((identificationValue == null || +// identificationValue.length() == 0 || +// target == null || +// target.length() == 0)) { +// throw new BuildException("builder.00", +// new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + +// identificationValue + ",target=" + target}); +// } +// String basisbegriff; +// if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) +// basisbegriff = identificationValue + "+" + target; +// else +// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; +// +// return calculatebPKwbPK(basisbegriff); +// } +// +// /** +// * Builds the wbPK from the given parameters. +// * +// * @param identificationValue Base64 encoded "Stammzahl" +// * @param registerAndOrdNr type of register + "+" + number in register. +// * @return wbPK in a BASE64 encoding +// * @throws BuildException if an error occurs on building the wbPK +// */ +// private String buildWBPK(String identificationValue, String registerAndOrdNr) +// throws BuildException { +// +// if ((identificationValue == null || +// identificationValue.length() == 0 || +// registerAndOrdNr == null || +// registerAndOrdNr.length() == 0)) { +// throw new BuildException("builder.00", +// new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + +// identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); +// } +// +// String basisbegriff; +// if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) +// basisbegriff = identificationValue + "+" + registerAndOrdNr; +// else +// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; +// +// return calculatebPKwbPK(basisbegriff); +// } +// +// private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { +// if (MiscUtil.isEmpty(baseID) || +// !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || +// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || +// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { +// throw new BuildException("builder.00", +// new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget +// + " has an unkown prefix."}); +// +// } +// +// return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); +// +// } public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { MiscUtil.assertNotNull(bpk, "BPK"); @@ -199,48 +315,7 @@ public class BPKBuilder { return null; } } - - /** - * Builds the storkeid from the given parameters. - * - * @param baseID baseID of the citizen - * @param baseIDType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs ID - * @param destinationCountry CountryCode of that country, which receives the eIDAs ID - * - * @return Pair<eIDAs, bPKType> in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - public Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) - throws BuildException { - String bPK = null; - String bPKType = null; - - // check if we have been called by public sector application - if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { - bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; - Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); - bPK = calculatebPKwbPK(baseID + "+" + bPKType); - - } else { // if not, sector identification value is already calculated by BKU - Logger.debug("eIDAS eIdentifier already provided by BKU"); - bPK = baseID; - } - - if ((MiscUtil.isEmpty(bPK) || - MiscUtil.isEmpty(sourceCountry) || - MiscUtil.isEmpty(destinationCountry))) { - throw new BuildException("builder.00", - new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + - bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); - } - - Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); - String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; - return Pair.newInstance(eIdentifier, bPKType); - } - private String calculatebPKwbPK(String basisbegriff) throws BuildException { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -281,6 +356,4 @@ public class BPKBuilder { result = cipher.doFinal(encryptedBytes); return result; } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 73fe961eb..4c4af4239 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -53,9 +53,11 @@ import java.util.List; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; /** @@ -156,8 +158,9 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param oaParam parameter for the OA * @param session current session * @return String representation of <code><CreateXMLSignatureRequest></code> + * @throws ConfigurationException */ - public String buildForeignID(String subject, IRequest pendingReq) { + public String buildForeignID(String subject, IRequest pendingReq) throws ConfigurationException { String request = ""; request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; @@ -181,11 +184,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { return request; } - public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) { + public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) throws ConfigurationException { IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - String target = pendingReq.getGenericData( - MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + String target = null; + String sectorName = null; + + + String saml1Target = pendingReq.getGenericData( + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); + if (MiscUtil.isNotEmpty(saml1Target)) { + target = saml1Target; + sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(saml1Target); + + } else { + target = oaParam.getAreaSpecificTargetIdentifier(); + sectorName = oaParam.getAreaSpecificTargetIdentifierFriendlyName(); + } Calendar cal = Calendar.getInstance(); String date = DateTimeUtils.buildDate(cal); @@ -243,11 +257,11 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += oaParam.getPublicURLPrefix(); request += "</td>"; request += "</tr>"; - boolean business = oaParam.getBusinessService(); - if (business) { + + if (!target.startsWith(MOAIDAuthConstants.PREFIX_CDID)) { // OA is businessservice - String identifierType = oaParam.getIdentityLinkDomainIdentifierType(); - String identifier = oaParam.getIdentityLinkDomainIdentifier(); + String identifierType = oaParam.getAreaSpecificTargetIdentifierFriendlyName(); + String identifier = oaParam.getAreaSpecificTargetIdentifier(); request += "<tr>"; request += "<td class=\"italicstyle\">"; request += identifierType + ":"; @@ -263,7 +277,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "<td class=\"italicstyle\">"; request += "Sektor (Sector):</td>"; request += "<td class=\"normalstyle\">"; - request += target + " (" + sectorName + ")"; + request += target.substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; request += "</td>"; request += "</tr>"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java index f4f6e82ba..fc5489673 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -31,14 +31,10 @@ import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -57,13 +53,14 @@ public class DynamicOAAuthParameterBuilder { if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent(); if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) { - dynamicOA.setBusinessService(false); - dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length())); + //dynamicOA.setBusinessService(false); + dynamicOA.setAreaSpecificTargetIdentifier(attrValue); } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) || - attrValue.startsWith(Constants.URN_PREFIX_STORK) ) { - dynamicOA.setBusinessService(true); - dynamicOA.setTarget(attrValue); + attrValue.startsWith(Constants.URN_PREFIX_STORK) || + attrValue.startsWith(Constants.URN_PREFIX_EIDAS)) { + //dynamicOA.setBusinessService(true); + dynamicOA.setAreaSpecificTargetIdentifier(attrValue); } else { Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea"); @@ -84,13 +81,16 @@ public class DynamicOAAuthParameterBuilder { * @param oaParam * @param protocolRequest * @return + * @throws ConfigurationException */ public static IOAAuthParameters buildFromAuthnRequest( - IOAAuthParameters oaParam, IRequest protocolRequest) { + IOAAuthParameters oaParam, IRequest protocolRequest) throws ConfigurationException { DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters(); dynOAParams.setApplicationID(oaParam.getPublicURLPrefix()); - dynOAParams.setBusinessService(oaParam.getBusinessService()); + + dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction()); + dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction()); Object storkRequst = null; try { @@ -98,9 +98,9 @@ public class DynamicOAAuthParameterBuilder { if (storkRequst != null && protocolRequest.getClass().isInstance(storkRequst)) { - dynOAParams.setBusinessTarget(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + dynOAParams.setAreaSpecificTargetIdentifier(Constants.URN_PREFIX_STORK + "+" + "AT" + "+" + protocolRequest.getClass().getMethod("getSpCountry", null).invoke(protocolRequest, null)); - dynOAParams.setBusinessService(true); + //dynOAParams.setBusinessService(true); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index a82ba501c..d5ca89656 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -56,12 +56,16 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; /** * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br> @@ -108,6 +112,18 @@ public class SignatureVerificationInvoker { } + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest cmsSigVerifyReq) throws ServiceException { + try { + return svs.verifyCMSSignature(cmsSigVerifyReq); + + } catch (MOAException e) { + Logger.warn("CMS signature verification has an error.", e); + throw new ServiceException("service.03", new Object[] { e.toString()}, e); + + } + + } + /** * Method verifyXMLSignature. * @param request to be sent diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index c582050ad..710008714 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); } - - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); guiBuilder.build(response, config, "BKU-Selection form"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index ca99e9ba3..475009cf2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas //store pending request requestStoreage.storePendingRequest(pendingReq); - //build consents evaluator form - IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + //build consents evaluator form + IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); guiBuilder.build(response, config, "SendAssertion-Evaluation"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 