aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java188
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java239
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java178
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java173
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java183
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java46
20 files changed, 939 insertions, 315 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 911920e83..9abbf2970 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -389,95 +389,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
*/
- public String startAuthentication(String authURL, String target,
- String targetFriendlyName, String oaURL, String templateURL,
- String bkuURL, String useMandate, String sessionID, String scheme,
- String sourceID, String modul, String action) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
- String useMandateString = null;
- boolean useMandateBoolean = false;
- if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
- useMandateString = useMandate;
- } else {
- useMandateString = "false";
- }
-
- if (useMandateString.compareToIgnoreCase("true") == 0)
- useMandateBoolean = true;
- else
- useMandateBoolean = false;
-
- if (isEmpty(sessionID)) {
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider
- .getInstance()
- .getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
+ if (session == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- AuthenticationSession session;
- OAAuthParameter oaParam;
- if (sessionID != null) {
- session = getSession(sessionID);
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
- } else {
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
- if (!oaParam.getBusinessService()) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
- } else {
- if (useMandateBoolean) {
- Logger
- .error("Online-Mandate Mode for bussines application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
- }
- session = newSession();
- Logger.info("MOASession " + session.getSessionID() + " angelegt");
- session.setTarget(target);
- session.setTargetFriendlyName(targetFriendlyName);
- session.setOAURLRequested(oaURL);
- session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- session.setAuthURL(authURL);
- session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
- session.setModul(modul);
- session.setAction(action);
- if (sourceID != null)
- session.setSourceID(sourceID);
- }
- // BKU URL has not been set yet, even if session already exists
- if (bkuURL == null) {
- if (scheme != null && scheme.equalsIgnoreCase("https")) {
- bkuURL = DEFAULT_BKU_HTTPS;
- } else {
- bkuURL = DEFAULT_BKU;
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() });
+
+ //load Template
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[] {
+ session.getTemplateURL(), ex.toString() }, ex);
}
}
- session.setBkuURL(bkuURL);
- session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- session.setUseMandate(useMandateString);
+
+ //build ReadInfobox request
String infoboxReadRequest = new InfoboxReadRequestBuilder().build(
oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam
.getIdentityLinkDomainIdentifier());
@@ -485,22 +421,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
.getSessionID());
- String template = null;
- // override template url by url from configuration file
- if (oaParam.getTemplateURL() != null) {
- templateURL = oaParam.getTemplateURL();
- } else {
- templateURL = session.getTemplateURL();
- }
- if (templateURL != null) {
- try {
- template = new String(FileUtils.readURL(templateURL));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[] {
- templateURL, ex.toString() }, ex);
- }
- }
-
+
String pushInfobox = "";
VerifyInfoboxParameters verifyInfoboxParameters = oaParam
.getVerifyInfoboxParameters();
@@ -509,21 +430,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPushInfobox(pushInfobox);
}
- try {
- AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("", null);
- }
-
+ //build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
.build(oaParam.getSlVersion12());
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
session.getSessionID());
+
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- bkuURL, infoboxReadRequest, dataURL, certInfoRequest,
+ session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
certInfoDataURL, pushInfobox);
+
return htmlForm;
}
@@ -2311,6 +2228,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
+ //TODO: CHECK if STORK parts works correct!!!!
