aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java581
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java166
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java138
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java32
17 files changed, 35 insertions, 1542 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 9b498a475..c84599b25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -98,9 +98,13 @@ public class StatisticLogger {
//log basic AuthInformation
dblog.setOaurlprefix(protocolRequest.getOAURL());
dblog.setOafriendlyName(dbOA.getFriendlyName());
- dblog.setOatarget(dbOA.getTarget());
dblog.setBusinessservice(isBusinessService(dbOA));
+ if (dblog.isBusinessservice())
+ dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue());
+ else
+ dblog.setOatarget(dbOA.getTarget());
+
dblog.setBkuurl(moasession.getBkuURL());
dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 35e4815ba..e8564ad3c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -146,8 +147,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/** single instance */
private static AuthenticationServer instance;
- /** session data store (session ID -> AuthenticationSession) */
- //private static Map sessionStore = new HashMap();
/**
* time out in milliseconds used by {@link cleanup} for session store
@@ -178,171 +177,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
super();
}
-// /**
-// * Processes request to select a BKU. <br/>
-// * Processing depends on value of
-// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
-// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
-// * for the "BKU Auswahl" service is returned. <br/>
-// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
-// * selection is returned.
-// *
-// * @param authURL
-// * base URL of MOA-ID Auth component
-// * @param target
-// * "Gesch&auml;ftsbereich"
-// * @param oaURL
-// * online application URL requested
-// * @param bkuSelectionTemplateURL
-// * template for BKU selection form to be used in case of
-// * <code>HTMLSelect</code>; may be null
-// * @param templateURL
-// * URL providing an HTML template for the HTML form to be used
-// * for call <code>startAuthentication</code>
-// * @return for <code>bkuSelectionType==HTMLComplete</code>, the
-// * <code>returnURI</code> for the "BKU Auswahl" service; for
-// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
-// * selection
-// * @throws WrongParametersException
-// * upon missing parameters
-// * @throws AuthenticationException
-// * when the configured BKU selection service cannot be reached,
-// * and when the given bkuSelectionTemplateURL cannot be reached
-// * @throws ConfigurationException
-// * on missing configuration data
-// * @throws BuildException
-// * while building the HTML form
-// */
-// public String selectBKU(String authURL, String target, String oaURL,
-// String bkuSelectionTemplateURL, String templateURL)
-// throws WrongParametersException, AuthenticationException,
-// ConfigurationException, BuildException {
-//
-// // check if HTTP Connection may be allowed (through
-// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-// if ((!authURL.startsWith("https:"))
-// && (false == BoolUtils.valueOf(boolStr)))
-// throw new AuthenticationException("auth.07", new Object[] { authURL
-// + "*" });
-// if (isEmpty(authURL))
-// throw new WrongParametersException("StartAuthentication",
-// "AuthURL", "auth.05");
-// if (isEmpty(oaURL))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.05");
-//
-// ConnectionParameter bkuConnParam = AuthConfigurationProvider
-// .getInstance().getBKUConnectionParameter();
-// if (bkuConnParam == null)
-// throw new ConfigurationException("config.08",
-// new Object[] { "BKUSelection/ConnectionParameter" });
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(oaURL);
-// if (oaParam == null)
-// throw new AuthenticationException("auth.00", new Object[] { oaURL });
-//
-// if (!oaParam.getBusinessService()) {
-// if (isEmpty(target))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_TARGET, "auth.05");
-// } else {
-// if (!isEmpty(target)) {
-// Logger
-// .info("Ignoring target parameter thus application type is \"businessService\"");
-// }
-// target = null;
-// }
-//
-// AuthenticationSession session = newSession();
-// Logger.info("MOASession " + session.getSessionID() + " angelegt");
-// session.setTarget(target);
-// session.setOAURLRequested(oaURL);
-// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
-// session.setAuthURL(authURL);
-// session.setTemplateURL(templateURL);
-// session.setBusinessService(oaParam.getBusinessService());
-//
-// try {
-// AuthenticationSessionStoreage.storeSession(session);
-//
-// } catch (MOADatabaseException e) {
-// throw new AuthenticationException("", null);
-// }
-//
-// String returnURL = new DataURLBuilder().buildDataURL(authURL,
-// REQ_START_AUTHENTICATION, session.getSessionID());
-// String bkuSelectionType = AuthConfigurationProvider.getInstance()
-// .getBKUSelectionType();
-// if (bkuSelectionType
-// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
-// // bkuSelectionType==HTMLComplete
-// String redirectURL = bkuConnParam.getUrl() + "?"
-// + AuthServlet.PARAM_RETURN + "=" + returnURL;
-// return redirectURL;
-// } else {
-// // bkuSelectionType==HTMLSelect
-// String bkuSelectTag;
-// try {
-// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
-// .getInstance(), bkuConnParam);
-// } catch (Throwable ex) {
-// throw new AuthenticationException("auth.11", new Object[] {
-// bkuConnParam.getUrl(), ex.toString() }, ex);
-// }
-// String bkuSelectionTemplate = null;
-//
-// //removed in MOAID 2.0
-// // override template url by url from configuration file
-//// if (oaParam.getBkuSelectionTemplateURL() != null) {
-//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
-//// }
-//
-//// if (bkuSelectionTemplateURL != null) {
-//// try {
-//// bkuSelectionTemplate = new String(FileUtils
-//// .readURL(bkuSelectionTemplateURL));
-//// } catch (IOException ex) {
-//// throw new AuthenticationException("auth.03", new Object[] {
-//// bkuSelectionTemplateURL, ex.toString() }, ex);
-//// }
-//// }
-//
-// String htmlForm = new SelectBKUFormBuilder().build(
-// bkuSelectionTemplate, returnURL, bkuSelectTag);
-// return htmlForm;
-// }
-// }
-
-// /**
-// * Method readBKUSelectTag.
