diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java')
42 files changed, 2688 insertions, 1591 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 45f269f0a..41b383f01 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -33,16 +32,12 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -73,7 +68,6 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -88,7 +82,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; @@ -104,6 +97,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -114,7 +108,8 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -122,7 +117,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -138,6 +132,7 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; +//import java.security.cert.CertificateFactory; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -152,9 +147,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); + //private static Map sessionStore = new HashMap(); + /** * time out in milliseconds used by {@link cleanup} for session store */ @@ -270,6 +264,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthURL(authURL); session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance() @@ -380,96 +382,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID, String modul, String action) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; - } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; - } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - session.setModul(modul); - session.setForeignMode(false); - session.setAction(action); - if (sourceID != null) - session.setSourceID(sourceID); - } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); + + //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); @@ -477,22 +414,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam .getVerifyInfoboxParameters(); @@ -500,14 +422,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { pushInfobox = verifyInfoboxParameters.getPushInfobox(); session.setPushInfobox(pushInfobox); } + + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -536,12 +462,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyIdentityLink(String sessionID, + public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); @@ -554,10 +480,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); +// AuthenticationSession session = getSession(sessionID); +// if (session.getTimestampIdentityLink() != null) +// throw new AuthenticationException("auth.01", +// new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -643,8 +570,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam .getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + + //TODO: make it better!! + return "found!"; } /** @@ -672,12 +600,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyCertificate(String sessionID, + public String verifyCertificate(AuthenticationSession session, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); @@ -688,15 +616,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { // if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) // isOW = true; // - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, authConf, oaParam, isOW); + + return returnvalue; } /** @@ -718,11 +649,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); @@ -733,7 +664,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -760,6 +691,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // set extended SAML attributes if provideMandatorData is true setExtendedSAMLAttributeForMandates(session, mandate, oaParam .getBusinessService(), oaParam.getProvideStammzahl()); + + //AuthenticationSessionStoreage.storeSession(session); + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -803,17 +737,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); + //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink // if (!fromMandate) { // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +// .getIdentificationValue(), session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +// } // ..BZ // } @@ -874,6 +810,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identityLink.setIdentificationValue(bpkBase64); + + //TODO: insert correct Type!!!! + identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); } } // ..BZ @@ -987,7 +926,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1078,12 +1017,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); + String identificationValue = null; + String identificationType = null; + + if (identityLink.getIdentificationType().equals( + Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we + // have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + } + String issueInstant = DateTimeUtils.buildDateTime(Calendar .getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); @@ -1101,6 +1060,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session); + + return authBlock; } @@ -1808,18 +1769,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1921,35 +1884,41 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, false); + + //TL: moved to Authentification Data generation +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, false); +// +// //set Authblock +// session.setAuthData(authData); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + if (session.getUseMandate()) { // mandate mode - // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; + } else { - - session.setAuthData(authData); + session.setAuthenticatedUsed(false); session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); - session.setXMLVerifySignatureResponse(vsresp); + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2017,15 +1986,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, + public String verifyAuthenticationBlockMandate(AuthenticationSession session, Element mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2092,7 +2062,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, + + // TODO: Check, if this element is in use!!!! + //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, // vsresp, // replacementIdentityLink); @@ -2116,25 +2088,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { useCondition = oaParam.getUseCondition(); conditionLength = oaParam.getConditionLength(); - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); + String oatargetType; + + if(session.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, session.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); } + mandateData = DOMUtils.serializeNode(mandatePerson); @@ -2146,13 +2150,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - session.setAuthData(authData); + //TODO: Check, if this element is in use!!! + //session.setAuthData(authData); + session.setMandateData(mandateData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2254,6 +2264,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { + //TODO: CHECK if STORK parts works correct!!!! + if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); @@ -2305,23 +2317,35 @@ public class AuthenticationServer implements MOAIDAuthConstants { X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, true); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + + //TL: moved to Assertion generation. +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, true); +// +// session.setAuthData(authData); - session.setAuthData(authData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; + //TODO: regenerate MOASession ID! /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( @@ -2375,16 +2399,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + boolean useUTC = oaParam.getUseUTC(); + boolean isForeigner = session.isForeigner(); boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); @@ -2402,52 +2431,55 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink .getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); + +// String prPerson = new PersonDataBuilder().build(identityLink, +// provideStammzahl); try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); +// String signerCertificateBase64 = ""; +// if (oaParam.getProvideCertifcate()) { +// X509Certificate signerCertificate = verifyXMLSigResp +// .getX509certificate(); +// if (signerCertificate != null) { +// signerCertificateBase64 = Base64Utils +// .encode(signerCertificate.getEncoded()); +// } else { +// Logger +// .info("\"provideCertificate\" is \"true\", but no signer certificate available"); +// } +// } +// authData.setSignerCertificate(signerCertificateBase64); + if(!isForeigner) { //we have Austrian citizen if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); + } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - + + // OLD! BZ.., calculation of bPK already before sending AUTHBlock + //TL: identitylLink holds the BASEID, bPK is only calculated for AUTHBlock + //authData.setBPK(identityLink.getIdentificationValue()); + + // only compute bPK if online application is a public service and we have the Stammzahl + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + } } } else { //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW if (businessService) { //since we have foreigner, wbPK is not calculated in BKU if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); authData.setWBPK(wbpkBase64); } @@ -2455,7 +2487,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); } @@ -2463,22 +2495,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; +// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink +// .getSerializedSamlAssertion() +// : ""; +// if (!oaParam.getProvideStammzahl()) { +// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink +// .getIdentificationValue(), ""); +// } +// String authBlock = oaParam.getProvideAuthBlock() ? session +// .getAuthBlock() : ""; - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); + + //TODO: check, if