aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java353
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java492
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java220
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java217
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java121
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java80
36 files changed, 1342 insertions, 799 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 4a5cbd55f..b26c9c1a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -31,11 +31,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -177,7 +177,7 @@ public class MOAReversionLogger {
}
- public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) {
+ public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) {
if (MiscUtil.isNotEmpty(mandate.getOWbPK()))
logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK,
mandate.getOWbPK());
@@ -222,7 +222,7 @@ public class MOAReversionLogger {
* @param identityLink
*/
public void logPersonalInformationEvent(IRequest pendingReq,
- IdentityLink identityLink) {
+ IIdentityLink identityLink) {
logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH,
buildPersonInformationHash(
identityLink.getGivenName(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 14c0800b1..5b0f5115d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -43,7 +43,6 @@ import org.springframework.transaction.annotation.Transactional;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
@@ -51,13 +50,14 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -149,7 +149,7 @@ public class StatisticLogger implements IStatisticLogger{
if (authData.isUseMandate()) {
dblog.setMandatelogin(authData.isUseMandate());
- MISMandate mandate = authData.getMISMandate();
+ IMISMandate mandate = authData.getMISMandate();
if (mandate != null) {
if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
@@ -254,23 +254,32 @@ public class StatisticLogger implements IStatisticLogger{
//dblog.setOaID(dbOA.getHjid());
dblog.setBusinessservice(isBusinessService(dbOA));
- try {
- AuthenticationSession moasession = authenticatedSessionStorage.
- getSession(errorRequest.getMOASessionIdentifier());
- if (moasession != null) {
- if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
- dblog.setBkuurl(moasession.getBkuURL());
- dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
- }
-
- dblog.setMandatelogin(moasession.isMandateUsed());
+ IAuthenticationSession moasession = null;
+ if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+ Logger.debug("Use MOA session information from SSO session for ErrorLogging");
+ try {
+ moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Error during database communication", e);
+
}
-
- } catch (MOADatabaseException e) {
- Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information.");
+
+ } else {
+ Logger.debug("Use MOA session information from pending-req for ErrorLogging");
+ moasession = errorRequest.getMOASession();
}
-
+
+ if (moasession != null) {
+ if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
+ dblog.setBkuurl(moasession.getBkuURL());
+ dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ }
+
+ dblog.setMandatelogin(moasession.isMandateUsed());
+ }
+
generateErrorLogFormThrowable(throwable, dblog);
entityManager.persist(dblog);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 20f2029cb..f0d9741d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -4,11 +4,8 @@ package at.gv.egovernment.moa.id.auth;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -20,32 +17,7 @@ import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
*/
public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
- @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
@Autowired protected AuthConfiguration authConfig;
- /**
- * Retrieves a session from the session store.
- *
- * @param id session ID
- * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
- * @throws AuthenticationException in case the session id does not reflect a valic, active session.
- */
- public AuthenticationSession getSession(String id)
- throws AuthenticationException {
- AuthenticationSession session;
- try {
- session = authenticationSessionStorage.getSession(id);
-
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[]{id});
- return session;
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("auth.02", new Object[]{id});
-
- } catch (Exception e) {
- throw new AuthenticationException("parser.04", new Object[]{id});
- }
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 16d320ea5..3264fc3bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,11 +47,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -61,6 +57,11 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -110,13 +111,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
public IAuthData buildAuthenticationData(IRequest pendingReq,
- AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+ IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration());
}
public IAuthData buildAuthenticationData(IRequest pendingReq,
- AuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
+ IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
AuthenticationData authdata = null;
//only needed for SAML1 legacy support
@@ -253,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
Collection<String> includedToGenericAuthData = null;
@@ -273,8 +274,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//####################################################
//parse user info's from identityLink
- IdentityLink idlFromPVPAttr = null;
- IdentityLink identityLink = session.getIdentityLink();
+ IIdentityLink idlFromPVPAttr = null;
+ IIdentityLink identityLink = session.getIdentityLink();
if (identityLink != null) {
parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
@@ -515,7 +516,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
//mandate functionality
- MISMandate misMandate = null;
+ IMISMandate misMandate = null;
if (session.isMandateUsed()) {
//####################################################
//set Mandate reference value
@@ -766,7 +767,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//####################################################################
//parse AuthBlock signature-verification response
//INFO: this parameters are only required for SAML1 auth. protocol
- VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
+ IVerifiyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
if (verifyXMLSigResp != null) {
authData.setQualifiedCertificate(verifyXMLSigResp
.isQualifiedCertificate());
@@ -833,7 +834,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
return false;
}
- private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection<String> includedGenericSessionData) {
+ private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
authData.setIdentificationType(identityLink.getIdentificationType());
@@ -919,7 +920,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @return Pair<bPK, bPKType> which was received by PVP-Attribute and could be decrypted for this Service Provider,
* or <code>null</code> if no attribute exists or can not decrypted
*/
- private Pair<String, String> getEncryptedbPKFromPVPAttribute(AuthenticationSession session,
+ private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
AuthenticationData authData, IOAAuthParameters spConfig) {
//set List of encrypted bPKs to authData DAO
String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
@@ -981,7 +982,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param session MOASession, but never null
* @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
- private String getbPKValueFromPVPAttribute(AuthenticationSession session) {
+ private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
@@ -1015,7 +1016,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param session MOASession, but never null
* @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
*/
- private String getbPKTypeFromPVPAttribute(AuthenticationSession session) {
+ private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
@@ -1065,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException {
+ private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException {
if (oaParam.getBusinessService()) {
Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
@@ -1076,7 +1077,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
prIdentificationType.getFirstChild().setNodeValue(bPKType);
IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
- IdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+ IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
//resign IDL
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index ac93d7af9..9ca15c76f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -29,12 +29,12 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -74,7 +74,7 @@ public class SignatureVerificationUtils {
}
}
- public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {
+ public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {
try {
//build signature-verification request
Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
@@ -84,7 +84,7 @@ public class SignatureVerificationUtils {
.verifyXMLSignature(domVerifyXMLSignatureRequest);
// parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
return verifyXMLSignatureResponse;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index a72f6c2ea..94651915e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -46,20 +46,26 @@ import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
/**
- * Session data to be stored between <code>AuthenticationServer</code> API calls.
*
- * @author Paul Ivancsics
- * @version $Id$
+ * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a
+ * AuthenticationSession database
+ *
+ * @author Thomas Lenz
+ *
*/
-public class AuthenticationSession implements Serializable {
+public class AuthenticationSession implements Serializable, IAuthenticationSession {
/**
*
@@ -94,7 +100,7 @@ public class AuthenticationSession implements Serializable {
*
* Mandate element
*/
- private MISMandate mandate;
+ private IMISMandate mandate;
/**
* Reference value for mandate bussiness service for the assertion
@@ -110,7 +116,7 @@ public class AuthenticationSession implements Serializable {
/**
* identity link read from smartcard
*/
- private IdentityLink identityLink;
+ private IIdentityLink identityLink;
/**
* authentication block to be signed by the user
@@ -151,7 +157,7 @@ public class AuthenticationSession implements Serializable {
private String QAALevel = null;
- private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
+ private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
@@ -170,14 +176,61 @@ public class AuthenticationSession implements Serializable {
}
+ /**
+ * @param id
+ * @param now
+ * @param moaSession
+ */
+ public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) {
+ sessionID = id;
+ sessionCreated = now;
+
+ authBlock = moaSession.getAuthBlock();
+ authBlockTokken = moaSession.getAuthBlockTokken();
+ authenticated = moaSession.isAuthenticated();
+ bkuURL = moaSession.getBkuURL();
+ extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH();
+ extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA();
+
+ genericSessionDataStorate = moaSession.getGenericSessionDataStorage();
+
+ identityLink = moaSession.getIdentityLink();
+ isForeigner = moaSession.isForeigner();
+ isOW = moaSession.isOW();
+ issueInstant = moaSession.getIssueInstant();
+ mandate = moaSession.getMISMandate();
+ mandateReferenceValue = moaSession.getMandateReferenceValue();
+ misSessionID = moaSession.getMISSessionID();
+ QAALevel = moaSession.getQAALevel();
+ samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk();
+ sessionCreated = moaSession.getSessionCreated();
+ signerCertificate = moaSession.getEncodedSignerCertificate();
+ useMandates = moaSession.isMandateUsed();
+ XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse();
+
+ //TODO: implement session construction from existing eID information
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+ */
+ @Override
public boolean isAuthenticated() {
return authenticated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+ */
+ @Override
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+ */
+ @Override
public X509Certificate getSignerCertificate() {
try {
return new X509Certificate(signerCertificate);
@@ -188,10 +241,18 @@ public class AuthenticationSession implements Serializable {
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+ */
+ @Override
public byte[] getEncodedSignerCertificate() {
return this.signerCertificate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+ */
+ @Override
public void setSignerCertificate(X509Certificate signerCertificate) {
try {
this.signerCertificate = signerCertificate.getEncoded();
@@ -201,174 +262,141 @@ public class AuthenticationSession implements Serializable {
}
}
- /**
- * Returns the identityLink.