-// *
-// * @param conf
-// * the ConfigurationProvider
-// * @param connParam
-// * the ConnectionParameter for that connection
-// * @return String
-// * @throws ConfigurationException
-// * on config-errors
-// * @throws PKIException
-// * on PKI errors
-// * @throws IOException
-// * on any data error
-// * @throws GeneralSecurityException
-// * on security errors
-// */
-// private String readBKUSelectTag(ConfigurationProvider conf,
-// ConnectionParameter connParam) throws ConfigurationException,
-// PKIException, IOException, GeneralSecurityException {
-//
-// if (connParam.isHTTPSURL())
-// return SSLUtils.readHttpsURL(conf, connParam);
-// else
-// return HTTPUtils.readHttpURL(connParam.getUrl());
-// }
/**
* Processes the beginning of an authentication session.
@@ -441,6 +275,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//removed in MOAID 2.0
String pushInfobox = "";
+
// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
// .getVerifyInfoboxParameters();
// if (verifyInfoboxParameters != null) {
@@ -500,18 +335,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters
.get(PARAM_XMLRESPONSE);
- // System.out.println("PB: " + xmlInfoboxReadResponse);
-
if (isEmpty(xmlInfoboxReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE });
-
-// AuthenticationSession session = getSession(sessionID);
-// if (session.getTimestampIdentityLink() != null)
-// throw new AuthenticationException("auth.01",
-// new Object[] { sessionID });
- session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -537,24 +364,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return null;
}
- // for testing new identity link certificate
- // xmlInfoboxReadResponse = null;
- // try {
- // File file = new File("c:/temp/XXXMuster.xml");
- // FileInputStream fis;
- //
- // fis = new FileInputStream(file);
- // byte[] array = Utils.readFromInputStream(fis);
- //
- // xmlInfoboxReadResponse = new String(array);
- // System.out.println(xmlInfoboxReadResponse);
- //
- // } catch (FileNotFoundException e) {
- // e.printStackTrace();
- // } catch (UtilsException e) {
- // e.printStackTrace();
- // }
-
// parses the <InfoboxReadResponse>
IdentityLink identityLink = new InfoboxReadResponseParser(
xmlInfoboxReadResponse).parseIdentityLink();
@@ -572,10 +381,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
-// if (identityLink.getIdentificationType().equalsIgnoreCase(
-// Constants.URN_PREFIX_BASEID)) {
-// }
-
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -687,7 +492,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
GET_MIS_SESSIONID, PARAM_SESSIONID });
- //AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
@@ -744,7 +548,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds the AUTH-block
String authBlock = buildAuthenticationBlock(session, oaParam);
- // session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
List<String> transformsInfos = oaParam.getTransformsInfos();
if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
@@ -757,77 +560,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return createXMLSignatureRequest;
}
-// /**
-// *
-// * @param session
-// * @param authConf
-// * @param oaParam
-// * @return
-// * @throws ConfigurationException
-// * @throws BuildException
-// * @throws ValidateException
-// */
-// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
-// AuthenticationSession session, AuthConfigurationProvider authConf,
-// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
-// BuildException, ValidateException {
-//
-// // check for intermediate processing of the infoboxes
-// if (session.isValidatorInputPending())
-// return "Redirect to Input Processor";
-//
-// if (authConf == null)
-// authConf = AuthConfigurationProvider.getInstance();
-// if (oaParam == null)
-// oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(
-// session.getPublicOAURLPrefix());
-//
-// // BZ.., calculate bPK for signing to be already present in AuthBlock
-// IdentityLink identityLink = session.getIdentityLink();
-// if (identityLink.getIdentificationType().equals(
-// Constants.URN_PREFIX_BASEID)) {
-//
-// // only compute bPK if online application is a public service and we
-// // have the Stammzahl
-//// if (isOW) {
-//// // if person is OW, delete identification value (bPK is calculated via MIS)
-//// identityLink.setIdentificationValue(null);
-//// identityLink.setIdentificationType(null);
-//// }
-//// else {
-//
-// //TODO: check correctness!!! bpk calcultion is done during Assertion generation
-//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
-//// .getIdentificationValue(), session.getTarget());
-//// identityLink.setIdentificationValue(bpkBase64);
-////
-//// //TODO: insert correct Type!!!!
-//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
-//// }
-//
-// }
-// // ..BZ
-// // }
-//
-// // builds the AUTH-block
-// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
-//
-// // session.setAuthBlock(authBlock);
-// // builds the <CreateXMLSignatureRequest>
-// List<String> transformsInfos = oaParam.getTransformsInfos();
-// if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
-// // no OA specific transforms specified, use default ones
-// transformsInfos = authConf.getTransformsInfos();
-// }
-// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
-// .build(authBlock, oaParam.getKeyBoxIdentifier(),
-// transformsInfos, oaParam.isSlVersion12());
-//
-// System.out.println("XML: " + createXMLSignatureRequest);
-//
-// return createXMLSignatureRequest;
-// }
/**
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -850,15 +582,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID });
-// AuthenticationSession session = getSession(sessionID);
-
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- //session.setSignerCertificate(cert);
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
cert);
@@ -921,12 +649,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE });
- //AuthenticationSession session = getSession(sessionID);
- /*
- * if (session.getTimestampIdentityLink() != null) throw new
- * AuthenticationException("auth.01", new Object[] { sessionID });
- */
- // session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
@@ -949,8 +671,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
domVerifyXMLSignatureResponse).parseData();
- // int code = verifyXMLSignatureResponse.getSignatureCheckCode();
-
return verifyXMLSignatureResponse.getX509certificate();
}
@@ -1099,62 +819,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
-
-// /**
-// * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
-// * given session data.