+
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
@@ -2784,46 +2703,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public static void startSTORKAuthentication(
HttpServletRequest req,
HttpServletResponse resp,
- String ccc,
- String oaURL,
- String target,
- String targetFriendlyName,
- String authURL,
- String sourceID,
- String modul,
- String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+ AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
- //read configuration paramters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
- } else {
- target = null;
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
}
- //create MOA session
- AuthenticationSession moaSession = newSession();
- Logger.info("MOASession " + moaSession.getSessionID() + " angelegt");
- moaSession.setTarget(target);
- moaSession.setTargetFriendlyName(targetFriendlyName);
- moaSession.setOAURLRequested(oaURL);
- moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moaSession.setAuthURL(authURL);
- moaSession.setBusinessService(oaParam.getBusinessService());
- moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
- moaSession.setAction(action);
- moaSession.setModul(modul);
- if (sourceID != null)
- moaSession.setSourceID(sourceID);
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() });
//Start of STORK Processing
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- CPEPS cpeps = storkConfig.getCPEPS(ccc);
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:");
String destination = cpeps.getPepsURL().toExternalForm();
@@ -2838,7 +2732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue());
- Logger.debug("QAALevel: " + qaaLevel.getValue());
+ //Logger.debug("QAALevel: " + qaaLevel.getValue());
RequestedAttributes requestedAttributes = null;
@@ -2850,7 +2744,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//check if country specific attributes must be additionally requested
if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) {
//add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes
- Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc);
+ Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc());
Logger.debug("The following attributes are requested for this specific country:");
List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes());
for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) {
@@ -2888,13 +2782,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- String spSector = StringUtils.isEmpty(target) ? "Business" : target;
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
String spApplication = spInstitution;
String spCountry = "AT";
String textToBeSigned =
- CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession);
+ CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession);
//generate AuthnRquest
STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest(
@@ -2944,9 +2838,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moaSession.setStorkAuthnRequest(storkAuthnRequest);
+ moasession.setStorkAuthnRequest(storkAuthnRequest);
HttpSession httpSession = req.getSession();
- httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID());
+ httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
Logger.debug("Preparing to send STORK AuthnRequest.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 01c875533..47bf61db4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -24,6 +24,9 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Arrays;
+import java.util.List;
+
import iaik.asn1.ObjectID;
@@ -118,5 +121,12 @@ public interface MOAIDAuthConstants {
public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
/** the number of the certifcate extension for party organ representatives */
public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+
+ /**BKU type identifiers to use bkuURI from configuration*/
+ public static final String REQ_BKU_TYPE_LOCAL = "local";
+ public static final String REQ_BKU_TYPE_ONLINE = "online";
+ public static final String REQ_BKU_TYPE_HANDY = "handy";
+ public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 412f1db81..897933ea0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.StringWriter;
import java.text.MessageFormat;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
import java.util.List;
+import java.util.Locale;
+import javax.xml.bind.DatatypeConverter;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
"{7}" +
+ "{8}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+ private static String SPECIAL_TEXT_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
private static String PR_IDENTIFICATION_ATTRIBUTE =
" <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
@@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
/**
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
*/
- public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+ public static final int NUM_OF_SAML_ATTRIBUTES = 4;
/**
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
Logger.error("Error on building AUTH-Block: " + e.getMessage());
throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
}
-
-
+
if (target == null) {
// OA is a business application
if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
@@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+
+ //TODO: load special text from OAconfig
+ String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ //String text = "";
+
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
extendedSAMLAttributes.add(oaFriendlyNameAttribute);
//..BZ
+ //TODO: load special text from OAconfig
+ //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ String text = "";
+
+ String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
+ new Object[] { generateSpecialText(text, issuer, issueInstant) });
+
String assertion;
try {
assertion = MessageFormat.format(
@@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
gebeORwbpk,
oaURL,
gebDat,
+ specialText,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
}
+ public static String generateSpecialText(String inputtext, String issuer, String issueInstant) {