- *
- * @return IdentityLink
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
*/
- public IdentityLink getIdentityLink() {
+ @Override
+ public IIdentityLink getIdentityLink() {
return identityLink;
}
- /**
- * Returns the sessionID.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
*/
+ @Override
public String getSessionID() {
return sessionID;
}
- /**
- * Sets the identityLink.
- *
- * @param identityLink
- * The identityLink to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
*/
- public void setIdentityLink(IdentityLink identityLink) {
+ @Override
+ public void setIdentityLink(IIdentityLink identityLink) {
this.identityLink = identityLink;
}
- /**
- * Sets the sessionID.
- *
- * @param sessionId
- * The sessionID to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
*/
+ @Override
public void setSessionID(String sessionId) {
this.sessionID = sessionId;
}
- /**
- * Returns the BKU URL.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
*/
+ @Override
public String getBkuURL() {
return bkuURL;
}
- /**
- * Sets the bkuURL
- *
- * @param bkuURL
- * The BKU URL to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
*/
+ @Override
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
- /**
- * Returns the authBlock.
- *
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
*/
+ @Override
public String getAuthBlock() {
return authBlock;
}
- /**
- * Sets the authBlock.
- *
- * @param authBlock
- * The authBlock to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
*/
+ @Override
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
}
- /**
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
*/
+ @Override
public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList<ExtendedSAMLAttribute>();
return extendedSAMLAttributesAUTH;
}
- /**
- * Sets the SAML Attributes to be appended to the AUTHBlock.
- *
- * @param extendedSAMLAttributesAUTH
- * The SAML Attributes to be appended to the AUTHBlock.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
*/
+ @Override
public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
}
- /**
- * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
- * application. Maybe <code>null</code>.
- *
- * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
- * application
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
*/
+ @Override
public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
return extendedSAMLAttributesOA;
}
- /**
- * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
- * application.
- *
- * @param extendedSAMLAttributesOA
- * The SAML Attributes to be appended to the SAML assertion delivered to the online
- * application.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
*/
+ @Override
public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
}
- /**
- * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
- *
- * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
- * false if not.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
*/
+ @Override
public boolean getSAMLAttributeGebeORwbpk() {
return this.samlAttributeGebeORwbpk;
}
- /**
- * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
- *
- * @param samlAttributeGebeORwbpk
- * The boolean for value either a target or wbPK is provided as SAML Attribute in the
- * SAML Assertion or not.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
*/
+ @Override
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
}
- /**
- * Returns the issuing time of the AUTH-Block SAML assertion.
- *
- * @return The issuing time of the AUTH-Block SAML assertion.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
*/
+ @Override
public String getIssueInstant() {
return issueInstant;
}
- /**
- * Sets the issuing time of the AUTH-Block SAML assertion.
- *
- * @param issueInstant
- * The issueInstant to set.
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
*/
+ @Override
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
- /**
- *
- * @param useMandate
- * indicates if mandate is used or not
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
*/
+ @Override
public void setUseMandate(String useMandate) {
if (useMandate.compareToIgnoreCase("true") == 0)
this.useMandates = true;
@@ -377,141 +405,172 @@ public class AuthenticationSession implements Serializable {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+ */
+ @Override
public void setUseMandates(boolean useMandates) {
this.useMandates = useMandates;
}
- /**
- * @return
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
*/
+ @Override
public boolean isMandateUsed() {
return this.useMandates;
}
- /**
- *
- * @param misSessionID
- * indicates the MIS session ID
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
*/
+ @Override
public void setMISSessionID(String misSessionID) {
this.misSessionID = misSessionID;
}
- /**
- * Returns the MIS session ID
- *
- * @return
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
*/
+ @Override
public String getMISSessionID() {
return this.misSessionID;
}
- /**
- * @return the mandateReferenceValue
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
*/
+ @Override
public String getMandateReferenceValue() {
return mandateReferenceValue;
}
- /**
- * @param mandateReferenceValue
- * the mandateReferenceValue to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
*/
+ @Override
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+ */
+ @Override
public boolean isForeigner() {
return isForeigner;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+ */
+ @Override
public void setForeigner(boolean isForeigner) {
this.isForeigner = isForeigner;
}
- public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+ */
+ @Override
+ public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
return XMLVerifySignatureResponse;
}
- public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+ */
+ @Override
+ public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
}
- public MISMandate getMISMandate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+ */
+ @Override
+ public IMISMandate getMISMandate() {
return mandate;
}
- public void setMISMandate(MISMandate mandate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+ */
+ @Override
+ public void setMISMandate(IMISMandate mandate) {
this.mandate = mandate;
}
- /**
- * @return the isOW
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
*/
+ @Override
public boolean isOW() {
return isOW;
}
- /**
- * @param isOW
- * the isOW to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
*/
+ @Override
public void setOW(boolean isOW) {
this.isOW = isOW;
}
- /**
- * @return the authBlockTokken
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
*/
+ @Override
public String getAuthBlockTokken() {
return authBlockTokken;
}
- /**
- * @param authBlockTokken
- * the authBlockTokken to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
*/
+ @Override
public void setAuthBlockTokken(String authBlockTokken) {
this.authBlockTokken = authBlockTokken;
}
- /**
- * eIDAS QAA level
- *
- * @return the qAALevel
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
*/
+ @Override
public String getQAALevel() {
return QAALevel;
}
- /**
- * set QAA level in eIDAS form
- *
- * @param qAALevel the qAALevel to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
*/
+ @Override
public void setQAALevel(String qAALevel) {
QAALevel = qAALevel;
}
- /**
- * @return the sessionCreated
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
*/
+ @Override
public Date getSessionCreated() {
return sessionCreated;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+ */
+ @Override
public Map<String, Object> getGenericSessionDataStorage() {
return genericSessionDataStorate;
}
- /**
- * Returns a generic session-data object with is stored with a specific identifier
- *
- * @param key The specific identifier of the session-data object
- * @return The session-data object or null if no data is found with this key
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
*/
+ @Override
public Object getGenericDataFromSession(String key) {
if (MiscUtil.isNotEmpty(key)) {
return genericSessionDataStorate.get(key);
@@ -523,13 +582,10 @@ public class AuthenticationSession implements Serializable {
}
- /**
- * Returns a generic session-data object with is stored with a specific identifier
- *
- * @param key The specific identifier of the session-data object
- * @param clazz The class type which is stored with this key
- * @return The session-data object or null if no data is found with this key
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
*/
+ @Override
public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
if (MiscUtil.isNotEmpty(key)) {
Object data = genericSessionDataStorate.get(key);
@@ -555,13 +611,10 @@ public class AuthenticationSession implements Serializable {
}
- /**
- * Store a generic data-object to session with a specific identifier
- *
- * @param key Identifier for this data-object
- * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
- * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
*/
+ @Override
public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
if (MiscUtil.isEmpty(key)) {
Logger.warn("Generic session-data can not be stored with a 'null' key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
new file mode 100644
index 000000000..5419e8ae0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -0,0 +1,492 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+
+
+ private Map<String, Object> sessionData;
+
+ /**
+ * @param genericDataStorage
+ */
+ public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
+ this.sessionData = genericDataStorage;
+ }
+
+ private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object obj = sessionData.get(key);
+ if (obj != null && clazz.isInstance(obj))
+ return (T) obj;
+ }
+
+ if (defaultValue == null)
+ return null;
+
+ else if (clazz.isInstance(defaultValue))
+ return (T)defaultValue;
+
+ else {
+ Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+ throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
+
+ }
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
+ */
+ @Override
+ public boolean isAuthenticated() {
+ return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
+ */
+ @Override
+ public void setAuthenticated(boolean authenticated) {
+ sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
+ */
+ @Override
+ public X509Certificate getSignerCertificate() {
+ byte[] encCert = getEncodedSignerCertificate();
+
+ if (encCert != null) {
+ try {
+ return new X509Certificate(encCert);
+ }
+ catch (CertificateException e) {
+ Logger.warn("Signer certificate can not be loaded from session database!", e);
+
+ }
+ }
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate()
+ */
+ @Override
+ public byte[] getEncodedSignerCertificate() {
+ return wrapStringObject(VALUE_SIGNER_CERT, null, byte[].class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate)
+ */
+ @Override
+ public void setSignerCertificate(X509Certificate signerCertificate) {
+ try {
+ sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+
+ }catch (CertificateEncodingException e) {
+ Logger.warn("Signer certificate can not be stored to session database!", e);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
+ */
+ @Override
+ public IIdentityLink getIdentityLink() {
+ return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
+ */
+ @Override
+ public String getSessionID() {
+ return wrapStringObject(VALUE_SESSIONID, null, String.class);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
+ */
+ @Override
+ public void setIdentityLink(IIdentityLink identityLink) {
+ sessionData.put(VALUE_IDENTITYLINK, identityLink);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
+ */
+ @Override
+ public void setSessionID(String sessionId) {
+ sessionData.put(VALUE_SESSIONID, sessionId);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL()
+ */
+ @Override
+ public String getBkuURL() {
+ return wrapStringObject(VALUE_BKUURL, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String)
+ */
+ @Override
+ public void setBkuURL(String bkuURL) {
+ sessionData.put(VALUE_BKUURL, bkuURL);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock()
+ */
+ @Override
+ public String getAuthBlock() {
+ return wrapStringObject(VALUE_AUTHBLOCK, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String)
+ */
+ @Override
+ public void setAuthBlock(String authBlock) {
+ sessionData.put(VALUE_AUTHBLOCK, authBlock);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH()
+ */
+ @Override
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
+ return wrapStringObject(VALUE_EXTENTEDSAMLATTRAUTH, new ArrayList<ExtendedSAMLAttribute>(), List.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List)
+ */
+ @Override
+ public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
+ sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA()
+ */
+ @Override
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+ return wrapStringObject(VALUE_EXTENTEDSAMLATTROA, null, List.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List)
+ */
+ @Override
+ public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+ sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk()
+ */
+ @Override
+ public boolean getSAMLAttributeGebeORwbpk() {
+ return wrapStringObject(FLAG_SAMLATTRIBUTEGEBEORWBPK, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean)
+ */
+ @Override
+ public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+ sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
+ */
+ @Override
+ public String getIssueInstant() {
+ return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
+ */
+ @Override
+ public void setIssueInstant(String issueInstant) {
+ sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String)
+ */
+ @Override
+ public void setUseMandate(String useMandate) {
+ if (useMandate.compareToIgnoreCase("true") == 0)
+ setUseMandates(true);
+ else
+ setUseMandates(false);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
+ */
+ @Override
+ public void setUseMandates(boolean useMandates) {
+ sessionData.put(FLAG_USE_MANDATE, useMandates);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
+ */
+ @Override
+ public boolean isMandateUsed() {
+ return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
+ */
+ @Override
+ public void setMISSessionID(String misSessionID) {
+ sessionData.put(VALUE_MISSESSIONID, misSessionID);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID()
+ */
+ @Override
+ public String getMISSessionID() {
+ return wrapStringObject(VALUE_MISSESSIONID, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue()
+ */
+ @Override
+ public String getMandateReferenceValue() {
+ return wrapStringObject(VALUE_MISREFVALUE, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String)
+ */
+ @Override
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
+ */
+ @Override
+ public boolean isForeigner() {
+ return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
+ */
+ @Override
+ public void setForeigner(boolean isForeigner) {
+ sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse()
+ */
+ @Override
+ public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
+ return wrapStringObject(VALUE_VERIFYSIGRESP, null, IVerifiyXMLSignatureResponse.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse)
+ */
+ @Override
+ public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
+ sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate()
+ */
+ @Override
+ public IMISMandate getMISMandate() {
+ return wrapStringObject(VALUE_MISMANDATE, null, IMISMandate.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate)
+ */
+ @Override
+ public void setMISMandate(IMISMandate mandate) {
+ sessionData.put(VALUE_MISMANDATE, mandate);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
+ */
+ @Override
+ public boolean isOW() {
+ return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
+ */
+ @Override
+ public void setOW(boolean isOW) {
+ sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
+ */
+ @Override
+ public String getAuthBlockTokken() {
+ return wrapStringObject(VALUE_AUTNBLOCKTOKKEN, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String)
+ */
+ @Override
+ public void setAuthBlockTokken(String authBlockTokken) {
+ sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
+ */
+ @Override
+ public String getQAALevel() {
+ return wrapStringObject(VALUE_QAALEVEL, null, String.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
+ */
+ @Override
+ public void setQAALevel(String qAALevel) {
+ sessionData.put(VALUE_QAALEVEL, qAALevel);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
+ */
+ @Override
+ public Date getSessionCreated() {
+ return wrapStringObject(VALUE_CREATED, null, Date.class);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
+ */
+ @Override
+ public Map<String, Object> getGenericSessionDataStorage() {
+ Map<String, Object> result = new HashMap<String, Object>();
+ for (String el : sessionData.keySet()) {
+ if (el.startsWith(GENERIC_PREFIX))
+ result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
+
+ }
+
+ return result;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
+ */
+ @Override
+ public Object getGenericDataFromSession(String key) {
+ return sessionData.get(GENERIC_PREFIX + key);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
+ */
+ @Override
+ public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
+ return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+ sessionData.put(GENERIC_PREFIX + key, object);
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index c7fa58eaf..f1d48935f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+
/**
* This class contains SAML attributes to be appended to the SAML assertion delivered to
* the Online application.
@@ -92,13 +94,13 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
* The following values are allowed:
* <ul>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
* </li>
* </ul>
*
@@ -111,28 +113,28 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getValue()
*/
public Object getValue() {
return value_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getName()
*/
public String getName() {
return name_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getNameSpace()
*/
public String getNameSpace() {
return namespace_;
}
/**
- * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
+ * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
*/
public int getAddToAUTHBlock() {
return addToAUTHBlock_;
@@ -144,16 +146,16 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali
* @param addToAUTHBlock One of the following values:
* <ul>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
* </li>
* <li>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
* </li>
* </ul>
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
*/
public void setAddToAUTHBlock(int addToAUTHBlock) {
addToAUTHBlock_ = addToAUTHBlock;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index 78f1e14f0..2690bc2cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -54,6 +54,7 @@ import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -64,7 +65,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
* @author Paul Ivancsics
* @version $Id$
*/
-public class IdentityLink implements Serializable{
+public class IdentityLink implements Serializable, IIdentityLink{
private static final long serialVersionUID = 1L;
@@ -128,188 +129,183 @@ public class IdentityLink implements Serializable{
public IdentityLink() {
}
- /**
- * Returns the dateOfBirth.
- * @return Calendar
- */
- public String getDateOfBirth() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
+ */
+ @Override
+public String getDateOfBirth() {
return dateOfBirth;
}
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
+ */
+ @Override
+public String getFamilyName() {
return familyName;
}
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
+ */
+ @Override
+public String getGivenName() {
return givenName;
}
- /**
- * Returns the name.
- * @return The name.
- */
- public String getName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
+ */
+ @Override
+public String getName() {
if (name == null) {
name = givenName + " " + familyName;
}
return name;
}
- /**
- * Returns the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @return String
- */
- public String getIdentificationValue() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
+ */
+ @Override
+public String getIdentificationValue() {
return identificationValue;
}
- /**
- * Returns the identificationType.
- * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
- * @return String
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
*/
+ @Override
public String getIdentificationType() {
return identificationType;
}
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(String dateOfBirth) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
+ */
+ @Override
+public void setDateOfBirth(String dateOfBirth) {
this.dateOfBirth = dateOfBirth;
}
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
+ */
+ @Override
+public void setFamilyName(String familyName) {
this.familyName = familyName;
}
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
+ */
+ @Override
+public void setGivenName(String givenName) {
this.givenName = givenName;
}
- /**
- * Sets the identificationValue.
- * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
+ */
+ @Override
+public void setIdentificationValue(String identificationValue) {
this.identificationValue = identificationValue;
}
- /**
- * Sets the Type of the identificationValue.
- * @param identificationType The type of identificationValue to set
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
*/
+ @Override
public void setIdentificationType(String identificationType) {
this.identificationType = identificationType;
}
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public Element getSamlAssertion() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
+ */
+ @Override
+public Element getSamlAssertion() {
return samlAssertion;
}
- /**
- * Returns the samlAssertion.
- * @return Element
- */
- public String getSerializedSamlAssertion() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
+ */
+ @Override
+public String getSerializedSamlAssertion() {
return serializedSamlAssertion;
}
- /**
- * Sets the samlAssertion and the serializedSamlAssertion.
- * @param samlAssertion The samlAssertion to set
- */
- public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
+ */
+ @Override
+public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
this.samlAssertion = samlAssertion;
this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);
}
- /**
- * Returns the dsigReferenceTransforms.
- * @return Element[]
- */
- public Element[] getDsigReferenceTransforms() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
+ */
+ @Override
+public Element[] getDsigReferenceTransforms() {
return dsigReferenceTransforms;
}
- /**
- * Sets the dsigReferenceTransforms.
- * @param dsigReferenceTransforms The dsigReferenceTransforms to set
- */
- public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
+ */
+ @Override
+public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
this.dsigReferenceTransforms = dsigReferenceTransforms;
}
- /**
- * Returns the publicKey.
- * @return PublicKey[]
- */
- public PublicKey[] getPublicKey() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
+ */
+ @Override
+public PublicKey[] getPublicKey() {
return publicKey;
}
- /**
- * Sets the publicKey.
- * @param publicKey The publicKey to set
- */
- public void setPublicKey(PublicKey[] publicKey) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
+ */
+ @Override
+public void setPublicKey(PublicKey[] publicKey) {
this.publicKey = publicKey;
}
- /**
- * Returns the prPerson.
- * @return Element
- */
- public Element getPrPerson() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
+ */
+ @Override
+public Element getPrPerson() {
return prPerson;
}
- /**
- * Sets the prPerson.
- * @param prPerson The prPerson to set
- */
- public void setPrPerson(Element prPerson) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
+ */
+ @Override
+public void setPrPerson(Element prPerson) {
this.prPerson = prPerson;
}
- /**
- * Returns the issuing time of the identity link SAML assertion.
- *
- * @return The issuing time of the identity link SAML assertion.
- */
- public String getIssueInstant() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
+ */
+ @Override
+public String getIssueInstant() {
return issueInstant;
}
- /**
- * Sets the issuing time of the identity link SAML assertion.
- *
- * @param issueInstant The issueInstant to set.
- */
- public void setIssueInstant(String issueInstant) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
+ */
+ @Override
+public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
index e9a278d0f..82263f7a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -46,12 +46,13 @@
package at.gv.egovernment.moa.id.auth.data;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
/**
* Includes the result of an extended infobox validation.
*
* If validation succeeds, an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
* maybe provided. Each of these SAML-Attributes will be either appended to the
* final SAML-Assertion passed to the online application or to the AUTH-Block,
* or to both.
@@ -65,7 +66,7 @@ public interface InfoboxValidationResult {
/**
* The method returns <code>true</code> if validation succeeds. In that case
* method {@link #getExtendedSamlAttributes()} may provide an array of
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
* AUTH-Block or to both.
* <br>
@@ -78,14 +79,14 @@ public interface InfoboxValidationResult {
public boolean isValid();
/**
- * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * Returns an array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be added to the SAML-Assertion
* provided to the online application.
* The SAML-Attributes in that array will be added to the final
* SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
* in the array this method returns.
*
- * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * @return An array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute
* ExtendedSAMLAttributes} that should be added to the SAML-Assertion
* provided to the online application, the AUTH-Block, or both. If no attributes should
* be added this array maybe <code>null</code> or empty.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
index 0ba17eb2f..c5183d29c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
@@ -46,6 +46,7 @@
package at.gv.egovernment.moa.id.auth.data;
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
/**
* Default implementation of the {@link InfoboxValidationResult} interface.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index 6cf1de319..c054976ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
import java.util.Date;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import iaik.x509.X509Certificate;
/**
@@ -59,7 +60,7 @@ import iaik.x509.X509Certificate;
* @version $Id$
*
*/
-public class VerifyXMLSignatureResponse implements Serializable{
+public class VerifyXMLSignatureResponse implements Serializable, IVerifiyXMLSignatureResponse{
private static final long serialVersionUID = 1L;
@@ -89,173 +90,179 @@ public class VerifyXMLSignatureResponse implements Serializable{
private Date signingDateTime;
- /**
- * Returns the certificateCheckCode.
- * @return int
- */
- public int getCertificateCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getCertificateCheckCode()
+ */
+ @Override
+public int getCertificateCheckCode() {
return certificateCheckCode;
}
- /**
- * Returns the signatureCheckCode.
- * @return int
- */
- public int getSignatureCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureCheckCode()
+ */
+ @Override
+public int getSignatureCheckCode() {
return signatureCheckCode;
}
- /**
- * Returns the xmlDSIGManifestCheckCode.
- * @return int
- */
- public int getXmlDSIGManifestCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode()
+ */
+ @Override
+public int getXmlDSIGManifestCheckCode() {
return xmlDSIGManifestCheckCode;
}
- /**
- * Returns the xmlDsigSubjectName.
- * @return String
- */
- public String getXmlDsigSubjectName() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName()
+ */
+ @Override
+public String getXmlDsigSubjectName() {
return xmlDsigSubjectName;
}
- /**
- * Sets the certificateCheckCode.
- * @param certificateCheckCode The certificateCheckCode to set
- */
- public void setCertificateCheckCode(int certificateCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setCertificateCheckCode(int)
+ */
+ @Override
+public void setCertificateCheckCode(int certificateCheckCode) {
this.certificateCheckCode = certificateCheckCode;
}
- /**
- * Sets the signatureCheckCode.
- * @param signatureCheckCode The signatureCheckCode to set
- */
- public void setSignatureCheckCode(int signatureCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureCheckCode(int)
+ */
+ @Override
+public void setSignatureCheckCode(int signatureCheckCode) {
this.signatureCheckCode = signatureCheckCode;
}
- /**
- * Sets the xmlDSIGManifestCheckCode.
- * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
- */
- public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int)
+ */
+ @Override
+public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
}
- /**
- * Sets the xmlDsigSubjectName.
- * @param xmlDsigSubjectName The xmlDsigSubjectName to set
- */
- public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String)
+ */
+ @Override
+public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
this.xmlDsigSubjectName = xmlDsigSubjectName;
}
- /**
- * Returns the publicAuthorityCode.
- * @return int
- */
- public String getPublicAuthorityCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getPublicAuthorityCode()
+ */
+ @Override
+public String getPublicAuthorityCode() {
return publicAuthorityCode;
}
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityCode The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthorityCode(java.lang.String)
+ */
+ @Override
+public void setPublicAuthorityCode(String publicAuthorityCode) {
this.publicAuthorityCode = publicAuthorityCode;
}
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isQualifiedCertificate()
+ */
+ @Override
+public boolean isQualifiedCertificate() {
return qualifiedCertificate;
}
- /**
- * Returns the x509certificate.
- * @return X509Certificate
- */
- public X509Certificate getX509certificate() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getX509certificate()
+ */
+ @Override
+public X509Certificate getX509certificate() {
return x509certificate;
}
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setQualifiedCertificate(boolean)
+ */
+ @Override
+public void setQualifiedCertificate(boolean qualifiedCertificate) {
this.qualifiedCertificate = qualifiedCertificate;
}
- /**
- * Sets the x509certificate.