-// *
-// * @param session
-// * authentication session
-// *
-// * @return <code>&lt;saml:Assertion&gt;</code> as a String
-// *
-// * @throws BuildException
-// * If an error occurs on serializing an extended SAML attribute
-// * to be appended to the AUTH-Block.
-// */
-// private String buildAuthenticationBlockForOW(AuthenticationSession session,
-// OAAuthParameter oaParam, boolean isOW) throws BuildException {
-// IdentityLink identityLink = session.getIdentityLink();
-// String issuer = identityLink.getName();
-// String gebDat = identityLink.getDateOfBirth();
-// String identificationValue = identityLink.getIdentificationValue();
-// String identificationType = identityLink.getIdentificationType();
-//
-// String issueInstant = DateTimeUtils.buildDateTime(Calendar
-// .getInstance(), oaParam.getUseUTC());
-// session.setIssueInstant(issueInstant);
-// String authURL = session.getAuthURL();
-// String target = session.getTarget();
-// String targetFriendlyName = session.getTargetFriendlyName();
-// // Bug #485
-// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
-// // String oaURL = session.getPublicOAURLPrefix();
-// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
-//
-//
-// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
-// Iterator it = extendedSAMLAttributes.iterator();
-// // delete bPK attribute from extended SAML attributes
-// if (session.isOW()) {
-// ExtendedSAMLAttribute toDelete = null;
-// while (it.hasNext()) {
-// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
-// if (attr.getName().equalsIgnoreCase("bPK"))
-// toDelete = attr;
-// }
-// if (toDelete != null)
-// extendedSAMLAttributes.remove(toDelete);
-// }
-//
-// String authBlock = new AuthenticationBlockAssertionBuilder()
-// .buildAuthBlock(issuer, issueInstant, authURL, target,
-// targetFriendlyName, identificationValue,
-// identificationType, oaURL, gebDat,
-// extendedSAMLAttributes, session, oaParam);
-//
-// return authBlock;
-// }
/**
* Verifies the infoboxes (except of the identity link infobox) returned by
@@ -1197,7 +861,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
OAAuthParameter oaParam = authConfigurationProvider
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- //TODO: check correctness!!!!
//removed in MOAID 2.0
// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
// .getVerifyInfoboxParameters();
@@ -1210,6 +873,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// System.out.println("SAML set: " +
// session.getExtendedSAMLAttributesAUTH().size());
+ //removed in MOAID 2.0
// if (verifyInfoboxParameters != null) {
//
// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
@@ -1461,57 +1125,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
-// /**
-// * Intermediate processing of the infoboxes. The first pending infobox
-// * validator may validate the provided input
-// *
-// * @param session
-// * The current authentication session
-// * @param parameters
-// * The parameters got returned by the user input fields
-// */
-// public static void processInput(AuthenticationSession session,
-// Map parameters) throws ValidateException {
-//
-// // post processing of the infoboxes
-// Iterator iter = session.getInfoboxValidatorIterator();
-// if (iter != null) {
-// while (iter.hasNext()) {
-// Vector infoboxValidatorVector = (Vector) iter.next();
-// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-// .get(2);
-// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
-// String identifier = (String) infoboxValidatorVector.get(0);
-// String friendlyName = (String) infoboxValidatorVector
-// .get(1);
-// InfoboxValidationResult infoboxValidationResult = null;
-// try {
-// infoboxValidationResult = infoboxvalidator
-// .validate(parameters);
-// } catch (ValidateException e) {
-// Logger.error("Error validating " + identifier
-// + " infobox:" + e.getMessage());
-// throw new ValidateException("validator.44",
-// new Object[] { friendlyName });
-// }
-// if (!infoboxValidationResult.isValid()) {
-// Logger.info("Validation of " + identifier
-// + " infobox failed.");
-// throw new ValidateException("validator.40",
-// new Object[] {
-// friendlyName,
-// infoboxValidationResult
-// .getErrorMessage() });
-// }
-// AddAdditionalSAMLAttributes(
-// session,
-// infoboxValidationResult.getExtendedSamlAttributes(),
-// identifier, friendlyName);
-// }
-// }
-// }
-// }
-
/**
* Adds given SAML Attributes to the current session. They will be appended
* to the final SAML Assertion or the AUTH block. If the attributes are
@@ -1583,33 +1196,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setExtendedSAMLAttributesOA(oaAttributes);
}
- // /**
- // * Adds given SAML Attributes to the current session. They will be
- // appended
- // * to the final SAML Assertion or the AUTH block. If the attributes are
- // * already in the list, they will be replaced.
- // *
- // * @param session The current session
- // * @param extendedSAMLAttributes The SAML attributes to add
- // * @param identifier The infobox identifier for debug purposes
- // * @param friendlyNam The friendly name of the infobox for debug purposes
- // */
- // private static void AddAdditionalSAMLAttributes(AuthenticationSession
- // session, MISMandate mandate) throws ValidateException
- // {
- //
- // List oaAttributes = session.getExtendedSAMLAttributesOA();
- // if (oaAttributes==null) oaAttributes = new Vector();
- // List authAttributes = session.getExtendedSAMLAttributesAUTH();
- // if (authAttributes==null) authAttributes = new Vector();
- //
- //
- // addExtendedSamlAttributes(authAttributes, mandate);
- //
- // session.setExtendedSAMLAttributesAUTH(authAttributes);
- // session.setExtendedSAMLAttributesOA(oaAttributes);
- // }
-
/**
* Adds the AUTH block related SAML attributes to the validation result.