this elements are in use!!!! +// session.setAssertionAuthBlock(authBlock); +// session.setAssertionAuthData(authData); +// session.setAssertionBusinessService(businessService); +// session.setAssertionIlAssertion(ilAssertion); +// session.setAssertionPrPerson(prPerson); +// session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2489,92 +2523,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of - * this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - - /** - * Stores authentication data indexed by the assertion handle contained in - * the given saml artifact. - * - * @param samlArtifact - * SAML artifact - * @param authData - * authentication data - * @throws AuthenticationException - * when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " - + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - } - } - - /** * Creates a new session and puts it into the session store. * * @param id @@ -2587,20 +2535,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { private static AuthenticationSession newSession() throws AuthenticationException { - return AuthenticationSessionStore.createSession(); - - /* - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + try { + return AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); } - return newSession;*/ } /** @@ -2614,12 +2554,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = AuthenticationSessionStore.getSession(id); + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + /*(AuthenticationSession) sessionStore .get(id);*/ - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2627,33 +2574,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlAssertionHandle = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore - .get(samlAssertionHandle); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { authData.getAssertionID() })); - authenticationDataStore.remove(samlAssertionHandle); - } - } - } + + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOut); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); } /** @@ -2818,47 +2747,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID, - String modul, - String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - moaSession.setAction(action); - moaSession.setModul(modul); - moaSession.setForeignMode(true); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2874,7 +2778,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); Logger.debug("QAALevel: " + qaaLevel.getValue()); - + RequestedAttributes requestedAttributes = null; requestedAttributes = oaParam.getRequestedAttributes(); @@ -2885,7 +2789,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2923,13 +2827,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2979,9 +2883,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); @@ -3020,13 +2924,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509", IAIK.getInstance()); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 01c875533..47bf61db4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -118,5 +121,12 @@ public interface MOAIDAuthConstants { public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; /** the number of the certifcate extension for party organ representatives */ public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..fb45e517d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + "{7}" + + "{8}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " </saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 0742261a7..7137ce414 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes, boolean useCondition, int conditionLength) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fa9789530..de86a4f05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -89,6 +91,16 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; try { MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5191a2f81..83b7ae592 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { + private static String SERVLET = "GenerateIframeTemplate"; + private static String AUTH_URL = "#AUTH_URL#"; - private static String OA_URL = "#OA_URL#"; - private static String RED_URL = "#RED_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; private static String template; @@ -29,7 +30,7 @@ public class LoginFormBuilder { StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); template = writer.toString(); - template = template.replace(AUTH_URL, "StartBKUAuthentication"); + template = template.replace(AUTH_URL, SERVLET); } catch (Exception e) { Logger.error("Failed to read template", e); } @@ -38,11 +39,10 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String oaURL, String modul, String action) { + public static String buildLoginForm(String modul, String action, String oaname) { String value = getTemplate(); if(value != null) { - value = value.replace(OA_URL, oaURL); if(modul == null) { modul = SAML1Protocol.PATH; } @@ -51,6 +51,7 @@ public class LoginFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e7bd5f511..4001fdd1a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.Serializable; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; @@ -47,10 +50,15 @@ import eu.stork.mw.messages.saml.STORKAuthnRequest; * @author Paul Ivancsics * @version $Id$ */ -public class AuthenticationSession { +public class AuthenticationSession implements Serializable { - private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; - private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** @@ -72,10 +80,7 @@ public class AuthenticationSession { * SourceID */ private String sourceID; - /** - * Indicates if target from configuration is used or not - */ - private boolean useTargetFromConfig; + /** * public online application URL requested */ @@ -99,80 +104,72 @@ public class AuthenticationSession { private String bkuURL; /** - * Use mandate - */ - private boolean useMandate; - - /** - * Reference value for mandate - */ - private String mandateReferenceValue; - - /** - * Authentication data for the assertion - */ - private AuthenticationData assertionAuthData; - - /** - * Persondata for the assertion - */ - private String assertionPrPerson; - - /** - * Authblock for the assertion + * Indicates whether the corresponding online application is a business + * service or not */ - private String assertionAuthBlock; - + private boolean businessService; + + //Store Mandate /** - * Identitylink assertion for the (MOA) assertion + * Use mandate */ - private String assertionIlAssertion; + private boolean useMandate; + /** - * Signer certificate (base64 encoded) for the assertion + * STORK */ - private String assertionSignerCertificateBase64; - + private String ccc; + /** + * * Mandate element */ private Element mandate; /** + * Reference value for mandate * bussiness service for the assertion */ - boolean assertionBusinessService; + private String mandateReferenceValue; /** * SessionID for MIS */ private String misSessionID; + + private String mandateData; + + //store Identitylink /** * identity link read from smartcard */ private IdentityLink identityLink; - /** - * authentication block to be signed by the user - */ - private String authBlock; - /** - * timestamp logging when authentication session has been created - */ - private Date timestampStart; + /** * timestamp logging when identity link has been received */ private Date timestampIdentityLink; + + //store Authblock /** - * Indicates whether the corresponding online application is a business - * service or not + * authentication block to be signed by the user */ - private boolean businessService; + private String authBlock; + + /** + * The issuing time of the AUTH-Block SAML assertion. + */ + private String issueInstant; + //Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - private X509Certificate signerCertificate; + //private X509Certificate signerCertificate; + private byte[] signerCertificate; + + /** * SAML attributes from an extended infobox validation to be appended to the * SAML assertion delivered to the final online application. @@ -191,11 +188,8 @@ public class AuthenticationSession { */ private List extendedSAMLAttributesAUTH; - /** - * The issuing time of the AUTH-Block SAML assertion. - */ - private String issueInstant; - + + //TODO: check if it is in use! /** * If infobox validators are needed after signing, they can be stored in * this list. @@ -219,11 +213,65 @@ public class AuthenticationSession { */ private STORKAuthnRequest storkAuthnRequest; - private AuthenticationData authData; - private String mandateData; + //private AuthenticationData authData; + + //protocol selection + private String action; private String modul; + + private boolean authenticated; + private boolean authenticatedUsed = false; + + +// /** +// * Indicates if target from configuration is used or not +// */ +// private boolean useTargetFromConfig; + +// /** +// * Authentication data for the assertion +// */ +// private AuthenticationData assertionAuthData; +// +// /** +// * Persondata for the assertion +// */ +// private String assertionPrPerson; +// +// /** +// * Authblock for the assertion +// */ +// private String assertionAuthBlock; +// +// /** +// * Identitylink assertion for the (MOA) assertion +// */ +// private String assertionIlAssertion; +// +// /** +// * Signer certificate (base64 encoded) for the assertion +// */ +// private String assertionSignerCertificateBase64; +// +// /** +// * bussiness service for the assertion +// */ +// boolean assertionBusinessService; +// +// /** +// * timestamp logging when authentication session has been created +// */ +// private Date timestampStart; +// private CreateXMLSignatureResponse XMLCreateSignatureResponse; + + private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + + private boolean isForeigner; + +// private String requestedProtocolURL = null; + public String getModul() { return modul; } @@ -239,8 +287,6 @@ public class AuthenticationSession { public void setAction(String action) { this.action = action; } - - private String action; public String getMandateData() { return mandateData; @@ -250,25 +296,15 @@ public class AuthenticationSession { this.mandateData = mandateData; } - public AuthenticationData getAuthData() { - return authData; - } - - public void setAuthData(AuthenticationData authData) { - this.authData = authData; - } - private CreateXMLSignatureResponse XMLCreateSignatureResponse; - - private VerifyXMLSignatureResponse XMLVerifySignatureResponse; - - private String requestedProtocolURL = null; - - private boolean authenticated; +// public AuthenticationData getAuthData() { +// return authData; +// } +// +// public void setAuthData(AuthenticationData authData) { +// this.authData = authData; +// } - private boolean authenticatedUsed = false; - - private boolean foreignMode = false; public boolean isAuthenticatedUsed() { return authenticatedUsed; @@ -287,13 +323,13 @@ public class AuthenticationSession { } - public String getRequestedProtocolURL() { - return requestedProtocolURL; - } - - public void setRequestedProtocolURL(String requestedProtocolURL) { - this.requestedProtocolURL = requestedProtocolURL; - } +// public String getRequestedProtocolURL() { +// return requestedProtocolURL; +// } +// +// public void setRequestedProtocolURL(String requestedProtocolURL) { +// this.requestedProtocolURL = requestedProtocolURL; +// } /** * Constructor for AuthenticationSession. @@ -303,16 +339,29 @@ public class AuthenticationSession { */ public AuthenticationSession(String id) { sessionID = id; - setTimestampStart(); +// setTimestampStart(); infoboxValidators = new ArrayList(); } - public X509Certificate getSignerCertificate() { - return signerCertificate; + public X509Certificate getSignerCertificate(){ + try { + return new X509Certificate(signerCertificate); + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + } + } + + public byte[] getEncodedSignerCertificate() { + return this.signerCertificate; } public void setSignerCertificate(X509Certificate signerCertificate) { - this.signerCertificate = signerCertificate; + try { + this.signerCertificate = signerCertificate.getEncoded(); + } catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } } /** @@ -544,14 +593,14 @@ public class AuthenticationSession { this.businessService = businessService; } - /** - * Returns the timestampStart. - * - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } +// /** +// * Returns the timestampStart. +// * +// * @return Date +// */ +// public Date getTimestampStart() { +// return timestampStart; +// } /** * Sets the current date as timestampIdentityLink. @@ -560,12 +609,12 @@ public class AuthenticationSession { timestampIdentityLink = new Date(); } - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } +// /** +// * Sets the current date as timestampStart. +// */ +// public void setTimestampStart() { +// timestampStart = new Date(); +// } /** * @return template URL @@ -836,24 +885,24 @@ public class AuthenticationSession { return this.useMandate; } - /** - * - * @param useTargetFromConfig - * indicates if target from config is used or not - */ - public void setUseTargetFromConfig(boolean useTargetFromConfig) { - this.useTargetFromConfig = useTargetFromConfig; - - } - - /** - * Returns if target is used from mandate or not - * - * @return - */ - public boolean getUseTargetFromConfig() { - return this.useTargetFromConfig; - } +// /** +// * +// * @param useTargetFromConfig +// * indicates if target from config is used or not +// */ +// public void setUseTargetFromConfig(boolean useTargetFromConfig) { +// this.useTargetFromConfig = useTargetFromConfig; +// +// } +// +// /** +// * Returns if target is used from mandate or not +// * +// * @return +// */ +// public boolean getUseTargetFromConfig() { +// return this.useTargetFromConfig; +// } /** * @@ -873,96 +922,96 @@ public class AuthenticationSession { return this.misSessionID; } - /** - * @return the assertionAuthData - */ - public AuthenticationData getAssertionAuthData() { - return assertionAuthData; - } - - /** - * @param assertionAuthData - * the assertionAuthData to set - */ - public void setAssertionAuthData(AuthenticationData assertionAuthData) { - this.assertionAuthData = assertionAuthData; - } - - /** - * @return the assertionPrPerson - */ - public String getAssertionPrPerson() { - return assertionPrPerson; - } - - /** - * @param assertionPrPerson - * the assertionPrPerson to set - */ - public void setAssertionPrPerson(String assertionPrPerson) { - this.assertionPrPerson = assertionPrPerson; - } - - /** - * @return the assertionAuthBlock - */ - public String getAssertionAuthBlock() { - return assertionAuthBlock; - } - - /** - * @param assertionAuthBlock - * the assertionAuthBlock to set - */ - public void setAssertionAuthBlock(String assertionAuthBlock) { - this.assertionAuthBlock = assertionAuthBlock; - } - - /** - * @return the assertionIlAssertion - */ - public String getAssertionIlAssertion() { - return assertionIlAssertion; - } - - /** - * @param assertionIlAssertion - * the assertionIlAssertion to set - */ - public void setAssertionIlAssertion(String assertionIlAssertion) { - this.assertionIlAssertion = assertionIlAssertion; - } - - /** - * @return the assertionSignerCertificateBase64 - */ - public String getAssertionSignerCertificateBase64() { - return assertionSignerCertificateBase64; - } - - /** - * @param assertionSignerCertificateBase64 - * the assertionSignerCertificateBase64 to set - */ - public void setAssertionSignerCertificateBase64( - String assertionSignerCertificateBase64) { - this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; - } - - /** - * @return the assertionBusinessService - */ - public boolean getAssertionBusinessService() { - return assertionBusinessService; - } - - /** - * @param assertionBusinessService - * the assertionBusinessService to set - */ - public void setAssertionBusinessService(boolean assertionBusinessService) { - this.assertionBusinessService = assertionBusinessService; - } +// /** +// * @return the assertionAuthData +// */ +// public AuthenticationData getAssertionAuthData() { +// return assertionAuthData; +// } +// +// /** +// * @param assertionAuthData +// * the assertionAuthData to set +// */ +// public void setAssertionAuthData(AuthenticationData assertionAuthData) { +// this.assertionAuthData = assertionAuthData; +// } +// +// /** +// * @return the assertionPrPerson +// */ +// public String getAssertionPrPerson() { +// return assertionPrPerson; +// } +// +// /** +// * @param assertionPrPerson +// * the assertionPrPerson to set +// */ +// public void setAssertionPrPerson(String assertionPrPerson) { +// this.assertionPrPerson = assertionPrPerson; +// } +// +// /** +// * @return the assertionAuthBlock +// */ +// public String getAssertionAuthBlock() { +// return assertionAuthBlock; +// } +// +// /** +// * @param assertionAuthBlock +// * the assertionAuthBlock to set +// */ +// public void setAssertionAuthBlock(String assertionAuthBlock) { +// this.assertionAuthBlock = assertionAuthBlock; +// } +// +// /** +// * @return the assertionIlAssertion +// */ +// public String getAssertionIlAssertion() { +// return assertionIlAssertion; +// } +// +// /** +// * @param assertionIlAssertion +// * the assertionIlAssertion to set +// */ +// public void setAssertionIlAssertion(String assertionIlAssertion) { +// this.assertionIlAssertion = assertionIlAssertion; +// } +// +// /** +// * @return the assertionSignerCertificateBase64 +// */ +// public String getAssertionSignerCertificateBase64() { +// return assertionSignerCertificateBase64; +// } +// +// /** +// * @param assertionSignerCertificateBase64 +// * the assertionSignerCertificateBase64 to set +// */ +// public void setAssertionSignerCertificateBase64( +// String assertionSignerCertificateBase64) { +// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; +// } +// +// /** +// * @return the assertionBusinessService +// */ +// public boolean getAssertionBusinessService() { +// return assertionBusinessService; +// } +// +// /** +// * @param assertionBusinessService +// * the assertionBusinessService to set +// */ +// public void setAssertionBusinessService(boolean assertionBusinessService) { +// this.assertionBusinessService = assertionBusinessService; +// } /** * @return the mandateReferenceValue @@ -997,13 +1046,31 @@ public class AuthenticationSession { public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } + + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } - public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { - return XMLCreateSignatureResponse; + + +// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { +// return XMLCreateSignatureResponse; +// } +// +// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { +// XMLCreateSignatureResponse = xMLCreateSignatureResponse; +// } + + public boolean isForeigner() { + return isForeigner; } - public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { - XMLCreateSignatureResponse = xMLCreateSignatureResponse; + public void setForeigner(boolean isForeigner) { + this.isForeigner = isForeigner; } public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { @@ -1021,13 +1088,4 @@ public class AuthenticationSession { public void setMandate(Element mandate) { this.mandate = mandate; } - - public boolean isForeignMode() { - return foreignMode; - } - - public void setForeignMode(boolean foreignMode) { - this.foreignMode = foreignMode; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 276e6414c..7523d7eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -24,15 +24,22 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. * * @author Harald Bratko */ -public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{ /** + * + */ + private static final long serialVersionUID = 1L; + +/** * The value of this SAML attribute. Must be either of type <code>java.lang.String</code> * or <code>org.w3c.Element</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0d11dc4f0..b03f23ce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; +import java.io.Serializable; import java.security.PublicKey; import javax.xml.transform.TransformerException; @@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink { +public class IdentityLink implements Serializable{ + + private static final long serialVersionUID = 1L; + /** * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index ce418de01..c41de1904 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + import iaik.x509.X509Certificate; /** @@ -34,8 +36,11 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ +public class VerifyXMLSignatureResponse implements Serializable{ + + private static final long serialVersionUID = 1L; + +/** The xmlDsigSubjectName to be stored */ private String xmlDsigSubjectName; /** The signatureCheckCode to be stored */ private int signatureCheckCode; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..63ad62662 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,240 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String sourceID, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + + // escape parameter strings + //TODO: use URLEncoder.encode!! + target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moasession.setTarget(target); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider + .getInstance() + .getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (sourceID != null) + moasession.setSourceID(sourceID); + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } + moasession.setTemplateURL(templateURL); + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + + //check Module and Action + HttpSession httpSession = req.getSession(); + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..29d407dc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + String moasessionid = null; + AuthenticationSession moasession = null; + + try { + moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + String sourceID = ""; //TODO: load from Config + String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); + String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; + + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + sourceID, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + + } + + private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List<String> bkuURIs = Arrays.asList( + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); + +// List<String> bkuURIs = Arrays.asList( +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, + "auth.12"); + } + + private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List<String> bkuURIs = Arrays.asList( + "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", + "https://127.0.0.1:3496/https-security-layer-request"); + +// List<String> bkuURIs = Arrays.asList( +// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, + "auth.12"); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java deleted file mode 100644 index b5c72ef9f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.util.Calendar; - -import org.apache.axis.AxisFault; -import org.w3c.dom.Element; - -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Web service for picking up authentication data created in the MOA-ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData - */ -public class GetAuthenticationDataService implements Constants { - - /** - * Constructor for GetAuthenticationDataService. - */ - public GetAuthenticationDataService() { - super(); - } - - /** - * Takes a <code>lt;samlp:Request></code> containing a - * <code>SAML artifact</code> and returns the corresponding - * authentication data <code>lt;saml:Assertion></code> - * (obtained from the <code>AuthenticationServer</code>), - * enclosed in a <code>lt;samlp:Response></code>. - * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, - * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. - * The status codes are defined in the SAML specification. - * - * @param requests request elements of type <code>lt;samlp:Request></code>; - * only 1 request element is allowed - * @return response element of type <code>lt;samlp:Response></code>, - * packed into an <code>Element[]</code> - * @throws AxisFault thrown when an error occurs in assembling the - * <code>lt;samlp:Response></code> - */ - public Element[] Request(Element[] requests) - throws AxisFault { - - Element request = requests[0]; - Element[] responses = new Element[1]; - String requestID = ""; - String statusCode = ""; - String subStatusCode = null; - String statusMessageCode = null; - String statusMessage = null; - String samlAssertion = ""; - boolean useUTC = false; - if (requests.length > 1) { - // more than 1 request given as parameter - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1201"; - } - else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = request.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - try { - - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); - - useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - } - } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } - } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 3f775f38e..935edb557 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -49,11 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.URLEncoder; /**
* Servlet requested for getting the foreign eID
@@ -193,6 +194,13 @@ public class GetForeignIDServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); }
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index fa4deddb6..d41d20def 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -21,9 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ +package at.gv.egovernment.moa.id.auth.servlet; -package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException; import java.io.IOException; @@ -59,162 +58,182 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /** + +/** + * Servlet requested for getting the foreign eID provided by the security layer + * implementation. Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** * */ private static final long serialVersionUID = 4666952867085392597L; -/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0); -
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
- - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" ) - System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); - // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - - String redirectURL = null; - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); - - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - //redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - //redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify that data URL + * resource is available. + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, + * HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + + // Logger.debug("GET GetMISSessionIDServlet"); + // + // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and responds with + * a new <code>CreateXMLSignatureRequest</code>. <br> + * Request parameters: + * <ul> + * <li>MOASessionID: ID of associated authentication session</li> + * <li>XMLResponse: <code><InfoboxReadResponse></code></li> + * </ul> + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, + * HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + // Map parameters; + // try + // { + // parameters = getParameters(req); + // } catch (FileUploadException e) + // { + // Logger.error("Parsing mulitpart/form-data request parameters failed: " + // + e.getMessage()); + // throw new IOException(e.getMessage()); + // } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", + PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + ConnectionParameter connectionParameters = authConf + .getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + AuthConfigurationProvider.getInstance(), + connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest( + connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate) list.get(0); + + // verify mandate signature + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // TODO OW bPK (Offen: was bei saml:NameIdentifier + // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute + // AttributeName="bPK" ) + System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); + // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! + + String redirectURL = null; + String samlArtifactBase64 = AuthenticationServer.getInstance() + .verifyAuthenticationBlockMandate(session, mandateDoc); + + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + // URLEncoder.encode(session.getTarget(), "UTF-8")); } - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); -
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ // redirectURL = addURLParameter(redirectURL, + // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, + // "UTF-8")); + redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction()), samlArtifactBase64); + redirectURL = resp.encodeRedirectURL(redirectURL); + + } else { + redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, + session.getSessionID()); + + } + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); } catch (SAXException e) { handleError(null, e, req, resp); } catch (ParserConfigurationException e) { handleError(null, e, req, resp); - }