- * @param x509certificate The x509certificate to set
- */
- public void setX509certificate(X509Certificate x509certificate) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setX509certificate(iaik.x509.X509Certificate)
+ */
+ @Override
+public void setX509certificate(X509Certificate x509certificate) {
this.x509certificate = x509certificate;
}
- /**
- * Returns the xmlDSIGManigest.
- * @return boolean
- */
- public boolean isXmlDSIGManigest() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest()
+ */
+ @Override
+public boolean isXmlDSIGManigest() {
return xmlDSIGManigest;
}
- /**
- * Sets the xmlDSIGManigest.
- * @param xmlDSIGManigest The xmlDSIGManigest to set
- */
- public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean)
+ */
+ @Override
+public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
this.xmlDSIGManigest = xmlDSIGManigest;
}
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isPublicAuthority()
+ */
+ @Override
+public boolean isPublicAuthority() {
return publicAuthority;
}
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthority(boolean)
+ */
+ @Override
+public void setPublicAuthority(boolean publicAuthority) {
this.publicAuthority = publicAuthority;
}
- /**
- * Returns the the resulting code of the signature manifest check.
- *
- * @return The code of the sigature manifest check.
- */
- public int getSignatureManifestCheckCode() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode()
+ */
+ @Override
+public int getSignatureManifestCheckCode() {
return signatureManifestCheckCode;
}
- /**
- * Sets the signatureManifestCode.
- *
- * @param signatureManifestCheckCode The signatureManifestCode to set.
- */
- public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int)
+ */
+ @Override
+public void setSignatureManifestCheckCode(int signatureManifestCheckCode) {
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
- public Date getSigningDateTime() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSigningDateTime()
+ */
+@Override
+public Date getSigningDateTime() {
return signingDateTime;
}
- public void setSigningDateTime(Date signingDateTime) {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date)
+ */
+@Override
+public void setSigningDateTime(Date signingDateTime) {
this.signingDateTime = signingDateTime;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 1b78ff677..ec6dbc951 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
@@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
public abstract class AbstractAuthServletTask extends MoaIdTask {
@Autowired protected IRequestStorage requestStoreage;
- @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@Autowired protected AuthConfiguration authConfig;
protected static final String ERROR_CODE_PARAM = "errorid";
protected IRequest pendingReq = null;
- protected AuthenticationSession moasession = null;
+ protected IAuthenticationSession moasession = null;
public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
HttpServletResponse response) throws TaskExecutionException;
@@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
* @throws MOADatabaseException
*/
protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- String moasessionid = pendingReq.getMOASessionIdentifier();
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- moasession = authenticatedSessionStorage.getSession(moasessionid);
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
+ moasession = pendingReq.getMOASession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index dfb90da3a..1c26ff5ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
private static final String PARAM_SSO_CONSENTS = "value";
@Autowired private SSOManager ssoManager;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
ssoConsents = Boolean.parseBoolean(ssoConsentsString);
//perform default task initialization
- defaultTaskInitialization(request, executionContext);
+ //defaultTaskInitialization(request, executionContext);
//check SSO session cookie and MOASession object
String ssoId = ssoManager.getSSOSessionID(request);
- boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
- if (!(isValidSSOSession && moasession.isAuthenticated() )) {
+ boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+
+ //load MOA SSO-session from database
+ AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+ if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
throw new AuthenticationException("auth.30", null);
@@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
+ //Populate this pending request with SSO session information
+ pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
+
+
//user allow single sign-on authentication
if (ssoConsents) {
+
//authenticate pending-request
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 6a1ed7203..4eff0fcf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
try {
defaultTaskInitialization(request, executionContext);
- //set MOASession to authenticated and store MOASession
+ //set MOASession to authenticated
moasession.setAuthenticated(true);
- String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession);
- //set pendingRequest to authenticated and set new MOASessionID
- ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+ //set pending request to authenticated
pendingReq.setAuthenticated(true);
requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index a5783bfb7..8f7364f62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -61,6 +61,7 @@ import org.w3c.dom.traversal.NodeIterator;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -256,8 +257,8 @@ public class IdentityLinkAssertionParser {
* @throws ParseException on any parsing error
*/
- public IdentityLink parseIdentityLink() throws ParseException {
- IdentityLink identityLink;
+ public IIdentityLink parseIdentityLink() throws ParseException {
+ IIdentityLink identityLink;
try {
identityLink = new IdentityLink();
identityLink.setSamlAssertion(assertionElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 140c7aebc..92d76751f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,13 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -51,7 +51,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
@Autowired AuthConfiguration authConfig;
- public void parse(AuthenticationSession moasession,
+ public void parse(IAuthenticationSession moasession,
String target,
String oaURL,
String bkuURL,
@@ -221,8 +221,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
}
- public void parse(ExecutionContext ec, HttpServletRequest req,
- AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
+ public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq)
+ throws WrongParametersException, MOAIDException {
//get Parameters from request
String oaURL = (String) ec.get(PARAM_OA);
@@ -231,20 +231,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
String useMandate = (String) ec.get(PARAM_USEMANDATE);
String ccc = (String) ec.get(PARAM_CCC);
- if (request.getOnlineApplicationConfiguration() != null &&
- request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
- Logger.debug("Service " + request.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ if (pendingReq.getOnlineApplicationConfiguration() != null &&
+ pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
+ Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ " only allows authentication with mandates. --> Set useMandate to TRUE.");
- useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
+ useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
}
- oaURL = request.getOAURL();
+ oaURL = pendingReq.getOAURL();
//only needed for SAML1
- String target = request.getGenericData("saml1_target", String.class);
+ String target = pendingReq.getGenericData("saml1_target", String.class);
- parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 7bce406e0..b54a43fff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -56,6 +56,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -168,9 +169,9 @@ public class VerifyXMLSignatureResponseParser {
* @throws ParseException on any parsing error
*/
- public VerifyXMLSignatureResponse parseData() throws ParseException {
+ public IVerifiyXMLSignatureResponse parseData() throws ParseException {
- VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+ IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 5e09380ae..a146f778e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -134,16 +134,14 @@ public class IDPSingleLogOutServlet extends AbstractController {
try {
if (ssoManager.isValidSSOSession(ssoid, null)) {
- String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);
-
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);
- if(authSession != null) {
- authManager.performSingleLogOut(req, resp, authSession, authURL);
- return;
+ AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+
+ if(authSession != null) {
+ authManager.performSingleLogOut(req, resp, authSession, authURL);
+ return;
- }
}
+
}
} catch (Exception e) {
handleErrorNoRedirect(e, req, resp, false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 15333a933..8ef047300 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,6 +56,7 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -105,8 +106,8 @@ public class LogOutServlet {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
- String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
- authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+ AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
+ authmanager.performOnlyIDPLogOut(moasessionid);
Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index d306ec005..f5f056ccc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -34,7 +34,8 @@ import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
@@ -74,7 +75,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* user identityLink specialized to OAParamter
*/
- private IdentityLink identityLink;
+ private IIdentityLink identityLink;
/**
* application specific user identifier (bPK/wbPK)
@@ -138,7 +139,7 @@ public class AuthenticationData implements IAuthData, Serializable {
private String pvpAttribute_OU = null;
private boolean useMandate = false;
- private MISMandate mandate = null;
+ private IMISMandate mandate = null;
private String mandateReferenceValue = null;
private boolean foreigner =false;
@@ -390,14 +391,14 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @return the identityLink
*/
- public IdentityLink getIdentityLink() {
+ public IIdentityLink getIdentityLink() {
return identityLink;
}
/**
* @param identityLink the identityLink to set
*/
- public void setIdentityLink(IdentityLink identityLink) {
+ public void setIdentityLink(IIdentityLink identityLink) {
this.identityLink = identityLink;
}
@@ -436,7 +437,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @return the mandate
*/
- public MISMandate getMISMandate() {
+ public IMISMandate getMISMandate() {
return mandate;
}
@@ -461,7 +462,7 @@ public class AuthenticationData implements IAuthData, Serializable {
/**
* @param mandate the mandate to set
*/
- public void setMISMandate(MISMandate mandate) {
+ public void setMISMandate(IMISMandate mandate) {
this.mandate = mandate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index c32564679..4c15cd3d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -27,7 +27,8 @@ import java.util.List;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
/**
* @author tlenz