92d76751f..b2db8d5a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -52,7 +52,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ @Autowired AuthConfiguration authConfig; public void parse(IAuthenticationSession moasession, - String target, + String reqTarget, String oaURL, String bkuURL, String templateURL, @@ -61,10 +61,11 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ HttpServletRequest req, IRequest protocolReq) throws WrongParametersException, MOAIDException { - String targetFriendlyName = null; - + String resultTargetFriendlyName = null; + String resultTarget = null; + // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); + reqTarget = StringEscapeUtils.escapeHtml(reqTarget); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); @@ -102,66 +103,70 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + String targetConfig = oaParam.getAreaSpecificTargetIdentifier(); + String targetFriendlyNameConfig = oaParam.getAreaSpecificTargetIdentifierFriendlyName(); + + //SAML1 legacy work-around for public area targets in request + if (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && + !StringUtils.isEmpty(reqTarget)) { + //INFO: ONLY SAML1 legacy mode + // if SAML1 is used and target attribute is given in request + // use requested target + // check target parameter + if (!ParamValidatorUtils.isValidTarget(reqTarget)) { + Logger.error("Selected target is invalid. Used target: " + reqTarget); + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + } + resultTarget = MOAIDAuthConstants.PREFIX_CDID + reqTarget; - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(targetConfig) - || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") && - !StringUtils.isEmpty(target)) - ) { - //INFO: ONLY SAML1 legacy mode - // if SAML1 is used and target attribute is given in request - // use requested target - // check target parameter - if (!ParamValidatorUtils.isValidTarget(target)) { - Logger.error("Selected target is invalid. Using target: " + target); - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } - if (MiscUtil.isNotEmpty(targetConfig)) - targetFriendlyName = targetFriendlyNameConfig; + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(reqTarget); + if (MiscUtil.isNotEmpty(sectorName)) + resultTargetFriendlyName = sectorName; + + else { + //check target contains subSector + int delimiter = reqTarget.indexOf("-"); + if (delimiter > 0) { + resultTargetFriendlyName = + TargetToSectorNameMapper.getSectorNameViaTarget(reqTarget.substring(0, delimiter)); - else { - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); - if (MiscUtil.isNotEmpty(sectorName)) - targetFriendlyName = sectorName; - - else { - //check target contains subSector - int delimiter = target.indexOf("-"); - if (delimiter > 0) { - targetFriendlyName = - TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter)); - - } - } - } - - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; + } } - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - - protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, target); + if (MiscUtil.isNotEmpty(targetConfig) && MiscUtil.isEmpty(resultTargetFriendlyName)) + resultTargetFriendlyName = targetFriendlyNameConfig; + + //set info's into request-context. (It's required to support SAML1 requested target parameters) + protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); protocolReq.setGenericDataToSession( - MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, targetFriendlyName); - Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + target); - - } else { - Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier()); + MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName); - if (useMandateBoolean) { - Logger.error("Online-Mandate Mode for business application not supported."); - throw new AuthenticationException("auth.17", null); - } + } else { + Logger.trace("Use oa sector-identifier from configuration"); + resultTarget = targetConfig; + resultTargetFriendlyName = targetFriendlyNameConfig; } - + + //check if target is found + if (MiscUtil.isEmpty(resultTarget)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + //check if mandates are allowed + if (useMandateBoolean && oaParam.hasBaseIdInternalProcessingRestriction()) { + Logger.error("Online-Mandate Mode for business application not supported."); + throw new AuthenticationException("auth.17", null); + + } + + if (resultTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID)) + Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + resultTarget); + else + Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + resultTarget); + + + //Validate BKU URI List<String> allowedbkus = oaParam.getBKUURL(); allowedbkus.addAll(authConfig.getDefaultBKUURLs()); @@ -247,16 +252,4 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); } - - /** - * Checks a parameter. - * - * @param param - * parameter - * @return true if the parameter is null or empty - */ - private boolean isEmpty(String param) { - return param == null || param.length() == 0; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 1431911a3..353261085 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -33,6 +33,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; import