+ Calendar datetime = DatatypeConverter.parseDateTime(issueInstant);
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss");
+
+ String text = inputtext.replaceAll("#NAME#", issuer);
+ text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime()));
+ text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime()));
+
+ return text;
+ }
public static String xmlToString(Node node) {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 5191a2f81..83b7ae592 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger;
public class LoginFormBuilder {
+ private static String SERVLET = "GenerateIframeTemplate";
+
private static String AUTH_URL = "#AUTH_URL#";
- private static String OA_URL = "#OA_URL#";
- private static String RED_URL = "#RED_URL#";
private static String MODUL = "#MODUL#";
private static String ACTION = "#ACTION#";
+ private static String OANAME = "#OAName#";
private static String template;
@@ -29,7 +30,7 @@ public class LoginFormBuilder {
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer);
template = writer.toString();
- template = template.replace(AUTH_URL, "StartBKUAuthentication");
+ template = template.replace(AUTH_URL, SERVLET);
} catch (Exception e) {
Logger.error("Failed to read template", e);
}
@@ -38,11 +39,10 @@ public class LoginFormBuilder {
return template;
}
- public static String buildLoginForm(String oaURL, String modul, String action) {
+ public static String buildLoginForm(String modul, String action, String oaname) {
String value = getTemplate();
if(value != null) {
- value = value.replace(OA_URL, oaURL);
if(modul == null) {
modul = SAML1Protocol.PATH;
}
@@ -51,6 +51,7 @@ public class LoginFormBuilder {
}
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
+ value = value.replace(OANAME, oaname);
}
return value;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
new file mode 100644
index 000000000..8a9c2b4fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthenticationBuilder {
+
+ private static StartAuthenticationBuilder instance = null;
+
+ public static StartAuthenticationBuilder getInstance() {
+ if (instance == null) {
+ instance = new StartAuthenticationBuilder();
+ }
+ return instance;
+ }
+
+
+ public String build(AuthenticationSession moasession, HttpServletRequest req,
+ HttpServletResponse resp) throws WrongParametersException, MOAIDException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[] { });
+ }
+
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ return "";
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ return getIdentityLinkForm;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index e023acafa..22a3337e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -113,6 +113,12 @@ public class AuthenticationSession implements Serializable {
*/
private boolean useMandate;
+
+ /**
+ * STORK
+ */
+ private String ccc;
+
/**
* Reference value for mandate
*/
@@ -1025,6 +1031,16 @@ public class AuthenticationSession implements Serializable {
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
}
+
+ public String getCcc() {
+ return ccc;
+ }
+
+ public void setCcc(String ccc) {
+ this.ccc = ccc;
+ }
+
+
// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
// return XMLCreateSignatureResponse;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
new file mode 100644
index 000000000..1d3c82aaf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -0,0 +1,239 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
+
+ public static void parse(AuthenticationSession moasession,
+ String target,
+ String sourceID,
+ String oaURL,
+ String bkuURL,
+ String templateURL,
+ String useMandate,
+ String ccc,
+ String module,
+ String action,
+ HttpServletRequest req) throws WrongParametersException, MOAIDException {
+
+ String targetFriendlyName = null;
+
+ // escape parameter strings
+ //TODO: use URLEncoder.encode!!
+ target = StringEscapeUtils.escapeHtml(target);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+ oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+ templateURL = StringEscapeUtils.escapeHtml(templateURL);
+ useMandate = StringEscapeUtils.escapeHtml(useMandate);
+ ccc = StringEscapeUtils.escapeHtml(ccc);
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ //check UseMandate flag
+ String useMandateString = null;
+ boolean useMandateBoolean = false;
+ if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+ useMandateString = useMandate;
+ } else {
+ useMandateString = "false";
+ }
+
+ if (useMandateString.compareToIgnoreCase("true") == 0)
+ useMandateBoolean = true;
+ else
+ useMandateBoolean = false;
+
+ moasession.setUseMandate(useMandateString);
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam;
+ if (moasession.getPublicOAURLPrefix() != null) {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ moasession.getPublicOAURLPrefix());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { moasession.getPublicOAURLPrefix() });
+
+ } else {
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+
+
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+
+ if (StringUtils.isEmpty(targetConfig)) {
+ // no target attribut is given in OA config
+ // target is used from request
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ } else {
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
+ }
+
+
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
+
+ } else {
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for bussines application not supported.");
+ throw new AuthenticationException("auth.17", null);
+ }
+ target = null;
+ targetFriendlyName = null;
+ }
+
+ moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ moasession.setTarget(target);
+ moasession.setTargetFriendlyName(targetFriendlyName);
+ moasession.setBusinessService(oaParam.getBusinessService());
+ moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
+ }
+
+ //check OnlineApplicationURL
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_OA, "auth.05");
+ moasession.setOAURLRequested(oaURL);
+
+ //check AuthURL
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath() + "/");