- } - -
-
- }
+ } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 731c7581c..3c8892e33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -23,12 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -213,6 +214,13 @@ public class PEPSConnectorServlet extends AuthServlet { } else {
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..f89460a83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -245,7 +247,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
- }
+ } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } +
} catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 5f59b6f9a..16ff65477 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -94,129 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); + Logger.debug("GET StartAuthentication"); + + String sessionID = req.getParameter(PARAM_SESSIONID); + sessionID = (String) req.getAttribute(PARAM_SESSIONID); + + + + try { + + if (StringUtils.isEmpty(sessionID)) + throw new MOAIDException("auth.18", null); + + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + setNoCachingHeadersInHttpRespone(req, resp); - HttpSession httpSession = req.getSession(); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - IRequest request = RequestStorage.getPendingRequest(httpSession); - - String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); - String action = request.requestedAction();//req.getParameter(PARAM_ACTION); - request.getOAURL(); - // escape parameter strings - //TODO: use URLEncoder.encode!! - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - modul = StringEscapeUtils.escapeHtml(modul); - action = StringEscapeUtils.escapeHtml(action); - - oaURL = request.getOAURL(); - target = request.getTarget(); - - setNoCachingHeadersInHttpRespone(req, resp); - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - if(modul == null) { - modul = SAML1Protocol.PATH; - } - - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } - - Logger.info("Start Authentication Module: " + modul + " Action: " + action); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action); + //TODO: Load MOASession + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + //TODO: insert sessionID to STORK!! + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + } + Logger.debug("Finished GET StartAuthentication"); - } + } + catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + + } catch (MOADatabaseException e) { + handleError(null, e, req, resp); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f62428ea5..f8a828f6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -48,10 +48,12 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -158,11 +160,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode @@ -203,8 +205,19 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + byte[] cert = session.getEncodedSignerCertificate(); + + String targetType = null; + + if(session.getBusinessService()) { + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + targetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -214,6 +227,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { session.setMISSessionID(misSessionID.getSessiondId()); + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); @@ -228,12 +247,14 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); + } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index d5198a862..4c4671084 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -43,6 +43,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -140,7 +142,7 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) {
// verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(sessionID, cert); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
@@ -159,9 +161,14 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ } + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + }
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index f2c41a051..8eaa8341c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -43,6 +43,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -134,11 +138,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); + if (createXMLSignatureRequestOrRedirect == null) { // no identity link found @@ -176,36 +183,54 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID), // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen) - boolean useMandate = session.getUseMandate(); - if (useMandate) { // Mandate modus - // read certificate and set dataurl to - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! +// boolean useMandate = session.getUseMandate(); +// if (useMandate) { // Mandate modus +// // read certificate and set dataurl to +// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +// +// +// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +// +// // build dataurl (to the GetForeignIDSerlvet) +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); +// +// +// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); +// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// } +// else { + Logger.info("Normal"); - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); - } - else { - Logger.info("Normal"); ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } - } - +// } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } } catch (ParseException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8d2f95cce..e77dd30d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + //TODO:load Text from OA config + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 82acd0897..d798ce9d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -27,16 +27,26 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import java.util.List; +import java.util.Properties; +import org.hibernate.cfg.Configuration; import org.w3c.dom.Element; import org.w3c.dom.Node; +import test.tlenz.simpletest; + import eu.stork.vidp.messages.common.STORKBootstrap; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -45,6 +55,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -277,12 +288,50 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } - + + //Initial Hibernate Framework + //TODO: Full update to new MOA-ID configuration!!! + Logger.trace("Initializing Hibernate framework."); + + String propertiesFileLocation = System.getProperty("moa.id.config"); + MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); + File propertiesFile = new File(propertiesFileLocation); + FileInputStream fis; + Properties props = new Properties(); + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + // initialize hibernate + synchronized (AuthConfigurationProvider.class) { + Configuration hibernateConfig = new Configuration(); + hibernateConfig.addAnnotatedClass(AssertionStore.class); + hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); + hibernateConfig.addAnnotatedClass(OASessionStore.class); + hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class); + hibernateConfig.addProperties(props); + HibernateUtil.initHibernate(hibernateConfig, props); + } + Logger.trace("Hibernate initialization finished."); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + } + + //Initialize OpenSAML for STORK Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 79f3b4e30..c1de93fae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; import java.util.Date; /** @@ -33,8 +34,12 @@ import java.util.Date; * @version $Id$ */ -public class AuthenticationData { +public class AuthenticationData implements Serializable { /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** * major version number of the SAML assertion */ private int majorVersion; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e1c46f295..244197379 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -163,7 +163,8 @@ public class DispatcherServlet extends AuthServlet { // check if pending request is same protocol and action if (!protocolRequest.requestedModule().equals(module) || !protocolRequest.requestedAction() - .equals(action)) { + .equals(action) + || !info.validate(req, resp, protocolRequest)) { resp.sendError(HttpServletResponse.SC_CONFLICT); Logger.error("Different Request is pending in this session!"); return; @@ -185,7 +186,9 @@ public class DispatcherServlet extends AuthServlet { } RequestStorage.setPendingRequest(httpSession, protocolRequest); - + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -194,30 +197,30 @@ public class DispatcherServlet extends AuthServlet { } if (protocolRequest.forceAuth()) { - if (!AuthenticationManager.tryPerformAuthentication( + if (!authmanager.tryPerformAuthentication( req, resp)) { - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Is authenticated .. proceed } else { // Start authentication! - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } @@ -227,8 +230,7 @@ public class DispatcherServlet extends AuthServlet { moduleAction.processRequest(protocolRequest, req, resp); RequestStorage.removePendingRequest(httpSession); - - AuthenticationManager.logout(req, resp); + authmanager.logout(req, resp); } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 3254927ed..5e792ab78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,31 +1,67 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends AuthServlet { + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static AuthenticationSession getAuthenticationSession( + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + + public AuthenticationSession getAuthenticationSession( HttpSession session) { String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); if (sessionID != null) { - return AuthenticationSessionStore.getSession(sessionID); + try { + return AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return null; + } } return null; } @@ -37,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, + public boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { Logger.info("Checking authentication"); @@ -50,15 +86,24 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); +// AuthenticationSession authSession; +// try { +// authSession = AuthenticationSessionStoreage +// .getSession(moaSessionID); +// +// } catch (MOADatabaseException e) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// if(authSession == null) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// return authSession.isAuthenticated(); - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); - return false; - } - - return authSession.isAuthenticated(); + return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); } /** @@ -68,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean tryPerformAuthentication(HttpServletRequest request, + public boolean tryPerformAuthentication(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); @@ -76,8 +121,14 @@ public class AuthenticationManager implements MOAIDAuthConstants { String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return false; + } + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -94,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - public static void logout(HttpServletRequest request, + public void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -111,24 +162,33 @@ public class AuthenticationManager implements MOAIDAuthConstants { return; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); - if(authSession == null) { + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + AuthenticationSessionStoreage.destroySession(moaSessionID); + + session.invalidate(); + + } catch (MOADatabaseException e) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); return; } - - authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - AuthenticationSessionStore.destroySession(moaSessionID); - session.invalidate(); + } - public static void doAuthentication(HttpServletRequest request, + public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) @@ -140,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants { "auth.12"); } - // TODO: Build authentication form + setNoCachingHeadersInHttpRespone(request, response); + + //TODO:move this to config!!! + final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); - /* - * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), - * modul, protocol); - * - * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = - * new PrintWriter(response.getOutputStream()); out.print(loginForm); - * out.flush(); return; - */ + //is legacy allowed + boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); - session.getServletContext().getNamedDispatcher("StartAuthentication") - .forward(request, response); + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + + if (legacyallowed && legacyparamavail) { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //parse request parameter into MOASession + try{ + StartAuthentificationParameterParser.parse(request, response, moasession); + + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, request, response); + } + + catch (MOAIDException ex) { + handleError(null, ex, request, response); + } + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + //TODO: Find a better place for this!! + request.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + + else { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } } + + private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { + + //String sessionID = request.getParameter(PARAM_SESSIONID); + String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); + AuthenticationSession moasession; + + try { + moasession = AuthenticationSessionStoreage.getSession(sessionID); + Logger.info("Found existing MOASession with sessionID=" + sessionID + + ". This session is used for reauthentification."); + + } catch (MOADatabaseException e) { + try { + moasession = AuthenticationSessionStoreage.createSession(); + Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession are not created."); + throw new MOAIDException("init.04", new Object[] { + "0"}); + } + } + + return moasession; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java deleted file mode 100644 index c149d1ce1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.moduls; - -import java.util.HashMap; -import java.util.Iterator; -import java.util.Set; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; - -public class AuthenticationSessionStore { - - private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); - - public static boolean isAuthenticated(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - return sessionStore.get(moaSessionID).isAuthenticated(); - } - } - return false; - } - - public static AuthenticationSession createSession() { - String id = Random.nextRandom(); - AuthenticationSession session = new AuthenticationSession(id); - synchronized (sessionStore) { - sessionStore.put(id, session); - } - return session; - } - - public static void destroySession(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - sessionStore.remove(moaSessionID); - } - } - } - - public static void dumpSessionStore() { - synchronized (sessionStore) { - Set<String> keys = sessionStore.keySet(); - Iterator<String> keyIterator = keys.iterator(); - while(keyIterator.hasNext()) { - String key = keyIterator.next(); - AuthenticationSession session = sessionStore.get(key); - Logger.info("Key: " + key + " -> " + session.toString()); - } - } - } - - public static String changeSessionID(AuthenticationSession session) - throws AuthenticationException { - synchronized (sessionStore) { - if (sessionStore.containsKey(session.getSessionID())) { - AuthenticationSession theSession = sessionStore.get(session - .getSessionID()); - if (theSession != session) { - throw new AuthenticationException("TODO!", null); - } - - sessionStore.remove(session.getSessionID()); - String id = Random.nextRandom(); - session.setSessionID(id); - sessionStore.put(id, session); - return id; - } - } - throw new AuthenticationException("TODO!", null); - } - - public static AuthenticationSession getSession(String sessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(sessionID)) { - return sessionStore.get(sessionID); - } - } - Logger.info("No MOA Session with id: " + sessionID); - return null; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 5a2bb1efc..679ccb000 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -22,4 +22,7 @@ public interface IModulInfo { public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable; + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 91b88acb9..f63b0049f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -10,4 +10,6 @@ public interface IRequest { public void setModule(String module); public void setAction(String action); public String getTarget(); + + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e752857dd..41aa459ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -282,4 +282,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + // TODO implement validation! + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index c188914df..2e2f75b94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -1,13 +1,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.HashMap; -import java.util.Map; - import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.artifact.SAMLArtifactMap; import org.opensaml.xml.io.MarshallingException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; +import at.gv.egovernment.moa.id.storage.AssertionStorage; public class PVPAssertionStorage implements SAMLArtifactMap { @@ -20,7 +19,8 @@ public class PVPAssertionStorage implements SAMLArtifactMap { return instance; } - private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + private AssertionStorage assertions = AssertionStorage.getInstance(); public boolean contains(String artifact) { return assertions.containsKey(artifact); @@ -33,11 +33,24 @@ public class PVPAssertionStorage implements SAMLArtifactMap { issuerId, samlMessage); - assertions.put(artifact, assertion); + try { + assertions.put(artifact, assertion); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be stored + throw new MarshallingException("Assertion are not stored in Database.",e); + } } public SAMLArtifactMapEntry get(String artifact) { - return assertions.get(artifact); + try { + return assertions.get(artifact, SAMLArtifactMapEntry.class); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be read + e.printStackTrace(); + return null; + } } public void remove(String artifact) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java index 0b280fe48..a2f46694f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -10,7 +10,13 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -100,27 +106,57 @@ public class CitizenTokenBuilder { AuthenticationSession authSession) { AttributeStatement statement = SAML2Utils.createSAMLObject(AttributeStatement.class); + + //TL: AuthData generation is moved out from VerifyAuthBlockServlet + try { + + //TODO: LOAD oaParam from request and not from MOASession in case of SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - Attribute pvpVersion = buildPVPVersion("2.1"); - Attribute secClass = buildSecClass(3); - Attribute principalName = buildPrincipalName(authSession.getAuthData().getFamilyName()); - Attribute givenName = buildGivenName(authSession.getAuthData().getGivenName()); - Attribute birthdate = buildBirthday(authSession.getAuthData().getDateOfBirth()); - Attribute bpk = buildBPK(authSession.getAuthData().getIdentificationValue()); - Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); - Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); - Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authSession.getAuthData().getIdentificationType()); - - statement.getAttributes().add(pvpVersion); - statement.getAttributes().add(secClass); - statement.getAttributes().add(principalName); - statement.getAttributes().add(givenName); - statement.getAttributes().add(birthdate); - statement.getAttributes().add(bpk); - statement.getAttributes().add(eid_citizen_qaa); - statement.getAttributes().add(eid_issuing_nation); - statement.getAttributes().add(eid_sector_for_id); + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, + oaParam, + authSession.getTarget()); + + Attribute pvpVersion = buildPVPVersion("2.1"); + Attribute secClass = buildSecClass(3); + Attribute principalName = buildPrincipalName(authData.getFamilyName()); + Attribute givenName = buildGivenName(authData.getGivenName()); + Attribute birthdate = buildBirthday(authData.getDateOfBirth()); + + //TL: getIdentificationValue holds the baseID --> change to pBK + Attribute bpk; + if (authSession.getBusinessService()) + bpk = buildBPK(authData.getWBPK()); + else + bpk = buildBPK(authData.getBPK()); + + Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); + Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); + Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); + + statement.getAttributes().add(pvpVersion); + statement.getAttributes().add(secClass); + statement.getAttributes().add(principalName); + statement.getAttributes().add(givenName); + statement.getAttributes().add(birthdate); + statement.getAttributes().add(bpk); + statement.getAttributes().add(eid_citizen_qaa); + statement.getAttributes().add(eid_issuing_nation); + statement.getAttributes().add(eid_sector_for_id); + + return statement; + + } catch (ConfigurationException e) { + + // TODO: check Exception Handling + return null; + } catch (BuildException e) { + + // TODO: check Exception Handling + return null; + } - return statement; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 94189714e..db41bf389 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -47,15 +47,16 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { EntityDescriptor peerEntity = obj.getEntityMetadata(); - AuthenticationSession authSession = AuthenticationManager - .getAuthenticationSession(req.getSession()); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); + // authSession.getM Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); - + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5649e5260..3634c9983 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -13,6 +13,9 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -26,30 +29,51 @@ public class GetArtifactAction implements IAction { HttpServletResponse httpResp) { HttpSession httpSession = httpReq.getSession(); - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - String oaURL = (String) httpReq.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String oaURL = (String) httpReq.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); + String oaURL = (String) req.getOAURL(); + String target = (String) req.getTarget(); + try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) + + + if (oaURL == null) { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); } - - if (oaURL == null) { + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - } - + + + // if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } + + + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + // builds authentication data and stores it together with a SAML + // artifact + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, + oaParam, + target); + String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); + .BuildSAMLArtifact(session, oaParam, authData); String redirectURL = oaURL; session.getOAURLRequested(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 47050bf28..3a2f4ee9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.util.logging.Log; + import java.io.IOException; import javax.servlet.ServletException; @@ -37,90 +39,95 @@ public class GetArtifactServlet extends AuthServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - HttpSession httpSession = req.getSession(); - - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); - - String oaURL = (String) req.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - String target = (String) req.getAttribute(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); - } - - if (oaURL == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } - - String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); - - String redirectURL = oaURL; - session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, - URLEncoder.encode(session.getTarget(), "UTF-8")); - - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, - URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - // CONFIRMATION FOR SSO! - /* - * OAAuthParameter oaParam = - * AuthConfigurationProvider.getInstance(). - * getOnlineApplicationParameter(oaURL); - * - * String friendlyName = oaParam.getFriendlyName(); if(friendlyName - * == null) { friendlyName = oaURL; } - * - * - * LoginConfirmationBuilder builder = new - * LoginConfirmationBuilder(); - * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); - * String form = builder.finish(oaURL, session.getIdentityLink() - * .getName(), friendlyName); - */ - - /* - resp.setContentType("text/html"); - - OutputStream out = resp.getOutputStream(); - out.write(form.getBytes("UTF-8")); - out.flush(); - out.close();*/ - - } catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BuildException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (AuthenticationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + Log.err("Sollte nicht mehr verwendet werden!!!!"); + throw new ServletException("The Servlet Class + " + GetArtifactServlet.class + + " is out of date!!!"); + +// HttpSession httpSession = req.getSession(); +// +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); +// +// String oaURL = (String) req.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// +// String target = (String) req.getAttribute(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// +// if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } +// +// if (oaURL == null) { +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// } +// +// String samlArtifactBase64 = SAML1AuthenticationServer +// .BuildSAMLArtifact(session); +// +// String redirectURL = oaURL; +// session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, +// URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// // CONFIRMATION FOR SSO! +// /* +// * OAAuthParameter oaParam = +// * AuthConfigurationProvider.getInstance(). +// * getOnlineApplicationParameter(oaURL); +// * +// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName +// * == null) { friendlyName = oaURL; } +// * +// * +// * LoginConfirmationBuilder builder = new +// * LoginConfirmationBuilder(); +// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); +// * String form = builder.finish(oaURL, session.getIdentityLink() +// * .getName(), friendlyName); +// */ +// +// /* +// resp.setContentType("text/html"); +// +// OutputStream out = resp.getOutputStream(); +// out.write(form.getBytes("UTF-8")); +// out.flush(); +// out.close();*/ +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (BuildException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (AuthenticationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 4399c556b..e79954daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -4,162 +4,43 @@ import iaik.x509.X509Certificate; import java.io.File; import java.io.IOException; -import java.util.Calendar; +import java.security.cert.CertificateEncodingException; import java.util.Date; -import java.util.HashMap; -import java.util.Map; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { - - // TODO: for clustering we have to replicate this data to other servers - // We might need to introduce a openEJB to accomplish this - /** authentication data store (assertion handle -> AuthenticationData) */ - @SuppressWarnings("rawtypes") - private static Map authenticationDataStore = new HashMap(); + //private static Map authenticationDataStore = new HashMap(); + private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); + + + //TODO: make this time configurable /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - private static AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean businessService = oaParam.getBusinessService(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar - .getInstance(), useUTC)); - authData.setIdentificationType(identityLink.getIdentificationType()); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); - - try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); - if(!isForeigner) { - //we have Austrian citizen - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); - } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - - } - } else { - //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); - authData.setWBPK(wbpkBase64); - } - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); - authData.setBPK(bpkBase64); - } - - - } - - } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; - - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - + /** * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. * The <code>AuthenticationData</code> is deleted from the store upon end of @@ -169,10 +50,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { */ public static AuthenticationData getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { - String assertionHandle; try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); @@ -180,83 +59,153 @@ public class SAML1AuthenticationServer extends AuthenticationServer { AuthenticationData authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; + try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } + authData = authenticationDataStore + .get(samlArtifact, AuthenticationData.class); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + } + + boolean keepAssertion = false; + try { + String boolStr = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.KeepAssertion"); + if (null != boolStr && boolStr.equalsIgnoreCase("true")) + keepAssertion = true;// Only allowed for debug purposes!!! + + } catch (ConfigurationException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + if (!keepAssertion) { + authenticationDataStore.remove(samlArtifact); } + long now = new Date().getTime(); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + return authData; } - public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException { - - // TODO: Support Mandate MODE! + public static String BuildSAMLArtifact(AuthenticationSession session, + OAAuthParameter oaParam, + AuthenticationData authData) + throws ConfigurationException, BuildException, AuthenticationException { + + //TODO: check, if this is correct!!!! +// String samlAssertion = new AuthenticationDataAssertionBuilder().build( +// authData, session.getAssertionPrPerson(), +// session.getAssertionAuthBlock(), +// session.getAssertionIlAssertion(), session.getBkuURL(), +// session.getAssertionSignerCertificateBase64(), +// session.getAssertionBusinessService(), +// session.getExtendedSAMLAttributesOA(), useCondition, +// conditionLength); + - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); boolean useCondition = oaParam.getUseCondition(); int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - useUTC, false); - - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, session.getAssertionPrPerson(), - session.getAssertionAuthBlock(), - session.getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), - session.getAssertionBusinessService(), - session.getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } } - - String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + + //set prPersion + boolean provideStammzahl = oaParam.getProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = oaParam.getProvideAuthBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + session.getMandateData(), + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File( + assertionFile)); + } catch (IOException e) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", e.toString() }, e); + } + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + session.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; - storeAuthenticationData(samlArtifact, authData); - - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } } @@ -271,7 +220,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @throws AuthenticationException * when SAML artifact is invalid */ - @SuppressWarnings("unchecked") private static void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { @@ -282,14 +230,17 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (typeCode[0] != 0 || typeCode[1] != 1) throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); + parser.parseAssertionHandle(); + synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); + authenticationDataStore.put(samlArtifact, authData); } + } catch (AuthenticationException ex) { throw ex; + } catch (Throwable ex) { throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 678d5f961..09314ba37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -9,9 +9,12 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -67,14 +70,33 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { RequestImpl config = new RequestImpl(); String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); + String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + config.setTarget(oaParam.getTarget()); + request.getSession().setAttribute(PARAM_OA, oaURL); - request.getSession().setAttribute(PARAM_TARGET, target); + request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; } @@ -95,4 +117,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + //TODO: funktioniert so nicht!!! + +// String oaURL = (String) request.getParameter(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String target = (String) request.getParameter(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// //the target parameter is used to define the OA in SAML1 standard +// if (target.startsWith("http")) { +// oaURL = target; +// target = null; +// } +// +// if (oaURL != null) { +// if (oaURL.equals(pending.getOAURL())) +// return true; +// else +// return false; +// } + + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java new file mode 100644 index 000000000..b5de788af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionStorage { + + private static AssertionStorage instance = null; + + public static AssertionStorage getInstance() { + if(instance == null) { + instance = new AssertionStorage(); + } + return instance; + } + + public boolean containsKey(String artifact) { + try { + searchInDatabase(artifact); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String artifact, Object assertion) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(artifact); + element.setType(assertion.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) assertion); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(element); + Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Assertion could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + AssertionStore element = searchInDatabase(artifact); + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + @SuppressWarnings("unchecked") + T test = (T) Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Log.warn("Assertion Cast-Exception by using Artifact=" + artifact); + throw new MOADatabaseException("Assertion Cast-Exception"); + } + } + + public void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AssertionStore> results; + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + HibernateUtil.delete(result); + Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + + " after assertion timeout."); + + } catch (HibernateException e){ + Logger.warn("Assertion with Artifact=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + public void remove(String artifact) { + + try { + AssertionStore element = searchInDatabase(artifact); + HibernateUtil.delete(element); + + } catch (MOADatabaseException e) { + Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Assertion not removed! (Error during Database communication)", e); + } + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); + Session session = HibernateUtil.getCurrentSession(); + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No Assertion found with this Artifact"); + } + + return (AssertionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..70156deb7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,242 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + + + } + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID); + HibernateUtil.delete(dbsession); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be destroyed."); + throw new MOADatabaseException(e); + } + + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set<String> keys = sessionStore.keySet(); +// Iterator<String> keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + + + + + +// synchronized (sessionStore) { +// if (sessionStore.containsKey(session.getSessionID())) { +// AuthenticationSession theSession = sessionStore.get(session +// .getSessionID()); +// if (theSession != session) { +// throw new AuthenticationException("TODO!", null); +// } +// +// sessionStore.remove(session.getSessionID()); +// String id = Random.nextRandom(); +// session.setSessionID(id); +// sessionStore.put(id, session); +// return id; +// } +// } +// throw new AuthenticationException("TODO!", null); + } + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession()); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + return null; + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AuthenticatedSessionStore> results; + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + HibernateUtil.delete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = HibernateUtil.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..6c8365e67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.InputSource; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -212,10 +214,12 @@ public class ParamValidatorUtils { return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + Logger.debug("Parameter bkuURI from configuration is used."); + return true; + + } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -467,7 +471,39 @@ public class ParamValidatorUtils { return false;
}
- }
+ } + + public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { + + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + + // check parameter + try { + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + } catch (WrongParametersException e) { + return false; + } + + if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + return false; + else + return true; + }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index ad4e45a2b..7ee3b4e84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -143,7 +143,7 @@ public class MISSimpleClient { }
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +201,17 @@ public class MISSimpleClient { }
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + +
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
|