* This is needed always before the AUTH block is to be signed, because the
@@ -1629,11 +1215,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
extendedSamlAttributes.clear();
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW,
- // mandate, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
// Name
Element domMandate = mandateToElement(mandate);
Element nameSpaceNode = domMandate.getOwnerDocument().createElement(
@@ -1646,24 +1227,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Element mandator = (Element) XPathAPI.selectSingleNode(domMandate,
"//md:Mandate/md:Mandator", nameSpaceNode);
- // first check if physical person
- // Element name = (Element) XPathAPI.selectSingleNode(mandator,
- // "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
- // String mandatorname = ParepUtils.extractMandatorName(mandator);
-
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME,
- // mandatorname, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- // String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- // if (dob != null && !"".equals(dob)) {
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob,
- // SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // }
-
// Mandate
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
ParepValidator.EXT_SAML_MANDATE_RAW, domMandate,
@@ -1692,15 +1255,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
- // String oid = mandate.getProfRep();
- // if (oid != null) {
- // String oidDescription = mandate.getTextualDescriptionOfOID();
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
- // oidDescription, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // }
-
ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
.size()];
extendedSamlAttributes.copyInto(ret);
@@ -1831,9 +1385,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
- //AuthenticationSession session = getSession(sessionID);
-
+
AuthConfigurationProvider authConf = AuthConfigurationProvider
.getInstance();
// parses <CreateXMLSignatureResponse>
@@ -1938,22 +1490,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
}
-
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-// boolean useUTC = oaParam.getUseUTC();
-// boolean useCondition = oaParam.getUseCondition();
-// int conditionLength = oaParam.getConditionLength();
-
- //TL: moved to Authentification Data generation
-// AuthenticationData authData = buildAuthenticationData(session, vsresp,
-// useUTC, false);
-//
-// //set Authblock
-// session.setAuthData(authData);
-
-
session.setXMLVerifySignatureResponse(vsresp);
session.setSignerCertificate(vsresp.getX509certificate());
vsresp.setX509certificate(null);
@@ -1977,42 +1514,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
return newMOASessionID;
- /*
- String samlAssertion = new AuthenticationDataAssertionBuilder()
- .build(authData, session.getAssertionPrPerson(), session
- .getAssertionAuthBlock(), session
- .getAssertionIlAssertion(), session.getBkuURL(),
- session.getAssertionSignerCertificateBase64(),
- session.getAssertionBusinessService(), session
- .getExtendedSAMLAttributesOA(),
- useCondition, conditionLength);
- authData.setSamlAssertion(samlAssertion);
-
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
-
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session
- .getSourceID());
- storeAuthenticationData(samlArtifact, authData);
-
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
- */
}
-
}
/**
@@ -2102,16 +1604,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public String getForeignAuthenticationData(AuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
-
- //TODO: CHECK if STORK parts works correct!!!!
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
-
- //AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
// post processing of the infoboxes
Iterator iter = session.getInfoboxValidatorIterator();
@@ -2155,19 +1651,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
-
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-// boolean useUTC = oaParam.getUseUTC();
-
-// boolean useCondition = oaParam.getUseCondition();
-// int conditionLength = oaParam.getConditionLength();
-
- //TL: moved to Assertion generation.
-// AuthenticationData authData = buildAuthenticationData(session, vsresp,
-// useUTC, true);
-//
-// session.setAuthData(authData);
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
@@ -2177,43 +1660,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setSignerCertificate(vsresp.getX509certificate());
vsresp.setX509certificate(null);
session.setForeigner(true);
-
- return "new Session";
-
- //TODO: regenerate MOASession ID!
- /*
- String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, session.getAssertionPrPerson(), session
- .getAssertionAuthBlock(), session
- .getAssertionIlAssertion(), session.getBkuURL(),
- session.getAssertionSignerCertificateBase64(), session
- .getAssertionBusinessService(), session
- .getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
-
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
-
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session.getSourceID());
- storeAuthenticationData(samlArtifact, authData);
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
-
- return samlArtifact;*/
+ //TODO: regenerate MOASession ID!
+ return "new Session";
}
/**
@@ -2242,7 +1691,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
-// boolean useUTC = oaParam.getUseUTC();
boolean businessService = oaParam.getBusinessService();
authData.setMajorVersion(1);
@@ -2266,7 +1714,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setPublicAuthorityCode(verifyXMLSigResp
.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
-// authData.setUseUTC(oaParam.getUseUTC());
try {
@@ -2350,8 +1797,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
try {
session = AuthenticationSessionStoreage.getSession(id);
- /*(AuthenticationSession) sessionStore
- .get(id);*/
if (session == null)
throw new AuthenticationException("auth.02", new Object[] { id });
return session;
@@ -2373,7 +1818,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
- assertionstore.clean(now, authDataTimeOut);
+ assertionstore.clean(now, authDataTimeOut);
+
+ //clean ExeptionStore
+ DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
+ exstore.clean(now, authDataTimeOut);
+
}
/**
@@ -2730,13 +2180,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (Throwable e) {
throw new CertificateException(e);
}
-
-// CertificateFactory cf;
-// X509Certificate cert = null;
-// cf = CertificateFactory.getInstance("X.509");
-// CertificateFactory
-// cert = (X509Certificate)cf.generateCertificate(is);
-// return cert;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index a73d76d68..2890532b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -28,7 +28,6 @@ import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
import java.io.IOException;
-import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.Properties;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 540311231..41440f323 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -25,25 +25,18 @@ package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
-import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
-import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
-import javax.xml.parsers.ParserConfigurationException;
-
import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -154,10 +147,10 @@ public class AuthenticationSession implements Serializable {
*/
private IdentityLink identityLink;
- /**
- * timestamp logging when identity link has been received
- */
- private Date timestampIdentityLink;
+// /**
+// * timestamp logging when identity link has been received
+// */
+// private Date timestampIdentityLink;
//store Authblock
/**
@@ -563,15 +556,6 @@ public class AuthenticationSession implements Serializable {
}
/**
- * Returns the timestampIdentityLink.
