aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java820
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java968
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java458
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java192
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java144
36 files changed, 1524 insertions, 1847 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index b0c232ba2..e12b1372e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,20 +46,21 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -92,7 +93,9 @@ public class StatisticLogger implements IStatisticLogger{
private EntityManager entityManager;
- public void testConnection() throws Exception {
+ @Override
+ //TODO: update tests!!!!
+ public void internalTesting() throws Exception {
Date expioredate = new Date(new Date().getTime() - 120);
Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp");
query.setParameter("timeout", expioredate);
@@ -129,88 +132,92 @@ public class StatisticLogger implements IStatisticLogger{
Logger.warn("Can not extract some information for StatisticLogger.", e);
}
- dblog.setOatarget(authData.getBPKType());
-
-
- boolean isFederatedAuthentication = protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
- dblog.setInterfederatedSSOSession(isFederatedAuthentication);
-
- if (isFederatedAuthentication) {
- dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
- dblog.setBkuurl(protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
-
- } else {
- dblog.setBkuurl(authData.getBkuURL());
- dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA));
-
- }
-
dblog.setProtocoltype(protocolRequest.requestedModule());
dblog.setProtocolsubtype(protocolRequest.requestedAction());
dblog.setSsosession(isSSOSession);
- //log MandateInforamtion
- if (authData.isUseMandate()) {
- dblog.setMandatelogin(authData.isUseMandate());
+ if (authData instanceof IMOAAuthData) {
+ IMOAAuthData moaAuthData = (IMOAAuthData) authData;
+ dblog.setOatarget(moaAuthData.getBPKType());
+
+ boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+ dblog.setInterfederatedSSOSession(isFederatedAuthentication);
- IMISMandate mandate = authData.getMISMandate();
- if (mandate != null) {
+ if (isFederatedAuthentication) {
+ dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
+ dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
- if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
- dblog.setMandatetype(mandate.getProfRep());
- dblog.setPv(true);
- dblog.setPvOID(mandate.getProfRep());
-
- } else {
- dblog.setPv(false);
- }
+ } else {
+ dblog.setBkuurl(moaAuthData.getBkuURL());
+ dblog.setBkutype(findBKUType(moaAuthData.getBkuURL(), dbOA));
- InputStream is = null;
- try {
- is = new ByteArrayInputStream(mandate.getMandate());
+ }
+
+ //log MandateInforamtion
+ if (moaAuthData.isUseMandate()) {
+ dblog.setMandatelogin(moaAuthData.isUseMandate());
+
+ IMISMandate mandate = moaAuthData.getMISMandate();
+ if (mandate != null) {
- JAXBContext jc = JAXBContext.newInstance(Mandate.class);
- Unmarshaller u = jc.createUnmarshaller();
- Object mismandateobj = u.unmarshal(is);
+ if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
+ dblog.setMandatetype(mandate.getProfRep());
+ dblog.setPv(true);
+ dblog.setPvOID(mandate.getProfRep());
+
+ } else {
+ dblog.setPv(false);
+ }
- if (mismandateobj != null && mismandateobj instanceof Mandate) {
- Mandate mismandate = (Mandate) mismandateobj;
+ InputStream is = null;
+ try {
+ is = new ByteArrayInputStream(mandate.getMandate());
- if (MiscUtil.isEmpty(mandate.getProfRep()))
- dblog.setMandatetype(mismandate.getAnnotation());
+ JAXBContext jc = JAXBContext.newInstance(Mandate.class);
+ Unmarshaller u = jc.createUnmarshaller();
+ Object mismandateobj = u.unmarshal(is);
- Mandator mandator = mismandate.getMandator();
- CorporateBodyType corp = mandator.getCorporateBody();
- if (corp != null) {
- dblog.setMandatortype(MANTATORTYPE_JUR);
+ if (mismandateobj != null && mismandateobj instanceof Mandate) {
+ Mandate mismandate = (Mandate) mismandateobj;
+
+ if (MiscUtil.isEmpty(mandate.getProfRep()))
+ dblog.setMandatetype(mismandate.getAnnotation());
+
+ Mandator mandator = mismandate.getMandator();
+ CorporateBodyType corp = mandator.getCorporateBody();
+ if (corp != null) {
+ dblog.setMandatortype(MANTATORTYPE_JUR);
+
+ } else {
+ dblog.setMandatortype(MANTATORTYPE_NAT);
+ }
+
} else {
- dblog.setMandatortype(MANTATORTYPE_NAT);
+ Logger.warn("Advancted logging can not unmarshall MISMandate");
}
-
-
- } else {
- Logger.warn("Advancted logging can not unmarshall MISMandate");
- }
- } catch (JAXBException e) {
- Logger.warn("Advancted logging can not parse mandate.", e);
-
- } finally {
- if (is!=null) {
- try {
- is.close();
-
- } catch (IOException e) {
- Logger.warn("Close InputStream failed." , e);
-
+ } catch (JAXBException e) {
+ Logger.warn("Advancted logging can not parse mandate.", e);
+
+ } finally {
+ if (is!=null) {
+ try {
+ is.close();
+
+ } catch (IOException e) {
+ Logger.warn("Close InputStream failed." , e);
+
+ }
}
}
- }
- }
- }
-
+ }
+ }
+
+ } else
+ Logger.info("'AuthData' is NOT of type 'IMOAAuthData'. StatisticLogger logs only basic infos");
+
try {