+
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication",
+ "AuthURL", "auth.05");
+
+ // check if HTTP Connection may be allowed (through
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider
+ .getInstance()
+ .getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07",
+ new Object[] { authURL + "*" });
+
+ moasession.setAuthURL(authURL);
+
+ //check and set SourceID
+ if (sourceID != null)
+ moasession.setSourceID(sourceID);
+
+ // BKU URL has not been set yet, even if session already exists
+ if (bkuURL == null) {
+ if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) {
+ bkuURL = DEFAULT_BKU_HTTPS;
+ } else {
+ bkuURL = DEFAULT_BKU;
+ }
+ }
+ moasession.setBkuURL(bkuURL);
+
+ // override template url by url from configuration file
+ if (oaParam.getTemplateURL() != null) {
+ templateURL = oaParam.getTemplateURL();
+ }
+ moasession.setTemplateURL(templateURL);
+ moasession.setCcc(ccc);
+
+ }
+
+ public static void parse(HttpServletRequest req, HttpServletResponse resp,
+ AuthenticationSession moasession) throws WrongParametersException, MOAIDException {
+
+ //check Module and Action
+ HttpSession httpSession = req.getSession();
+ IRequest request = RequestStorage.getPendingRequest(httpSession);
+
+ String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
+ String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
+
+ modul = StringEscapeUtils.escapeHtml(modul);
+ action = StringEscapeUtils.escapeHtml(action);
+ if(modul == null) {
+ modul = SAML1Protocol.PATH;
+ }
+
+ if(action == null) {
+ action = SAML1Protocol.GETARTIFACT;
+ }
+ moasession.setModul(modul);
+ moasession.setAction(action);
+
+ //get Parameters from request
+ String target = req.getParameter(PARAM_TARGET);
+ String sourceID = req.getParameter(PARAM_SOURCEID);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ oaURL = request.getOAURL();
+ target = request.getTarget();
+
+ parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+
+ }
+
+ /**
+ * Checks a parameter.
+ *
+ * @param param
+ * parameter
+ * @return true if the parameter is null or empty
+ */
+ private static boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
new file mode 100644
index 000000000..29d407dc7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -0,0 +1,178 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.bouncycastle.asn1.x509.Target;
+
+import com.trilead.ssh2.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+public class GenerateIFrameTemplateServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+
+ try {
+ String bkuid = req.getParameter(PARAM_BKU);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+ String moasessionid = null;
+ AuthenticationSession moasession = null;
+
+ try {
+ moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+ moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moasessionid});
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ //load OA Config
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(moasession.getOAURLRequested());
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+
+ else {
+
+ //load Parameters from config
+ String target = oaParam.getTarget();
+ String sourceID = ""; //TODO: load from Config
+ String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam);
+ String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);;
+
+
+ //parse all OA parameters i
+ StartAuthentificationParameterParser.parse(moasession,
+ target,
+ sourceID,
+ moasession.getOAURLRequested(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ moasession.getModul(),
+ moasession.getAction(),
+ req);
+ }
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+ String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+
+
+ }
+
+ private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+ //TODO: CHANGE to real OA config
+
+ List<String> bkuURIs = Arrays.asList(
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html",
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html",
+ "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html");
+
+// List<String> bkuURIs = Arrays.asList(
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
+// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
+
+ if (bkuID < bkuURIs.size())
+ return bkuURIs.get(bkuID);
+ else
+ throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
+ "auth.12");
+ }
+
+ private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
+ //TODO: CHANGE to real OA config
+
+ List<String> bkuURIs = Arrays.asList(
+ "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
+ "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+ "https://127.0.0.1:3496/https-security-layer-request");
+
+// List<String> bkuURIs = Arrays.asList(
+// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
+// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
+// "https://127.0.0.1:3496/https-security-layer-request");
+
+ if (bkuID < bkuURIs.size())
+ return bkuURIs.get(bkuID);
+ else
+ throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
+ "auth.12");
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index e15d8f908..16ff65477 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET StartAuthentication");
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
+ Logger.debug("GET StartAuthentication");
+
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+
+
+
+ try {
+
+ if (StringUtils.isEmpty(sessionID))
+ throw new MOAIDException("auth.18", null);
+
+ sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+
+ setNoCachingHeadersInHttpRespone(req, resp);
- HttpSession httpSession = req.getSession();
-
- String target = req.getParameter(PARAM_TARGET);
- String sourceID = req.getParameter(PARAM_SOURCEID);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
-
- IRequest request = RequestStorage.getPendingRequest(httpSession);
-
- String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
- String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
- request.getOAURL();
-
- // escape parameter strings
- //TODO: use URLEncoder.encode!!