@@ -62,7 +63,7 @@ public interface IAuthData {
List<String> getEncbPKList();
- IdentityLink getIdentityLink();
+ IIdentityLink getIdentityLink();
byte[] getSignerCertificate();
String getAuthBlock();
@@ -74,7 +75,7 @@ public interface IAuthData {
String getPublicAuthorityCode();
boolean isQualifiedCertificate();
- MISMandate getMISMandate();
+ IMISMandate getMISMandate();
Element getMandate();
String getMandateReferenceValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 81157994e..25d50f57a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,12 +51,13 @@ import java.io.Serializable;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-public class MISMandate implements Serializable{
+public class MISMandate implements Serializable, IMISMandate{
private static final long serialVersionUID = 1L;
@@ -81,23 +82,47 @@ public class MISMandate implements Serializable{
private String owBPK = null;
// private boolean isFullMandateIncluded = false;
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getProfRep()
+ */
+ @Override
public String getProfRep() {
return oid;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setProfRep(java.lang.String)
+ */
+ @Override
public void setProfRep(String oid) {
this.oid = oid;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setOWbPK(java.lang.String)
+ */
+ @Override
public void setOWbPK(String oWbPK) {
this.owBPK = oWbPK;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getOWbPK()
+ */
+ @Override
public String getOWbPK() {
return owBPK;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandate()
+ */
+ @Override
public byte[] getMandate() {
return mandate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateDOM()
+ */
+ @Override
public Element getMandateDOM() {
try {
byte[] byteMandate = mandate;
@@ -111,6 +136,10 @@ public class MISMandate implements Serializable{
}
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateJaxB()
+ */
+ @Override
public Mandate getMandateJaxB() {
Element domMandate = getMandateDOM();
if (domMandate != null)
@@ -119,10 +148,18 @@ public class MISMandate implements Serializable{
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#setMandate(byte[])
+ */
+ @Override
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.data.IMISMandate#getTextualDescriptionOfOID()
+ */
+ @Override
public String getTextualDescriptionOfOID() {
if (MiscUtil.isNotEmpty(this.oid)) {
if (this.oid.equalsIgnoreCase(OID_NOTAR))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 34b250bf0..f718777b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
}
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, null, authURL);
}
+ /**
+ * @param req
+ * @param resp
+ * @param moasessionid
+ */
+ public void performOnlyIDPLogOut(AuthenticationSession authSession) {
+
+ if (authSession == null) {
+ Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+ return;
+
+ }
+
+ try {
+
+ authSession.setAuthenticated(false);
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+
+ authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
+
+ //session.invalidate();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
+ return;
+ }
+
+ }
+
+
public void performOnlyIDPLogOut(HttpServletRequest request,
- HttpServletResponse response, String moaSessionID) {
+ HttpServletResponse response, String internalMOASsoSessionID) {
Logger.info("Remove active user-session");
- if(moaSessionID == null) {
- moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if(internalMOASsoSessionID == null) {
+ internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
}
- if(moaSessionID == null) {
+ if(internalMOASsoSessionID == null) {
Logger.info("NO MOA Session to logout");
return;
}
AuthenticationSession authSession;
try {
- authSession = authenticatedSessionStore.getSession(moaSessionID);
+ authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
if(authSession == null) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
-
- authSession.setAuthenticated(false);
- //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
- //log Session_Destroy to reversionslog
- AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-
- authenticatedSessionStore.destroySession(moaSessionID);
-
- //session.invalidate();
-
+
+ performOnlyIDPLogOut(authSession);
+
} catch (MOADatabaseException e) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
@@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
- authenticatedSessionStore.destroySession(correspondingMOASession);
+ //destroy internal SSO-session object and SSO-session cooky
+ authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
ssoManager.deleteSSOSessionID(httpReq, httpResp);
}
}
@@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
//get MOASession from SSO-Cookie if SSO is allowed
- AuthenticationSession moaSession = null;
+ AuthenticationSession ssoMOASession = null;
if (isValidSSOSession && isSSOAllowed) {
- String moasessionID = ssoManager.getMOASession(ssoId);
- moaSession = authenticatedSessionStore.getSession(moasessionID);
+ ssoMOASession = ssoManager.getInternalMOASession(ssoId);
- if (moaSession == null)
+ if (ssoMOASession == null)
Logger.info("No MOASession FOUND with provided SSO-Cookie.");
else {
@@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
//check if session is already authenticated
- boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
-
+ boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
+
//force new authentication authentication process
if (pendingReq.forceAuth()) {
startAuthenticationProcess(httpReq, httpResp, pendingReq);
@@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (isSessionAuthenticated) {
// Passive authentication ok!
revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
throw new NoPassivAuthenticationException();
@@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
// Is authenticated .. proceed
revisionsLogger.logEvent(oaParam,
pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
// Start authentication!
@@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants {
* @return true if session is already authenticated, otherwise false
* @throws MOAIDException
*/
- private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+ private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
//if no MOASession exist -> authentication is required
- if (moaSession == null) {
+ if (ssoMOASession == null) {
return false;
} else {
- //if MOASession is Found but not authenticated --> authentication is required
- if (!moaSession.isAuthenticated()) {
+ //if MOA SSO-Session is found but not authenticated --> authentication is required
+ if (!ssoMOASession.isAuthenticated()) {
return false;
}
//if MOASession is already authenticated and protocol-request is authenticated
// --> no authentication is required any more
- else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
} else if (!protocolRequest.isAuthenticated()
- && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+ && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
protocolRequest.setAuthenticated(true);
- protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
}
@@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//check legacy request parameter
boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-
- //create MOASession object
- AuthenticationSession moasession;
- try {
- moasession = authenticatedSessionStore.createSession(pendingReq);
- pendingReq.setMOASessionIdentifier(moasession.getSessionID());
-
- } catch (MOADatabaseException e1) {
- Logger.error("Database Error! MOASession can not be created!");
- throw new MOAIDException("init.04", new Object[] {});
-
- }
-
+
//create authentication process execution context
ExecutionContext executionContext = new ExecutionContextImpl();
@@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
private void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
String uniqueSessionIdentifier = "notSet";
@@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//terminate MOASession
try {
- authenticatedSessionStore.destroySession(session.getSessionID());
+ authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
ssoManager.deleteSSOSessionID(httpReq, httpResp);
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
@@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants {
e.printStackTrace();
}
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index ffc6012c9..b612352c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -35,10 +36,14 @@ import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -67,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String action = null;
private String requestID;
- private String moaSessionIdentifier;
private String processInstanceId;
+ private String ssoMoaSessionId;
private String uniqueTransactionIdentifer;
private String uniqueSessionIdentifer;
@@ -91,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+ private IAuthenticationSession moaSSOSessionContainer = null;
+
/**
* @throws ConfigurationException
@@ -99,11 +106,14 @@ public abstract class RequestImpl implements IRequest, Serializable{
public final void initialize(HttpServletRequest req) throws ConfigurationException {
//set requestID
requestID = Random.nextLongRandom();
-
+
//set unique transaction identifier for logging
uniqueTransactionIdentifer = Random.nextLongRandom();
TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
+ //initialize session object
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date());
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom());
//check if End-Point is valid
String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
@@ -247,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{
return requestID;
}
- public String getMOASessionIdentifier() {
- return this.moaSessionIdentifier;
+ public String getInternalSSOSessionIdentifier() {
+ return this.ssoMoaSessionId;
+ }
+
+ /**
+ * Set the internal SSO session identifier, which associated with this pending request
+ *
+ * @param internalSSOSessionId
+ */
+ public void setInternalSSOSessionIdentifier(String internalSSOSessionId) {
+ this.ssoMoaSessionId = internalSSOSessionId;
}
- public void setMOASessionIdentifier(String moaSessionIdentifier) {
- this.moaSessionIdentifier = moaSessionIdentifier;
+ public IAuthenticationSession getMOASession() {
+ //if SSO session information are set, use this
+ if (moaSSOSessionContainer != null)
+ return moaSSOSessionContainer;
+ else
+ return new AuthenticationSessionWrapper(genericDataStorage);
+
}
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
+ if (ssoSession instanceof AuthenticationSession) {
+ moaSSOSessionContainer = ssoSession;
+
+ } else
+ throw new IllegalStateException("Session information can only be populated with SSO information from database");
+
+
+ }
+
+
public IOAAuthParameters getOnlineApplicationConfiguration() {
return this.OAConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index c27012ba9..557d9af48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -157,7 +158,7 @@ public class SSOManager {
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
try {
- authenticatedSessionStore.destroySession(storedSession.getSessionid());
+ authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid());
} catch (MOADatabaseException e) {
Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e);
@@ -175,8 +176,8 @@ public class SSOManager {
}
- public String getMOASession(String ssoSessionID) {