entityManager.persist(dblog);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 5f2dd6582..c684e1ac2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -18,8 +18,8 @@ import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index eaec781e3..de67e36ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -35,8 +35,8 @@ import org.springframework.web.context.support.GenericWebApplicationContext;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index fdf806f78..efe28c900 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -43,6 +43,7 @@ import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -50,7 +51,11 @@ import org.w3c.dom.NodeList;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -68,9 +73,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
import at.gv.egovernment.moa.id.data.Pair;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
@@ -89,6 +95,7 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.XPathException;
import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.client.szr.SZRClient;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
@@ -109,16 +116,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-
- public IAuthData buildAuthenticationData(IRequest pendingReq,
- IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
- return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration());
+ @Override
+ public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+ try {
+ return buildAuthenticationData(pendingReq,
+ new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+ pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
+
+ } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+ Logger.warn("Can not build authentication data from session information");
+ throw new EAAFAuthenticationException("TODO", new Object[]{},
+ "Can not build authentication data from session information", e);
+ }
}
-
- public IAuthData buildAuthenticationData(IRequest pendingReq,
+
+ private IAuthData buildAuthenticationData(IRequest pendingReq,
IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
- AuthenticationData authdata = null;
+ MOAAuthenticationData authdata = null;
//only needed for SAML1 legacy support
try {
@@ -135,19 +150,19 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA());
}
- authdata = (AuthenticationData) saml1authdata;
+ authdata = (MOAAuthenticationData) saml1authdata;
} else {
- authdata = new AuthenticationData();
+ authdata = new MOAAuthenticationData();
}
} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
- authdata = new AuthenticationData();
+ authdata = new MOAAuthenticationData();
}
- OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+ OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
//reuse authentication information in case of service-provider reauthentication
if (activeOA != null) {
authdata.setSessionIndex(activeOA.getAssertionSessionID());
@@ -254,7 +269,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
}
- private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session,
+ private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
Collection<String> includedToGenericAuthData = null;
@@ -267,7 +282,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
try {
//####################################################
//set general authData info's
- authData.setIssuer(protocolRequest.getAuthURL());
+ authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
@@ -454,7 +469,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
- authData.setCcc(pvpCCCAttr);
+ authData.setCiticenCountryCode(pvpCCCAttr);
Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
} else {
@@ -469,7 +484,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
for (Rdn rdn : ln.getRdns()) {
if (rdn.getType().equalsIgnoreCase("C")) {
Logger.info("C is: " + rdn.getValue());
- authData.setCcc(rdn.getValue().toString());
+ authData.setCiticenCountryCode(rdn.getValue().toString());
break;
}
}
@@ -487,7 +502,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
} else {
- authData.setCcc(COUNTRYCODE_AUSTRIA);
+ authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
}
}
@@ -913,7 +928,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
* @throws ConfigurationException
*/
private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
- AuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
+ MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
//set List of encrypted bPKs to authData DAO
String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
@@ -1067,7 +1082,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
}
- private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException {
+ private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
if (oaParam.hasBaseIdTransferRestriction()) {
Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 7f47d3dfe..a43e6a7fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -51,13 +51,13 @@ import java.util.Calendar;
import java.util.List;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 94651915e..d23e32c81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -40,12 +40,15 @@ import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections4.map.HashedMap;
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -65,7 +68,7 @@ import iaik.x509.X509Certificate;
* @author Thomas Lenz
*
*/
-public class AuthenticationSession implements Serializable, IAuthenticationSession {