- target = StringEscapeUtils.escapeHtml(target);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
- oaURL = StringEscapeUtils.escapeHtml(oaURL);
- bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
- templateURL = StringEscapeUtils.escapeHtml(templateURL);
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- useMandate = StringEscapeUtils.escapeHtml(useMandate);
- ccc = StringEscapeUtils.escapeHtml(ccc);
- modul = StringEscapeUtils.escapeHtml(modul);
- action = StringEscapeUtils.escapeHtml(action);
-
- oaURL = request.getOAURL();
- target = request.getTarget();
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
- if (!ParamValidatorUtils.isValidCCC(ccc))
- throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-
- if(modul == null) {
- modul = SAML1Protocol.PATH;
- }
-
- if(action == null) {
- action = SAML1Protocol.GETARTIFACT;
- }
-
- Logger.info("Start Authentication Module: " + modul + " Action: " + action);
-
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { oaURL });
-
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
-
- String targetFriendlyName = null;
-
- if (StringUtils.isEmpty(targetConfig)) {
- // no target attribut is given in OA config
- // target is used from request
- // check parameter
- if (!ParamValidatorUtils.isValidTarget(target))
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
- }
-
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(ccc)) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
- Logger.debug("Starting STORK authentication");
-
- AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action);
+ //TODO: Load MOASession
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ // STORK or normal authentication
+ if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //STORK authentication
+ Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+ Logger.debug("Starting STORK authentication");
+
+ //TODO: insert sessionID to STORK!!
+ AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+ } else {
+ //normal MOA-ID authentication
+ Logger.debug("Starting normal MOA-ID authentication");
+
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ }
+ Logger.debug("Finished GET StartAuthentication");
- }
+ }
+
catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
}
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+
+ } catch (MOADatabaseException e) {
+ handleError(null, e, req, resp);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8d2f95cce..93bc0d214 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator {
} else {
throw new ValidateException("validator.35", null);
}
+
+ // check four attribute could be a special text
+ samlAttribute = samlAttributes[3 + offset];
+ if (!samlAttribute.getName().equals("SpecialText")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlSpecialText = (String)samlAttribute.getValue();
+
+ //TODO:load Text from OA config
+ String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#.";
+ //String text = "";
+ String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant);
+ if (!samlSpecialText.equals(specialText)) {
+ throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
if (extendedSAMLAttributes != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d1e3d809c..0771fb86c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -43,8 +43,10 @@ import test.tlenz.simpletest;
import eu.stork.vidp.messages.common.STORKBootstrap;
import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
-import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -305,6 +307,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Configuration hibernateConfig = new Configuration();
hibernateConfig.addAnnotatedClass(AssertionStore.class);
hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class);
+ hibernateConfig.addAnnotatedClass(OASessionStore.class);
+ hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class);
hibernateConfig.addProperties(props);
HibernateUtil.initHibernate(hibernateConfig, props);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index c993290e9..5342cd0d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -188,7 +188,8 @@ public class DispatcherServlet extends AuthServlet {
// check if pending request is same protocol and action
if (!protocolRequest.requestedModule().equals(module)
|| !protocolRequest.requestedAction()
- .equals(action)) {
+ .equals(action)
+ || !info.validate(req, resp, protocolRequest)) {
resp.sendError(HttpServletResponse.SC_CONFLICT);
Logger.error("Different Request is pending in this session!");
return;
@@ -210,7 +211,9 @@ public class DispatcherServlet extends AuthServlet {
}
RequestStorage.setPendingRequest(httpSession, protocolRequest);
-
+
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+
if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
@@ -219,30 +222,30 @@ public class DispatcherServlet extends AuthServlet {
}
if (protocolRequest.forceAuth()) {
- if (!AuthenticationManager.tryPerformAuthentication(
+ if (!authmanager.tryPerformAuthentication(
req, resp)) {
- AuthenticationManager.doAuthentication(req, resp,
+ authmanager.doAuthentication(req, resp,
protocolRequest);
return;
}
} else if (protocolRequest.isPassiv()) {
- if (AuthenticationManager.tryPerformAuthentication(req,
+ if (authmanager.tryPerformAuthentication(req,
resp)
- || AuthenticationManager.isAuthenticated(req,
+ || authmanager.isAuthenticated(req,
resp)) {
// Passive authentication ok!