- *
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
-
- /**
* Returns the businessService.
*
* @return <code>true</code> if the corresponding online application is a
@@ -591,28 +575,6 @@ public class AuthenticationSession implements Serializable {
this.businessService = businessService;
}
-// /**
-// * Returns the timestampStart.
-// *
-// * @return Date
-// */
-// public Date getTimestampStart() {
-// return timestampStart;
-// }
-
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-
-// /**
-// * Sets the current date as timestampStart.
-// */
-// public void setTimestampStart() {
-// timestampStart = new Date();
-// }
/**
* @return template URL
@@ -883,25 +845,6 @@ public class AuthenticationSession implements Serializable {
return this.useMandate;
}
-// /**
-// *
-// * @param useTargetFromConfig
-// * indicates if target from config is used or not
-// */
-// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
-// this.useTargetFromConfig = useTargetFromConfig;
-//
-// }
-//
-// /**
-// * Returns if target is used from mandate or not
-// *
-// * @return
-// */
-// public boolean getUseTargetFromConfig() {
-// return this.useTargetFromConfig;
-// }
-
/**
*
* @param misSessionID
@@ -920,97 +863,6 @@ public class AuthenticationSession implements Serializable {
return this.misSessionID;
}
-// /**
-// * @return the assertionAuthData
-// */
-// public AuthenticationData getAssertionAuthData() {
-// return assertionAuthData;
-// }
-//
-// /**
-// * @param assertionAuthData
-// * the assertionAuthData to set
-// */
-// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
-// this.assertionAuthData = assertionAuthData;
-// }
-//
-// /**
-// * @return the assertionPrPerson
-// */
-// public String getAssertionPrPerson() {
-// return assertionPrPerson;
-// }
-//
-// /**
-// * @param assertionPrPerson
-// * the assertionPrPerson to set
-// */
-// public void setAssertionPrPerson(String assertionPrPerson) {
-// this.assertionPrPerson = assertionPrPerson;
-// }
-//
-// /**
-// * @return the assertionAuthBlock
-// */
-// public String getAssertionAuthBlock() {
-// return assertionAuthBlock;
-// }
-//
-// /**
-// * @param assertionAuthBlock
-// * the assertionAuthBlock to set
-// */
-// public void setAssertionAuthBlock(String assertionAuthBlock) {
-// this.assertionAuthBlock = assertionAuthBlock;
-// }
-//
-// /**
-// * @return the assertionIlAssertion
-// */
-// public String getAssertionIlAssertion() {
-// return assertionIlAssertion;
-// }
-//
-// /**
-// * @param assertionIlAssertion
-// * the assertionIlAssertion to set
-// */
-// public void setAssertionIlAssertion(String assertionIlAssertion) {
-// this.assertionIlAssertion = assertionIlAssertion;
-// }
-//
-// /**
-// * @return the assertionSignerCertificateBase64
-// */
-// public String getAssertionSignerCertificateBase64() {
-// return assertionSignerCertificateBase64;
-// }
-//
-// /**
-// * @param assertionSignerCertificateBase64
-// * the assertionSignerCertificateBase64 to set
-// */
-// public void setAssertionSignerCertificateBase64(
-// String assertionSignerCertificateBase64) {
-// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
-// }
-//
-// /**
-// * @return the assertionBusinessService
-// */
-// public boolean getAssertionBusinessService() {
-// return assertionBusinessService;
-// }
-//
-// /**
-// * @param assertionBusinessService
-// * the assertionBusinessService to set
-// */
-// public void setAssertionBusinessService(boolean assertionBusinessService) {
-// this.assertionBusinessService = assertionBusinessService;
-// }
-
/**
* @return the mandateReferenceValue
*/
@@ -1053,16 +905,6 @@ public class AuthenticationSession implements Serializable {
this.ccc = ccc;
}
-
-
-// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
-// return XMLCreateSignatureResponse;
-// }
-//
-// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
-// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
-// }
-
public boolean isForeigner() {
return isForeigner;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 878e9d0cd..81ba83405 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.auth.parser;
import java.io.UnsupportedEncodingException;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -137,7 +138,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
//Validate BKU URI
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+ List<String> allowedbkus = oaParam.getBKUURL();
+ allowedbkus.addAll(AuthConfigurationProvider.getInstance().getDefaultBKUURLs());
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
if (!oaParam.getBusinessService()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
index 4cd471db0..b96fa519f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -14,7 +13,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.monitoring.TestManager;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
public class MonitoringServlet extends AuthServlet {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
deleted file mode 100644
index 40d57e60b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * Servlet requested for selecting a BKU.
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
- * the browser is redirected to the configured "BKU-Auswahl-URL".
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
- * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
- * to the user in an HTML form.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SelectBKUServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 4764993494204751296L;
-
-/**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
-
- /**
- * Responds with an HTML form which requests the user to choose a BKU.