+public class AuthenticationSession implements Serializable, IAuthenticationSession, AuthProzessDataConstants {
/**
*
@@ -274,7 +277,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
*/
@Override
- public String getSessionID() {
+ public String getSSOSessionID() {
return sessionID;
}
@@ -290,7 +293,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
*/
@Override
- public void setSessionID(String sessionId) {
+ public void setSSOSessionID(String sessionId) {
this.sessionID = sessionId;
}
@@ -636,5 +639,34 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
Logger.trace("Add generic session-data with key:" + key + " to session.");
genericSessionDataStorate.put(key, object);
+ }
+
+ @Override
+ public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
+ Map<String, Object> result = new HashMap<String, Object>();
+ result.put(FLAG_IS_AUTHENTICATED, isAuthenticated());
+
+ result.put(FLAG_IS_FOREIGNER, isForeigner());
+ result.put(FLAG_IS_ORGANWALTER, isOW());
+ result.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
+ result.put(FLAG_USE_MANDATE, isMandateUsed());
+
+ result.put(VALUE_AUTHBLOCK, getAuthBlock());
+ result.put(VALUE_AUTNBLOCKTOKKEN, getAuthBlockTokken());
+ result.put(VALUE_BKUURL, getBkuURL());
+ result.put(VALUE_EXTENTEDSAMLATTRAUTH, getExtendedSAMLAttributesAUTH());
+ result.put(VALUE_EXTENTEDSAMLATTROA, getExtendedSAMLAttributesOA());
+ result.put(VALUE_IDENTITYLINK, getIdentityLink());
+ result.put(VALUE_ISSUEINSTANT, getIssueInstant());
+ result.put(VALUE_MISMANDATE, getMISMandate());
+ result.put(VALUE_MISREFVALUE, getMandateReferenceValue());
+ result.put(VALUE_MISSESSIONID, getMISSessionID());
+ result.put(VALUE_QAALEVEL, getQAALevel());
+ result.put(VALUE_SIGNER_CERT, getSignerCertificate());
+ result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
+
+ result.putAll(genericSessionDataStorate);
+
+ return Collections.unmodifiableMap(result);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index 5419e8ae0..fb584047e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -25,11 +25,14 @@ package at.gv.egovernment.moa.id.auth.data;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -56,7 +59,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
this.sessionData = genericDataStorage;
}
-
+
private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {
if (MiscUtil.isNotEmpty(key)) {
Object obj = sessionData.get(key);
@@ -151,8 +154,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
*/
@Override
- public String getSessionID() {
- return wrapStringObject(VALUE_SESSIONID, null, String.class);
+ public String getSSOSessionID() {
+ return wrapStringObject(ISSOManager.AUTH_DATA_SSO_SESSIONID, null, String.class);
}
@@ -169,8 +172,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
* @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
*/
@Override
- public void setSessionID(String sessionId) {
- sessionData.put(VALUE_SESSIONID, sessionId);
+ public void setSSOSessionID(String sessionId) {
+ sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
}
@@ -446,7 +449,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
*/
@Override
public Date getSessionCreated() {
- return wrapStringObject(VALUE_CREATED, null, Date.class);
+ return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
}
/* (non-Javadoc)
@@ -489,4 +492,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
}
+ @Override
+ public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
+ return Collections.unmodifiableMap(sessionData);
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
deleted file mode 100644
index ffbb6a19e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class BKUException extends MOAIDException {
-
- private static final long serialVersionUID = -4646544256490397419L;
-
- private String bkuErrorCode;
- private String bkuErrorMessage;
-
- public BKUException(String messageId, Object[] parameters,
- String bkuErrorCode, String bkuErrorMessage) {
- super(messageId, parameters);
-
- this.bkuErrorCode = bkuErrorCode;
- this.bkuErrorMessage = bkuErrorMessage;
- }
-
-
- /**
- * @return the bkuErrorCode
- */
- public String getBkuErrorCode() {
- return bkuErrorCode;
- }
-
-
- /**
- * @return the bkuErrorMessage
- */
- public String getBkuErrorMessage() {
- return bkuErrorMessage;
- }
-
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
deleted file mode 100644
index ab3d2cae2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class MISSimpleClientException extends MOAIDException {
-
- private static final long serialVersionUID = 1L;
-
- private String misErrorCode;
- private String misErrorMessage;
-
- public MISSimpleClientException() {
- super("UNDEFINED ERROR", null);
- }
-
- public MISSimpleClientException(String message) {
- super(message, null);
- }
-
- public MISSimpleClientException(String message, String code, String text) {
- super(message, new Object[] { code , text });
- this.misErrorMessage = text;
- this.misErrorCode = code;
- }
-
- public MISSimpleClientException(String message, Throwable cause) {
- super(message, null, cause);
- }
-
- public MISSimpleClientException(String message, Object[] params, Throwable cause) {
- super(message, params, cause);
- }
-
- /**
- * @return the bkuErrorCode
- */
- public String getMISErrorCode() {
- return misErrorCode;
- }
-
-
- /**
- * @return the bkuErrorMessage
- */