} else {
throw new NoPassivAuthenticationException();
}
} else {
- if (AuthenticationManager.tryPerformAuthentication(req,
+ if (authmanager.tryPerformAuthentication(req,
resp)
- || AuthenticationManager.isAuthenticated(req,
+ || authmanager.isAuthenticated(req,
resp)) {
// Is authenticated .. proceed
} else {
// Start authentication!
- AuthenticationManager.doAuthentication(req, resp,
+ authmanager.doAuthentication(req, resp,
protocolRequest);
return;
}
@@ -253,7 +256,7 @@ public class DispatcherServlet extends AuthServlet {
RequestStorage.removePendingRequest(httpSession);
- AuthenticationManager.logout(req, resp);
+ authmanager.logout(req, resp);
} catch (Throwable e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 21e431bf8..5e792ab78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -1,28 +1,57 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
-public class AuthenticationManager implements MOAIDAuthConstants {
+public class AuthenticationManager extends AuthServlet {
+ private static AuthenticationManager instance = null;
+
+ private static final long serialVersionUID = 1L;
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
- public static AuthenticationSession getAuthenticationSession(
+
+ public static AuthenticationManager getInstance() {
+ if (instance == null) {
+ instance = new AuthenticationManager();
+ }
+
+ return instance;
+ }
+
+
+ public AuthenticationSession getAuthenticationSession(
HttpSession session) {
String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
MOA_SESSION, null);
@@ -44,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
* @param response
* @return
*/
- public static boolean isAuthenticated(HttpServletRequest request,
+ public boolean isAuthenticated(HttpServletRequest request,
HttpServletResponse response) {
Logger.info("Checking authentication");
@@ -84,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
* @param response
* @return
*/
- public static boolean tryPerformAuthentication(HttpServletRequest request,
+ public boolean tryPerformAuthentication(HttpServletRequest request,
HttpServletResponse response) {
HttpSession session = request.getSession();
@@ -116,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
return false;
}
- public static void logout(HttpServletRequest request,
+ public void logout(HttpServletRequest request,
HttpServletResponse response) {
Logger.info("Logout");
@@ -146,8 +175,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticated(false);
HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
- //TODO: delete session from Database!!!
- //AuthenticationSessionStoreage.destroySession(moaSessionID);
+ AuthenticationSessionStoreage.destroySession(moaSessionID);
session.invalidate();
@@ -158,10 +186,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {
}
- public static void doAuthentication(HttpServletRequest request,
+ public void doAuthentication(HttpServletRequest request,
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
- HttpSession session = request.getSession();
Logger.info("Starting authentication ...");
if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
@@ -173,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants {
"auth.12");
}
- // TODO: Build authentication form
+ setNoCachingHeadersInHttpRespone(request, response);
+
+ //TODO:move this to config!!!
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
+
+ //is legacy allowed
+ boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule());
- /*
- * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
- * modul, protocol);
- *
- * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
- * new PrintWriter(response.getOutputStream()); out.print(loginForm);
- * out.flush(); return;
- */
+ //check legacy request parameter
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+
+ AuthenticationSession moasession;
+
+ if (legacyallowed && legacyparamavail) {
+
+ //check if an MOASession exists and if not create an new MOASession
+ moasession = getORCreateMOASession(request);
+
+ //parse request parameter into MOASession
+ try{
+ StartAuthentificationParameterParser.parse(request, response, moasession);
+
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, request, response);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, request, response);
+ }
+
+ Logger.info("Start Authentication Module: " + moasession.getModul()
+ + " Action: " + moasession.getAction());
+
+ //start authentication process
+// session.getServletContext().getNamedDispatcher("StartAuthentication")
+// .forward(request, response);
+
+ StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+
+ String getIdentityLinkForm = startauth.build(moasession, request, response);
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+
+ } else {
+ //load Parameters from OnlineApplicationConfiguration
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(target.getOAURL());
+
+ if (oaParam == null) {
+ //TODO: Find a better place for this!!