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET SelectBKU");
-
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-// String authURL = req.getScheme() + "://" + req.getServerName();
-// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
-// authURL = authURL.concat(":" + req.getServerPort());
-// }
-// authURL = authURL.concat(req.getContextPath() + "/");
-//
-// String target = req.getParameter(PARAM_TARGET);
-// String oaURL = req.getParameter(PARAM_OA);
-// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
-// String templateURL = req.getParameter(PARAM_TEMPLATE);
-//
-// // escape parameter strings
-// target = StringEscapeUtils.escapeHtml(target);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// templateURL = StringEscapeUtils.escapeHtml(templateURL);
-// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
-//
-//
-// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
-// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
-// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-//
-// try {
-//
-// // check parameter
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
-// if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
-// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
-// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-//
-// if (!ParamValidatorUtils.isValidTarget(target))
-// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
-//
-// OAAuthParameter oaParam =
-// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
-// if (oaParam == null)
-// throw new AuthenticationException("auth.00", new Object[] { oaURL });
-//
-// // get target and target friendly name from config
-// String targetConfig = oaParam.getTarget();
-//
-// String returnValue = null;
-// if (StringUtils.isEmpty(targetConfig)) {
-// // no target attribut is given in OA config
-// // target is used from request
-// // check parameter
-// if (!ParamValidatorUtils.isValidTarget(target))
-// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-//
-// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
-// }
-// else {
-// // use target from config
-// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
-// }
-//
-//
-// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
-// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
-// // bkuSelectionType==HTMLComplete
-// String redirectURL = returnValue;
-// resp.setContentType("text/html");
-// resp.sendRedirect(redirectURL);
-// Logger.info("REDIRECT TO: " + redirectURL);
-// } else {
-// // bkuSelectionType==HTMLSelect
-// String htmlForm = returnValue;
-// resp.setContentType("text/html;charset=UTF-8");
-// Logger.debug("HTML-Form: " + htmlForm);
-// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
-// out.write(htmlForm);
-// out.flush();
-// Logger.debug("Finished GET SelectBKU");
-// }
-// }
-// catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// }
-// catch (Throwable ex) {
-// handleError(null, ex, req, resp);
-// }
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index d2a70c527..e1f527040 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -94,35 +94,6 @@ public class OAAuthParameter extends OAParameter {
private String keyBoxIdentifier;
/**
- * @return the slVersion
- */
-//public String getSlVersion() {
-// return oa_auth.getSlVersion();
-//}
-//
-///**
-// * @return the slVersion12
-// */
-//public boolean isSlVersion12() {
-//
-// // set SLVersion to 1.2 per default
-// return true;
-//
-//// if ("1.2".equals(oa_auth.getSlVersion()))
-//// return true;
-//// else
-//// return false;
-//}
-
-//public boolean getUseUTC() {
-// return oa_auth.isUseUTC();
-//}
-//
-//public boolean useIFrame() {
-// return oa_auth.isUseIFrame();
-//}
-
-/**
* @return the identityLinkDomainIdentifier
*/
public String getIdentityLinkDomainIdentifier() {
@@ -159,13 +130,6 @@ public List<String> getTransformsInfos() {
return oa_auth.getOAPVP2();
}
-///**
-// * @return the bkuSelectionTemplateURL
-// */
-//public String getBkuSelectionTemplateURL() {
-// return bkuSelectionTemplateURL;
-//}
-
/**
* @return the templateURL
*/
@@ -247,20 +211,6 @@ public List<String> getTransformsInfos() {
return null;
}
-///**
-// * @return the inputProcessorSignTemplateURL
-// */
-//public String getInputProcessorSignTemplateURL() {
-// return inputProcessorSignTemplateURL;
-//}
-
-///**
-// * @return the verifyInfoboxParameters
-// */
-//public VerifyInfoboxParameters getVerifyInfoboxParameters() {
-// return verifyInfoboxParameters;
-//}
-
/**
* @return the mandateProfiles
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
deleted file mode 100644
index 3745f2c95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.data;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.StringTokenizer;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * The Cookie-class provides methods to save and return cookies for
- * each single session
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Cookie {
- /** A HahsMap containing all our cookies */
- HashMap cookies = new HashMap();
- /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
- * to send them back to the client/browser as soon as possible */
- HashMap cookies401 = new HashMap();
-
- /**
- * Adds a Cookie from a response with response-code 401 to the cookie-pool
- * for sending it back to the browser / client
- * @param cookieString The complete 'Set-Cookie' - String
- */
- public void add401(String cookieString)
- {
- cookies401.put(getKey(cookieString),cookieString);
- }
-
- /**
- * Get the HashMap containing all cookies to be sent to the browser / client
- * @return HashMap with all cookies
- */
- public HashMap get401()
- {
- return cookies401;
- }
-
- /**
- * Clear the 401 cookie-pool
- */
- public void clear401()
- {
- cookies401.clear();
- }
-
- /**
- * Set a cookie that comes from the Online-Application
- * and save it in our "normal" cookie-pool
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void setCookie(String value) {
- cookies.put(getKey(value), getValue(value));
- }
-
- /**
- * Method saveOldCookies.