- public String getMISErrorMessage() {
- return misErrorMessage;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 841613cba..48d652671 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,9 +22,9 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index 86acc5fdd..b624e13ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,8 +22,8 @@
*/
package at.gv.egovernment.moa.id.auth.modules;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
/**
* @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index 09d42e49f..0336cb370 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -30,10 +30,11 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -56,7 +57,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
if (MiscUtil.isNotEmpty(paramName) &&
- !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName))
+ !EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName))
executionContext.put(paramName,
StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 242b565ab..6e374995f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -29,6 +29,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -37,7 +38,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -82,7 +82,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
//load MOA SSO-session from database
- AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+ AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
@@ -92,14 +92,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
-
- //Populate this pending request with SSO session information
- pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
-
-
+
//user allow single sign-on authentication
if (ssoConsents) {
+ //Populate this pending request with SSO session information
+ pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+
//authenticate pending-request
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
deleted file mode 100644
index 91c1f999c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("FinalizeAuthenticationTask")
-public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
- @Override
- public void execute(ExecutionContext executionContext,
- HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
-
- try {
- defaultTaskInitialization(request, executionContext);
-
- //set MOASession to authenticated
- moasession.setAuthenticated(true);
-
- //set pending request to authenticated
- pendingReq.setAuthenticated(true);
- requestStoreage.storePendingRequest(pendingReq);
-
- Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher.");
- performRedirectToProtocolFinialization(pendingReq, response);
-
- } catch (MOAIDException e) {
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- } catch (Exception e) {
- Logger.warn("FinalizeAuthenticationTask has an internal error", e);
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- } finally {
- executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
-
- }
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index cbd8d2aa6..98e632bd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -58,14 +58,13 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
try {
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
//load Parameters from OnlineApplicationConfiguration
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
if (oaParam == null) {
- throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 1efd9cc13..3c364e924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -37,8 +38,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -58,9 +57,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
- try {
- //perform default task initialization
- defaultTaskInitialization(request, executionContext);
+ try {
//set authenticated flag to false, because user consents is required
pendingReq.setAuthenticated(false);
@@ -77,8 +74,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
guiBuilder.build(response, config, "SendAssertion-Evaluation");
//Log consents evaluator event to revisionslog
- revisionsLogger.logEvent(pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
} catch (GUIBuildException e) {
Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index 04d43d79b..8def0f860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -30,14 +30,14 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -69,8 +69,8 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask {
// select and create new process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
if (processDefinitionId == null) {
- Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID());
- throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() });
+ Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
+ throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
}
String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
@@ -84,7 +84,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask {
} catch (MOAIDException e) {
Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 4e5ef7533..e0d65e103 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -31,6 +31,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.EAAFException;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -40,7 +41,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
deleted file mode 100644
index 3b12418fa..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet that resumes a suspended process (in case of asynchronous tasks).