+ request.getSession().invalidate();
+ throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+ }
+
+
+ else {
+
+ //check if an MOASession exists and if not create an new MOASession
+ moasession = getORCreateMOASession(request);
- session.getServletContext().getNamedDispatcher("StartAuthentication")
- .forward(request, response);
+ //set OnlineApplication configuration in Session
+ moasession.setOAURLRequested(target.getOAURL());
+ moasession.setAction(target.requestedAction());
+ moasession.setModul(target.requestedModule());
+ }
+
+ //Build authentication form
+ String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
+ target.requestedAction(), oaParam.getFriendlyName());
+
+ //store MOASession
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+ //set MOAIDSession
+ request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+ }
}
+
+ private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+
+ //String sessionID = request.getParameter(PARAM_SESSIONID);
+ String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+ AuthenticationSession moasession;
+
+ try {
+ moasession = AuthenticationSessionStoreage.getSession(sessionID);
+ Logger.info("Found existing MOASession with sessionID=" + sessionID
+ + ". This session is used for reauthentification.");
+
+ } catch (MOADatabaseException e) {
+ try {
+ moasession = AuthenticationSessionStoreage.createSession();
+ Logger.info("Create a new MOASession with sessionID=" + sessionID + ".");
+
+ } catch (MOADatabaseException e1) {
+ Logger.error("Database Error! MOASession are not created.");
+ throw new MOAIDException("init.04", new Object[] {
+ "0"});
+ }
+ }
+
+ return moasession;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index 5a2bb1efc..679ccb000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -22,4 +22,7 @@ public interface IModulInfo {
public boolean generateErrorMessage(Throwable e,
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest) throws Throwable;
+
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 5ea596eeb..11710904b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -231,4 +231,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+ // TODO implement validation!
+ return true;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 964c19208..f05866f70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -70,8 +70,8 @@ public class AuthnRequestHandler implements IRequestHandler {
spSSODescriptor.getAttributeConsumingServices().iterator().next();
- AuthenticationSession authSession =
- AuthenticationManager.getAuthenticationSession(req.getSession());
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 5649e5260..de87ebc50 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -26,8 +26,8 @@ public class GetArtifactAction implements IAction {
HttpServletResponse httpResp) {
HttpSession httpSession = httpReq.getSession();
- AuthenticationSession session = AuthenticationManager
- .getAuthenticationSession(httpSession);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
String oaURL = (String) httpReq.getAttribute(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
index 47050bf28..7f7d82a20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
@@ -39,8 +39,8 @@ public class GetArtifactServlet extends AuthServlet {
throws ServletException, IOException {
HttpSession httpSession = req.getSession();
- AuthenticationSession session = AuthenticationManager
- .getAuthenticationSession(httpSession);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
String oaURL = (String) req.getAttribute(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 678d5f961..610c61343 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -69,6 +69,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
oaURL = StringEscapeUtils.escapeHtml(oaURL);
String target = (String) request.getParameter(PARAM_TARGET);
target = StringEscapeUtils.escapeHtml(target);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA,
"auth.12");
@@ -95,4 +103,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
return null;
}
+ public boolean validate(HttpServletRequest request,
+ HttpServletResponse response, IRequest pending) {
+
+ //TODO: funktioniert so nicht!!!
+
+// String oaURL = (String) request.getParameter(PARAM_OA);
+// oaURL = StringEscapeUtils.escapeHtml(oaURL);
+// String target = (String) request.getParameter(PARAM_TARGET);
+// target = StringEscapeUtils.escapeHtml(target);
+//
+// //the target parameter is used to define the OA in SAML1 standard
+// if (target.startsWith("http")) {
+// oaURL = target;
+// target = null;
+// }
+//
+// if (oaURL != null) {
+// if (oaURL.equals(pending.getOAURL()))
+// return true;
+// else
+// return false;
+// }
+
+ return true;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index bd79f88b7..6c8365e67 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
-public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -212,10 +214,12 @@ public class ParamValidatorUtils {
return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
+
+ } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -467,7 +471,39 @@ public class ParamValidatorUtils {
return false;
}
- }
+ }
+
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+
+
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+
+ } catch (WrongParametersException e) {
+ return false;
+ }
+
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
+ }
}