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void saveOldCookies(String value) {
- StringTokenizer st = new StringTokenizer(value,";");
- while (st.hasMoreTokens())
- {
- // We have to trim because the Tokenizer returns cookies including spaces at the beginning
- StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
- String cookieKey = st2.nextToken().trim();
- if (st2.hasMoreTokens())
- {
- String cookieValue = st2.nextToken().trim();
- if (!cookies.containsKey(cookieKey))
- cookies.put(cookieKey , cookieValue);
- }
- }
- Logger.debug("Found these cookies: " + getCookies());
- }
-
- /**
- * Get a String containing all cookies saved in that session seperated by '; '
- * to be sent back to the Online-Application
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookies() {
- String result = "";
- if (cookies.size()==0)
- return null;
- Iterator i = cookies.keySet().iterator();
- while (i.hasNext()) {
- String key = (String) i.next();
- result += key + "=" + (String)cookies.get(key) + "; ";
- }
- return result.substring(0, result.length() - 2);
- }
-
- /**
- * Returns the key of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns CookieA
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the key of a key-value-pair of a cookie
- */
- private String getKey(String input) {
- return input.substring(0, input.indexOf("="));
- }
-
- /**
- * Returns the value of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns 1234
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the value of a key-value-pair of a cookie
- */
- private String getValue(String input) {
- if (input.indexOf(";") == -1)
- return input.substring(input.indexOf("=") + 1, input.getBytes().length);
- return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
deleted file mode 100644
index cb87f8ff0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.data;
-
-import java.util.HashMap;
-
-/**
- * The CookieManager is a singleton to manage a Cookie-Object for
- * each session
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CookieManager {
- /** the singleton instance of the CookieManager */
- private static CookieManager instance;
- /** a HashMap to bind a Cookie-object to every single session*/
- private static HashMap cookies = new HashMap();
-
- /**
- * Create a singleton of the CookieManager
- * @return CookieManager
- */
- public static CookieManager getInstance()
- {
- if(instance==null) instance=new CookieManager();
- return instance;
- }
-
- /**
- * Save a cookie to a specified session-id
- * @param id The session id
- * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication
- */
- public void saveCookie(String id, String cookie_string)
- {
- getCookieWithID(id).setCookie(cookie_string);
- }
-
- /**
- * Method saveOldCookies.
- * @param id
- * @param cookie_string
- */
- public void saveOldCookies(String id,String cookie_string)
- {
- getCookieWithID(id).saveOldCookies(cookie_string);
- }
-
- /**
- * Get a Cookie-Object for a specified session-id
- * @param id The session id
- * @return Cookie object containing all saved cookies for this session
- */
- public Cookie getCookieWithID(String id)
- {
- Cookie c = null;
- if(cookies.containsKey(id))
- c = (Cookie)cookies.get(id);
- else
- {
- c = new Cookie();
- cookies.put(id,c);
- }
- return c;
- }
-
-
- /**
- * Get a String containing all cookies of a specified session-id
- * saved in that session seperated by '; ' to be sent back to
- * the Online-Application
- * @param id the session-id
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookie(String id)
- {
- Cookie result = (Cookie)cookies.get((String)id);
- if (result==null)
- return null;
- return result.getCookies();
-
- }
-
- /**
- * Adds a Cookie for a special session from a response with
- * response-code 401 to the cookie-pool for sending it back
- * to the browser / client
- * @param id The session-id
- * @param value The complete 'Set-Cookie' - String
- */
- public void add401(String id,String value)
- {
- getCookieWithID(id).add401(value);
- }
-
- /**
- * Clear the 401 cookie-pool of a session
- * @param id the session-id
- */
- public void clear401(String id)
- {
- getCookieWithID(id).clear401();
- }
-
- /**
- * Get the HashMap containing all cookies of a session to be sent to the browser / client
- * @param id the session-id
- * @return HashMap with all cookies
- */
- public HashMap get401(String id)
- {
- return getCookieWithID(id).get401();
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index d9e3b741f..39c22b701 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -11,7 +11,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
-import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -23,11 +22,9 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.xml.ConfigurationException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -39,7 +36,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -47,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
@@ -61,18 +56,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String SOAP = "Soap";
public static final String METADATA = "Metadata";
- private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
-
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
- servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
- ServletType.AUTH));
- servletList.add(new ServletInfo(PVPProcessor.class, POST,
- ServletType.AUTH));
-
decoder.add(new PostBinding());
decoder.add(new RedirectBinding());
@@ -94,10 +82,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return instance;
}
- public List<ServletInfo> getServlets() {
- return servletList;
- }
-
public String getName() {
return NAME;
}
@@ -179,19 +163,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- //TODO: maybe change to getEntityID()
- //String oaURL = consumerService.getLocation();
String oaURL = moaRequest.getEntityMetadata().getEntityID();
String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
- //String oaURL = (String) request.getParameter(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
config.setOAURL(oaURL);
config.setBinding(binding);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index d842d5fe0..7d101c936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -4,6 +4,9 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public class PVPTargetConfiguration extends RequestImpl {
+
+ private static final long serialVersionUID = 4889919265919638188L;
+
MOARequest request;
String binding;
String consumerURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 75186eec2..fa9dbe990 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -1,28 +1,15 @@
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -34,15 +21,7 @@ public class GetArtifactAction implements IAction {
public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
-
-// HttpSession httpSession = httpReq.getSession();
-// AuthenticationManager authmanager = AuthenticationManager.getInstance();
-// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-
-// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) {
-// throw new AuthenticationException("auth.21", new Object[] {});
-// }
-
+
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
@@ -59,23 +38,10 @@ public class GetArtifactAction implements IAction {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
-
- // if (oaURL == null) {
-// oaURL = session.getOAURLRequested();
-// }
-
-
// TODO: Support Mandate MODE!
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(oaURL);
-
- // builds authentication data and stores it together with a SAML
- // artifact
-
- //TODO: check, if this is correct!!!!