- *
- * @author tknall
- *
- */
-public abstract class AbstractProcessEngineSignalController extends AbstractController {
-
- @Autowired protected ProcessEngine processEngine;
-
- protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
- IRequest pendingReq = null;
- try {
- if (pendingRequestID == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
-
- }
-
- pendingReq = requestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- //change pending-request ID
- requestStorage.changePendingRequestID(pendingReq);
- pendingRequestID = pendingReq.getRequestID();
-
- // process instance is mandatory
- if (pendingReq.getProcessInstanceId() == null) {
- throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
-
- }
-
- // wake up next task
- processEngine.signal(pendingReq);
-
- } catch (Exception ex) {
- handleError(null, ex, req, resp, pendingReq);
-
- } finally {
- //MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeAllLoggingVariables();
-
- }
-
-
- }
-
- /**
- * Retrieves the current pending-request id from the HttpServletRequest parameter
- * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
- * <p/>
- * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
- * respective pending-request id.
- *
- * @param request
- * The unterlying HttpServletRequest.
- * @return The current pending-request id.
- */
- public String getPendingRequestId(HttpServletRequest request) {
- return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index cfeca88b7..18aa93cc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -35,12 +35,12 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egiz.eaaf.core.api.IRequest;
import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.logging.Logger;
@@ -165,7 +165,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
private IRequest extractPendingRequest(HttpServletRequest req) {
try {
String pendingReqID = StringEscapeUtils.escapeHtml(
- req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+ req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
if (MiscUtil.isNotEmpty(pendingReqID)) {
IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index dfa923558..87325989a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+
/**
* @author tlenz
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 9282db3b1..0e9db3964 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfi
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.moduls.SSOManager;
@@ -53,7 +54,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index beacf1552..21d329145 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,12 +56,10 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -71,8 +69,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class LogOutServlet {
private static final String REDIRECT_URL = "redirect";
- @Autowired(required=true) private SSOManager ssomanager;
- @Autowired(required=true) private AuthenticationManager authmanager;
+ @Autowired(required=true) private ISSOManager ssomanager;
+ //@Autowired(required=true) private IAuthenticationManager authmanager;
@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired(required=true) private AuthConfiguration authConfig;
@@ -83,10 +81,7 @@ public class LogOutServlet {
String redirectUrl = (String) req.getParameter(REDIRECT_URL);
- try {
- //get SSO token from request
- String ssoid = ssomanager.getSSOSessionID(req);
-
+ try {
if (MiscUtil.isEmpty(redirectUrl)) {
//set default redirect Target
Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
@@ -103,23 +98,11 @@ public class LogOutServlet {
}
- if (ssomanager.isValidSSOSession(ssoid, null)) {
-
- //TODO: Single LogOut Implementation
-
- //delete SSO session and MOA session
- AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
- authmanager.performOnlyIDPLogOut(moasessionid);
-
- Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
- } else {
+ if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+ Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);
+ else
Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
-
- }
-
- //Remove SSO token
- ssomanager.deleteSSOSessionID(req, resp);
-
+
} catch (Exception e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 979b8f4e4..ee69b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -33,7 +33,7 @@ import org.springframework.web.servlet.ModelAndView;
import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
index 6f3c02411..ee5cb2395 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
@@ -36,8 +36,8 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.xsd.mis.MandateIdentifiers;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 1abbeb789..db2499ad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1252,4 +1252,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
}
+
+ @Override
+ public String validateIDPURL(URL arg0) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
deleted file mode 100644
index 4b29fef3b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ /dev/null
@@ -1,820 +0,0 @@
-/**
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.collections4.map.HashedMap;