- return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
+ public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
+ return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
}
@@ -184,9 +185,9 @@ public class SSOManager {
public String getUniqueSessionIdentifier(String ssoSessionID) {
try {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
+ AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
+ if (moaSession != null) {
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
return extSessionInformation.getUniqueSessionId();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
index 79afba412..95a7660d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
@@ -37,7 +37,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
@@ -86,10 +86,10 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
}
- AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq);
- if (moaSession != null) {
+ AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq);
+ if (ssoMoaSession != null) {
//authenticated MOASession already exists --> protocol-specific postProcessing can start directly
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+ finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession);
//transaction is finished, log transaction finished event
revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
@@ -111,7 +111,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp,
- IRequest pendingReq, AuthenticationSession moaSession) {
+ IRequest pendingReq, IAuthenticationSession moaSession) {
Logger.debug("Add SSO information to MOASession.");
//Store SSO information into database
@@ -140,7 +140,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
* @throws Exception
*/
protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp,
- IRequest pendingReq, AuthenticationSession moaSession) throws Exception {
+ IRequest pendingReq, IAuthenticationSession moaSession) throws Exception {
String newSSOSessionId = null;
@@ -161,9 +161,27 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
//Store OA specific SSO session information if an SSO cookie is set
if (isSSOCookieSetted) {
- try {
- authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
- newSSOSessionId, sloInformation, pendingReq);
+ try {
+ AuthenticationSession internalDBSSOSession = null;
+
+ //create new SSO session, if actually no SSO session exists
+ if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) {
+ internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq);
+ authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(),
+ newSSOSessionId, sloInformation, pendingReq);
+
+ //MOA SSO-session already exists only update is required
+ } else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) &&
+ moaSession instanceof AuthenticationSession) {
+ authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
+ newSSOSessionId, sloInformation, pendingReq);
+
+ } else {
+ Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName()
+ + " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier());
+ throw new AuthenticationException("1299", null);
+
+ }
} catch (AuthenticationException e) {
Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
@@ -218,19 +236,8 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
protected void removeUserSession(IRequest pendingReq, HttpServletRequest req,
HttpServletResponse resp) {
- try {
- AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
- pendingReq.getMOASessionIdentifier());
-
- if (moaSession != null)
- authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-
- } catch (MOADatabaseException e) {
- Logger.error("Remove user-session FAILED." , e);
-
- }
-
-
+ authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier());
+
}
protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0da43d818..0f9b615a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -32,14 +32,12 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -112,48 +110,33 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
try {
Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
- //get MOASession from database
- String sessionID = pendingReq.getMOASessionIdentifier();
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12");
-
- }
+ //get MOA session data object from pending request
+ IAuthenticationSession pendingMoaSession = pendingReq.getMOASession();
- //load MOASession from database
- AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID);
- if (moaSession == null) {
- Logger.error("No MOASession with ID " + sessionID + " found.!");
- handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);
-
- } else {
+ //check if pending-request has 'abortedByUser' flag set
+ if (pendingReq.isAbortedByUser()) {
+ //send authentication aborted error to Service Provider
+ buildProtocolSpecificErrorResponse(
+ new AuthenticationException("auth.21", new Object[] {}),
+ req, resp, pendingReq);
- //check if pending-request has 'abortedByUser' flag set
- if (pendingReq.isAbortedByUser()) {
- //send authentication aborted error to Service Provider
- buildProtocolSpecificErrorResponse(
- new AuthenticationException("auth.21", new Object[] {}),
- req, resp, pendingReq);
+ //do not remove the full active SSO-Session
+ // in case of only one Service-Provider authentication request is aborted
+ if ( !(pendingMoaSession.isAuthenticated()
+ && pendingReq.needSingleSignOnFunctionality()) ) {
+ removeUserSession(pendingReq, req, resp);
- //do not remove the full active SSO-Session
- // in case of only one Service-Provider authentication request is aborted
- if ( !(moaSession.isAuthenticated()
- && pendingReq.needSingleSignOnFunctionality()) ) {
- removeUserSession(pendingReq, req, resp);
-
- }
-
- //check if MOASession and pending-request are authenticated
- } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-
- } else {
- //suspect state: pending-request is not aborted but also are not authenticated
- Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
- handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
-
- }
+ }
+
+ //check if MOASession and pending-request are authenticated
+ } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
+ finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession);
+
+ } else {
+ //suspect state: pending-request is not aborted but also are not authenticated
+ Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
+ handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
+
}
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index a611c72b9..b7d21f903 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -26,8 +26,8 @@ import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -45,7 +45,7 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
if (MiscUtil.isEmpty(profRepName)) {
- MISMandate misMandate = authData.getMISMandate();
+ IMISMandate misMandate = authData.getMISMandate();
if(misMandate == null) {
throw new NoMandateDataAttributeException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index bef9afd8f..04de3288a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -23,8 +23,8 @@
package at.gv.egovernment.moa.id.protocols.builder.attributes;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -41,7 +41,7 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);
if (MiscUtil.isEmpty(profRepOID)) {
- MISMandate mandate = authData.getMISMandate();
+ IMISMandate mandate = authData.getMISMandate();
if (mandate == null) {
throw new NoMandateDataAttributeException();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cd14664f9..365a31fe1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -107,10 +107,10 @@ public class AttributQueryAction implements IAction {
try {
//get Single Sign-On information for the Service-Provider
// which sends the Attribute-Query request
- AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
if (moaSession == null) {
- Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND.");
- throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()});
+ Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
+ throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
}
InterfederationSessionStore nextIDPInformation =
@@ -155,9 +155,9 @@ public class AttributQueryAction implements IAction {
throw new MOAIDException("pvp2.01", null, e);
} catch (MOADatabaseException e) {
- Logger.error("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier()
+ Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier()
+ " is not found in Database", e);
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index f09a3c30c..a7a249eed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -56,7 +56,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
@@ -600,7 +600,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
//check active MOASession
String nameID = attrQuery.getSubject().getNameID().getValue();
- AuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
+ IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
if (session == null) {
Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
throw new AttributQueryException("auth.31", null);
@@ -620,7 +620,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
pendingReq.setAction(AttributQueryAction.class.getName());
//add moasession
- pendingReq.setMOASessionIdentifier(session.getSessionID());
+ pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
//write revisionslog entry
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index c762e2505..ff703d585 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -37,11 +37,11 @@ import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -94,7 +94,7 @@ public class SingleLogOutAction implements IAction {
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
- AuthenticationSession session =
+ IAuthenticationSession session =
authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
@@ -114,10 +114,9 @@ public class SingleLogOutAction implements IAction {
sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
- } else {
- String moasession = ssomanager.getMOASession(ssoID);
+ } else {
try {
- session = authenticationSessionStorage.getSession(moasession);
+ session = ssomanager.getInternalMOASession(ssoID);
if (session == null)
throw new MOADatabaseException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 2457d2fe4..b6fed5934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,7 +33,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -78,7 +78,7 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
SignatureVerificationUtils sigVerify =
new SignatureVerificationUtils();
- VerifyXMLSignatureResponse result = sigVerify.verify(
+ IVerifiyXMLSignatureResponse result = sigVerify.verify(
serialized, trustProfileID);
//check signature-verification result
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 7dd6d15cd..ad200e400 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -75,12 +76,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//@Autowired MOASessionDBUtils moaSessionDBUtils;
@Override
- public boolean isAuthenticated(String moaSessionID) {
+ public boolean isAuthenticated(String internalSsoSessionID) {
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID);
+ session = searchInDatabase(internalSsoSessionID);
return session.isAuthenticated();
} catch (MOADatabaseException e) {
@@ -89,8 +90,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
- String id = Random.nextRandom();
+ public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException {
+ String id = Random.nextLongRandom();
try {
AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
dbsession.setSessionid(id);
@@ -106,12 +107,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
- AuthenticationSession session = new AuthenticationSession(id, now);
+ AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
encryptSession(session, dbsession);
//store AssertionStore element to Database
entityManager.persist(dbsession);
- Logger.info("Create MOASession with sessionID: " + id);
+ Logger.info("Create MOA SSO-Session with internal sessionID: " + id);
return session;
@@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+ public AuthenticationSession getInternalSSOSession(String sessionID) throws MOADatabaseException {
if (MiscUtil.isEmpty(sessionID))
return null;
@@ -189,30 +190,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
-
- encryptSession(session, dbsession);
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setUpdated(new Date());
-
- entityManager.merge(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
- }
-
- @Override
- public void destroySession(String moaSessionID) throws MOADatabaseException {
+ public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException {
Query query = entityManager.createNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
+ query.setParameter("sessionid", internalSsoSessionID);
List<AuthenticatedSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -230,39 +211,6 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException {
-
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
-
- Logger.debug("Change SessionID from " + session.getSessionID()
- + "to " + newSessionID);
-
- session.setSessionID(newSessionID);
- encryptSession(session, dbsession);
-
- dbsession.setSessionid(newSessionID);
- dbsession.setAuthenticated(session.isAuthenticated());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- entityManager.merge(dbsession);
-
- Logger.trace("Change SessionID complete.");
-
- return newSessionID;
-
- }
-
- @Override
- public String changeSessionID(AuthenticationSession session)
- throws BuildException, MOADatabaseException {
- String id = Random.nextRandom();
- return changeSessionID(session, id);
-
- }
-
- @Override
public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {
AuthenticatedSessionStore session;
@@ -279,7 +227,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public String getMOASessionSSOID(String SSOSessionID) {
+ public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
@@ -295,7 +243,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
return null;
} else
- return results.get(0).getSessionid();
+ try {
+ return decryptSession(results.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
}
@@ -413,7 +367,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
@@ -429,7 +383,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
@@ -444,7 +398,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
@@ -475,7 +429,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType) {
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
@@ -505,7 +459,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
* @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String)
*/
@Override
- public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) {
+ public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) {
OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule);
if (activeOA != null) {
activeOA.setAttributeQueryUsed(true);
@@ -516,7 +470,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getSessionWithUserNameID(String nameID) {
+ public IAuthenticationSession getSessionWithUserNameID(String nameID) {
MiscUtil.assertNotNull(nameID, "nameID");
Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
@@ -592,20 +546,35 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
AuthenticatedSessionStore dbsession = null;
+ AuthenticationSession moaSession = null;
Date now = new Date();
//search for active session
- String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier());
- if (MiscUtil.isNotEmpty(moaSession)) {
+ if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
+ Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
+ moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+
+ } else {
+ Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
+ moaSession = createInternalSSOSession(req);
+
+ }
+
+ if (moaSession != null) {
try {
- dbsession = searchInDatabase(moaSession);
+ dbsession = searchInDatabase(moaSession.getSessionID());
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
throw e;
- }
- }
-
+ }
+
+ } else {
+ Logger.error("NO MOASession found but MOASession MUST already exist!");
+ throw new MOADatabaseException("NO MOASession found but MOASession MUST already exist!");
+
+ }
+
dbsession.setUpdated(now);
//decrypt MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 934b7ca65..c8d09e17e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -30,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -48,103 +49,74 @@ public interface IAuthenticationSessionStoreage {
/**
* Check if the stored MOASession is already authenticated
*
- * @param moaSessionID MOASession identifier
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return true if the MOASession is authenticated, otherwise false
*/
- public boolean isAuthenticated(String moaSessionID);
+ public boolean isAuthenticated(String internalSsoSessionID);
/**
- * Create a new MOASession
+ * Create a new MOA SSO-Session object in database
+ * The SSO session object get populated with eID information from pending request
*
* @param target Pending Request which is associated with this MOASession
* @return MOASession object
* @throws MOADatabaseException MOASession storage operation FAILED
* @throws BuildException MOASession encryption FAILED
*/
- public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException;
+ public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException;
/**
* Get a MOASession with sessionID
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return MOASession, or null if no session exists with this ID
* @throws MOADatabaseException MOASession load operation FAILED
*/
- public AuthenticationSession getSession(String sessionID) throws MOADatabaseException;
+ public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException;
/**
* Get the session-data extension-object for a MOASession
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null
* @throws MOADatabaseException MOASession load operation FAILED
*/
- public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException;
+ public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) throws MOADatabaseException;
/**
* Store a session-data extension-object to MOASession
*
- * @param sessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @param sessionExtensions AuthenticationSessionExtensions object
* @throws MOADatabaseException MOASession storage operation FAILED
*/
- public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
+ public void setAuthenticationSessionExtensions(String internalSsoSessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
/**
- * Store a MOASession
- *
- * @param session MOASession which should be stored
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption FAILED
- */
- public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException;
-
- /**
* Delete a MOASession
*
- * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @throws MOADatabaseException MOASession delete operation FAILED
*/
- public void destroySession(String moaSessionID) throws MOADatabaseException;
-
-
- /**
- * Change the sessionID of a MOASession
- *
- * @param session MOASession for which the sessionID should be changed
- * @param newSessionID new MOASessionID which should be used
- * @return new MOASessionID
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption/decryption FAILED
- */
- public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException;
-
- /**
- * Change the sessionID of a MOASession
- *
- * @param session MOASession for which the sessionID should be changed
- * @return new MOASessionID
- * @throws MOADatabaseException MOASession storage operation FAILED
- * @throws BuildException MOASession encryption/decryption FAILED
- */
- public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException;
-
+ public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException;
+
/**
* Set the isAuthenticated flag to MOASession
*
- * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param internalSsoSessionID Internal MOA SSO-Session identifier
* @param isAuthenticated Is authenticated flag (true/false)
*/
- public void setAuthenticated(String moaSessionID, boolean isAuthenticated);
+ public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
/**
* Find the MOASessionId of an active Single Sign-On session
*
* @param SSOSessionID Single Sign-On sessionID
- * @return MOASessionID of the associated MOASession
+ * @return internal MOA SSO-Session of the associated SSO-Session Id
+ * @throws MOADatabaseException
*/
- public String getMOASessionSSOID(String SSOSessionID);
+ public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
/**
* Check if a MOASession is an active Single Sign-On session
@@ -182,7 +154,7 @@ public interface IAuthenticationSessionStoreage {
* @param moaSession MOASession data object
* @return List of Service-Provider information
*/
- public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession);
+ public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
/**
@@ -191,7 +163,7 @@ public interface IAuthenticationSessionStoreage {
* @param moaSession MOASession data object
* @return List of Interfederation-IDP information
*/
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession);
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
/**
* Search a MOASession by using already transfered authentication information
@@ -200,7 +172,7 @@ public interface IAuthenticationSessionStoreage {
* @param userNameID UserId (bPK), which was send to this Service-Provider
* @return MOASession, or null if no corresponding MOASession is found
*/
- public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+ public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
/**
* Search a active Single Sign-On session for a specific Service-Provider
@@ -210,7 +182,7 @@ public interface IAuthenticationSessionStoreage {
* @param protocolType Authentication protocol, which was used for SSO from this Service-Provider
* @return Internal Single Sign-On information for this Service-Provider
*/
- public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType);
+ public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType);
/**
@@ -219,7 +191,7 @@ public interface IAuthenticationSessionStoreage {
* @param nameID UserID (bPK)
* @return MOASession, or null if no corresponding MOASession is found
*/
- public AuthenticationSession getSessionWithUserNameID(String nameID);
+ public IAuthenticationSession getSessionWithUserNameID(String nameID);
/**
* Search an active federation IDP which could be used for federated Single Sign-On
@@ -283,7 +255,7 @@ public interface IAuthenticationSessionStoreage {
* @param oaurl
* @param requestedModule
*/
- public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule);
+ public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule);
/**
* @param nextIDPInformation