- //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
- // useUTC, false);
-
+
SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
@@ -97,18 +63,13 @@ public class GetArtifactAction implements IAction {
httpResp.addHeader("Location", url);
} else {
- String redirectURL = oaURL;
-
- //session.getOAURLRequested();
-
+ String redirectURL = oaURL;
if (!oaParam.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
-
}
+
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = httpResp.encodeRedirectURL(redirectURL);
@@ -120,30 +81,11 @@ public class GetArtifactAction implements IAction {
return authData.getAssertionID();
- } catch (WrongParametersException ex) {
- // handleWrongParameters(ex, req, httpResp);
- ex.printStackTrace();
- } catch (ConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (BuildException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (AuthenticationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (UnsupportedEncodingException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (MOADatabaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ } catch (Exception ex) {
+ Logger.error("SAML1 Assertion build error", ex);
+ throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
}
- return null;
}
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
deleted file mode 100644
index 87868e777..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.saml1;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLEncoder;
-
-public class GetArtifactServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 3593264832041467899L;
-
- /**
- * Constructor for GetArtifactServlet.
- */
- public GetArtifactServlet() {
- super();
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- HttpSession httpSession = req.getSession();
-
-
-
-// AuthenticationSession session = AuthenticationManager
-// .getAuthenticationSession(httpSession);
-//
-// String oaURL = (String) req.getAttribute(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-//
-// String target = (String) req.getAttribute(PARAM_TARGET);
-// target = StringEscapeUtils.escapeHtml(target);
-//
-// try {
-//
-// // check parameter
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-//
-// if (oaURL == null) {
-// oaURL = session.getOAURLRequested();
-// }
-//
-// if (oaURL == null) {
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-// }
-//
-// String samlArtifactBase64 = SAML1AuthenticationServer
-// .BuildSAMLArtifact(session);
-//
-// String redirectURL = oaURL;
-// session.getOAURLRequested();
-// if (!session.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
-//
-// }
-// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
-// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-// redirectURL = resp.encodeRedirectURL(redirectURL);
-//
-// resp.setContentType("text/html");
-// resp.setStatus(302);
-//
-// resp.addHeader("Location", redirectURL);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-//
-// // CONFIRMATION FOR SSO!
-// /*
-// * OAAuthParameter oaParam =
-// * AuthConfigurationProvider.getInstance().
-// * getOnlineApplicationParameter(oaURL);
-// *
-// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
-// * == null) { friendlyName = oaURL; }
-// *
-// *
-// * LoginConfirmationBuilder builder = new
-// * LoginConfirmationBuilder();
-// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
-// * String form = builder.finish(oaURL, session.getIdentityLink()
-// * .getName(), friendlyName);
-// */
-//
-// /*
-// resp.setContentType("text/html");
-//
-// OutputStream out = resp.getOutputStream();
-// out.write(form.getBytes("UTF-8"));
-// out.flush();
-// out.close();*/
-//
-// } catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// } catch (ConfigurationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (BuildException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (AuthenticationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
-
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- doGet(req, resp);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 9e5f43d8e..c9ee281e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -51,11 +51,9 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return instance;
}
- //private static Map authenticationDataStore = new HashMap();
private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
- //TODO: make this time configurable
/**
* time out in milliseconds used by {@link cleanup} for authentication data
* store
@@ -119,19 +117,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
}
- //removed from MOA-ID 2.0 config
-// try {
-// String boolStr = AuthConfigurationProvider.getInstance()
-// .getGenericConfigurationParameter(
-// "AuthenticationServer.KeepAssertion");
-// if (null != boolStr && boolStr.equalsIgnoreCase("true"))
-// keepAssertion = true;// Only allowed for debug purposes!!!
-//
-// } catch (ConfigurationException ex) {
-// throw new AuthenticationException("1205", new Object[] {
-// samlArtifact, ex.toString() });
-// }
-
authenticationDataStore.remove(samlArtifact);
long now = new Date().getTime();
@@ -317,11 +302,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
authData.setSamlAssertion(samlAssertion);
-// String samlArtifact = new SAMLArtifactBuilder().build(
-// session.getAuthURL(), session.getSessionID(),
-// saml1parameter.getSourceID());
-
- //TODO: check if it correct
String samlArtifact = new SAMLArtifactBuilder().build(
session.getAuthURL(), Random.nextRandom(),
saml1parameter.getSourceID());
@@ -349,10 +329,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("auth.10", new Object[] {
REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID });
- //AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
-
IdentityLink tempIdentityLink = null;
Element mandate = session.getMandate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index e36ac0a8c..9d163032e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -1,8 +1,6 @@
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -19,8 +17,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ServletInfo;
-import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -33,13 +29,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public static final String GETARTIFACT = "GetArtifact";
- private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
-
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
- servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
- ServletType.AUTH));
actions.put(GETARTIFACT, new GetArtifactAction());
@@ -55,11 +47,6 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
return instance;
}
- public List<ServletInfo> getServlets() {
- return servletList;
- }
-
-
public String getName() {
return NAME;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index a78585ff0..e17c9728d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -1,11 +1,7 @@
package at.gv.egovernment.moa.id.storage;
-import java.io.Serializable;
import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
-import java.util.Set;
import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
@@ -16,9 +12,7 @@ import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
@@ -163,18 +157,6 @@ public class AuthenticationSessionStoreage {
}
-// public static void dumpSessionStore() {
-// synchronized (sessionStore) {
-// Set<String> keys = sessionStore.keySet();
-// Iterator<String> keyIterator = keys.iterator();
-// while(keyIterator.hasNext()) {
-// String key = keyIterator.next();
-// AuthenticationSession session = sessionStore.get(key);
-// Logger.info("Key: " + key + " -> " + session.toString());
-// }
-// }
-// }
-
public static String changeSessionID(AuthenticationSession session)
throws AuthenticationException, BuildException {
@@ -373,20 +355,6 @@ public class AuthenticationSessionStoreage {
} else {
return true;
-
-// AuthenticatedSessionStore dbsession = result.get(0);
-//
-//
-// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
-// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
-// return true;
-//
-// } else {
-// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
-// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
-// }
-//
-// return false;
}
}