-import org.w3c.dom.Element;
-
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class AuthenticationData implements IAuthData, Serializable {
-
- private static final long serialVersionUID = -1042697056735596866L;
- public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-
- /**
- * URL of the MOA-ID Auth component issueing this assertion
- */
- private String issuer;
- /**
- * time instant of issue of this assertion
- */
- private Date issueInstant;
- /**
- * user identification value (Stammzahl); <code>null</code>,
- * if the authentication module is configured not to return this data
- */
- private String identificationValue;
- /**
- * user identification type
- */
- private String identificationType;
-
- /**
- * user identityLink specialized to OAParamter
- */
- private IIdentityLink identityLink;
-
- /**
- * application specific user identifier (bPK/wbPK)
- */
- private String bPK;
-
- /**
- * application specific user identifier type
- */
- private String bPKType;
-
- /**
- * given name of the user
- */
- private String givenName;
- /**
- * family name of the user
- */
- private String familyName;
- /**
- * date of birth of the user
- */
- private Date dateOfBirth;
- /**
- * says whether the certificate is a qualified certificate or not
- */
- private boolean qualifiedCertificate;
- /**
- * says whether the certificate is a public authority or not
- */
- private boolean publicAuthority;
- /**
- * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
- */
- private String publicAuthorityCode;
-
- /**
- * URL of the BKU
- */
- private String bkuURL;
- /**
- * the corresponding <code>lt;saml:Assertion&gt;</code>
- */
-
- private boolean isBaseIDTransferRestrication = true;
-
-
- /**
- * STORK attributes from response
- */
- private String ccc = null;
-
- private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-
- private byte[] signerCertificate = null;
-
- private String authBlock = null;
- private List<String> encbPKList = null;
-
- //ISA 1.18 attributes
- private List<AuthenticationRole> roles = null;
- private String pvpAttribute_OU = null;
-
- private boolean useMandate = false;
- private IMISMandate mandate = null;
- private String mandateReferenceValue = null;
-
- private boolean foreigner =false;
- private String QAALevel = null;
-
- private boolean ssoSession = false;
- private Date ssoSessionValidTo = null;
-
-// private boolean interfederatedSSOSession = false;
-// private String interfederatedIDP = null;
-
- private String sessionIndex = null;
- private String nameID = null;
- private String nameIDFormat = null;
-
- public AuthenticationData() {
- issueInstant = new Date();
- }
-
- /**
- * Returns the publicAuthority.
- * @return boolean
- */
- public boolean isPublicAuthority() {
- return publicAuthority;
- }
-
- /**
- * Returns the publicAuthorityCode.
- * @return String
- */
- public String getPublicAuthorityCode() {
- return publicAuthorityCode;
- }
-
- /**
- * Returns the qualifiedCertificate.
- * @return boolean
- */
- public boolean isQualifiedCertificate() {
- return qualifiedCertificate;
- }
-
- /**
- * Returns the bPK.
- * @return String
- */
- public String getBPK() {
- return bPK;
- }
-
- /**
- * Sets the publicAuthority.
- * @param publicAuthority The publicAuthority to set
- */
- public void setPublicAuthority(boolean publicAuthority) {
- this.publicAuthority = publicAuthority;
- }
-
- /**
- * Sets the publicAuthorityCode.
- * @param publicAuthorityIdentification The publicAuthorityCode to set
- */
- public void setPublicAuthorityCode(String publicAuthorityIdentification) {
- this.publicAuthorityCode = publicAuthorityIdentification;
- }
-
- /**
- * Sets the qualifiedCertificate.
- * @param qualifiedCertificate The qualifiedCertificate to set
- */
- public void setQualifiedCertificate(boolean qualifiedCertificate) {
- this.qualifiedCertificate = qualifiedCertificate;
- }
-
- /**
- * Sets the bPK.
- * @param bPK The bPK to set
- */
- public void setBPK(String bPK) {
- this.bPK = bPK;
- }
-
- /**
- * Returns the dateOfBirth.
- * @return String
- */
- public Date getDateOfBirth() {
- return dateOfBirth;
- }
-
- public String getFormatedDateOfBirth() {
- DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
- if (getDateOfBirth() != null)
- return pvpDateFormat.format(getDateOfBirth());
- else
- return "2999-12-31";
- }
-
- /**
- * Returns the familyName.
- * @return String
- */
- public String getFamilyName() {
- return familyName;
- }
-
- /**
- * Returns the givenName.
- * @return String
- */
- public String getGivenName() {
- return givenName;
- }
-
- /**
- * Holds the baseID of a citizen
- *
- * @return baseID
- */
- public String getIdentificationValue() {
- return identificationValue;
- }
-
- /**
- * Holds the type of the baseID
- *
- * @return baseID-Type
- */
- public String getIdentificationType() {
- return identificationType;
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public String getIssueInstantString() {
- return DateTimeUtils.buildDateTimeUTC(issueInstant);
-
- }
-
- /**
- * Returns the issueInstant.