com.google.common.net.MediaType; + import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; @@ -139,13 +140,11 @@ public abstract class AbstractController extends MOAIDAuthConstants { if (pendingReq != null) { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); transactionStorage.put(key, - new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), - pendingReq.getUniqueTransactionIdentifier(), loggedException),-1); + new ExceptionContainer(pendingReq, loggedException),-1); } else { transactionStorage.put(key, - new ExceptionContainer(null, - null, loggedException),-1); + new ExceptionContainer(null, loggedException),-1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 0ce7b0050..32f103ca7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -45,11 +45,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont //change pending-request ID
requestStorage.changePendingRequestID(pendingReq);
pendingRequestID = pendingReq.getRequestID();
-
- //add transactionID and unique sessionID to Logger
- TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
- TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
-
+
// process instance is mandatory
if (pendingReq.getProcessInstanceId() == null) {
throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
@@ -64,8 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont } finally {
//MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
+ TransactionIDUtils.removeAllLoggingVariables();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 9b658d81b..49145a850 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -33,9 +33,11 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.moduls.IRequestStorage; @@ -52,6 +54,7 @@ public class GUILayoutBuilderServlet extends AbstractController { public static final String ENDPOINT_CSS = "/css/buildCSS"; public static final String ENDPOINT_JS = "/js/buildJS"; + public static final String ENDPOINT_BKUDETECTION = "/feature/bkuDetection"; @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; @@ -65,30 +68,65 @@ public class GUILayoutBuilderServlet extends AbstractController { } + @RequestMapping(value = ENDPOINT_BKUDETECTION, method = {RequestMethod.GET}) + public void buildBkuDetectionFrame(HttpServletRequest req, HttpServletResponse resp) throws IOException { + try { + IRequest pendingReq = extractPendingRequest(req); + + //initialize GUI builder configuration + AbstractServiceProviderSpecificGUIFormBuilderConfiguration config = null; + if (pendingReq != null) + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( + pendingReq, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_BKUDETECTION_SP_SPECIFIC, + null); + + else { + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( + HTTPUtils.extractAuthURLFromRequest(req), + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_BKUDETECTION_GENERIC, + null); + config.setTemplateClasspahtDir( + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_MAINGUI_DIRECTORY); + + } + + //build GUI component + formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); + + + } catch (Exception e) { + Logger.warn("GUI ressource:'BKUDetection' generation FAILED.", e); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); + + } + + } + @RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET}) public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS, null); //build GUI component formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { - Logger.warn("GUI ressource:'CSS' generation FAILED."); + Logger.warn("GUI ressource:'CSS' generation FAILED.", e); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); } @@ -100,24 +138,24 @@ public class GUILayoutBuilderServlet extends AbstractController { IRequest pendingReq = extractPendingRequest(req); //initialize GUI builder configuration - ServiceProviderSpecificGUIFormBuilderConfiguration config = null; + SPSpecificGUIBuilderConfigurationWithDBLoad config = null; if (pendingReq != null) - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( pendingReq, - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); else - config = new ServiceProviderSpecificGUIFormBuilderConfiguration( + config = new SPSpecificGUIBuilderConfigurationWithDBLoad( HTTPUtils.extractAuthURLFromRequest(req), - ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, + SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { - Logger.warn("GUI ressource:'JavaScript' generation FAILED."); + Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed"); } @@ -142,6 +180,7 @@ public class GUILayoutBuilderServlet extends AbstractController { } catch (Exception e) { Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e); + } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java index bedc67513..466364adb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java @@ -57,8 +57,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); if (MiscUtil.isEmpty(uniqueSessionIdentifier)) uniqueSessionIdentifier = Random.nextRandom(); - TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; @@ -79,8 +79,8 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { - // TODO Auto-generated method stub - + TransactionIDUtils.removeAllLoggingVariables(); + } } |