- * @return String
- */
- public Date getIssueInstant() {
- return issueInstant;
-
- }
-
- public void setIssueInstant(Date date) {
- this.issueInstant = date;
- }
-
- /**
- * Returns the issuer.
- * @return String
- */
- public String getIssuer() {
- return issuer;
- }
-
- /**
- * Returns the BKU URL.
- * @return String
- */
- public String getBkuURL() {
- return bkuURL;
- }
-
- /**
- * Sets the dateOfBirth.
- * @param dateOfBirth The dateOfBirth to set
- */
- public void setDateOfBirth(Date dateOfBirth) {
- this.dateOfBirth = dateOfBirth;
- }
-
- public void setDateOfBirth(String dateOfBirth) {
- try {
- if (MiscUtil.isNotEmpty(dateOfBirth)) {
- DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
- this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
- }
-
- } catch (ParseException e) {
- Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-
- }
- }
-
- /**
- * Sets the familyName.
- * @param familyName The familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
- /**
- * Sets the givenName.
- * @param givenName The givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
- /**
- * Sets the identificationValue.
- * @param identificationValue The identificationValue to set
- */
- public void setIdentificationValue(String identificationValue) {
- this.identificationValue = identificationValue;
- }
-
- /**
- * Sets the identificationType.
- * @param identificationType The identificationType to set
- */
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * Sets the issuer.
- * @param issuer The issuer to set
- */
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
-
- /**
- * Sets the bkuURL
- * @param url The BKU URL to set
- */
- public void setBkuURL(String url) {
- this.bkuURL = url;
- }
-
- public String getBPKType() {
- return bPKType;
- }
-
- public void setBPKType(String bPKType) {
- this.bPKType = bPKType;
- }
-
- /**
- * @return the identityLink
- */
- public IIdentityLink getIdentityLink() {
- return identityLink;
- }
-
- /**
- * @param identityLink the identityLink to set
- */
- public void setIdentityLink(IIdentityLink identityLink) {
- this.identityLink = identityLink;
- }
-
- /**
- * @return the signerCertificate
- */
- public byte[] getSignerCertificate() {
- return signerCertificate;
- }
-
-
- /**
- * @param signerCertificate the signerCertificate to set
- */
- public void setSignerCertificate(byte[] signerCertificate) {
- this.signerCertificate = signerCertificate;
- }
-
-
- /**
- * @return the authBlock
- */
- public String getAuthBlock() {
- return authBlock;
- }
-
-
- /**
- * @param authBlock the authBlock to set
- */
- public void setAuthBlock(String authBlock) {
- this.authBlock = authBlock;
- }
-
-
- /**
- * @return the mandate
- */
- public IMISMandate getMISMandate() {
- return mandate;
- }
-
- public Element getMandate() {
- if (mandate == null)
- return null;
-
- //parse Element from mandate XML
- try {
- byte[] byteMandate = mandate.getMandate();
- String stringMandate = new String(byteMandate);
- return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-
- }
- catch (Throwable e) {
- Logger.warn("Mandate content could not be generated from MISMandate.");
- return null;
- }
- }
-
-
- /**
- * @param mandate the mandate to set
- */
- public void setMISMandate(IMISMandate mandate) {
- this.mandate = mandate;
- }
-
-
- /**
- * @return the useMandate
- */
- public boolean isUseMandate() {
- return useMandate;
- }
-
-
- /**
- * @param useMandate the useMandate to set
- */
- public void setUseMandate(boolean useMandate) {
- this.useMandate = useMandate;
- }
-
-
- /**
- * @return
- */
- public String getQAALevel() {
- if (this.QAALevel != null &&
- this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
- if (MiscUtil.isNotEmpty(mappedQAA))
- return mappedQAA;
-
- else {
- Logger.error("eIDAS QAA-level:" + this.QAALevel
- + " can not be mapped to STORK QAA-level! Use "
- + PVPConstants.STORK_QAA_1_1 + " as default value.");
- return PVPConstants.STORK_QAA_1_1;
-
- }
-
-
- } else
- return this.QAALevel;
- }
-
-
- public String getEIDASQAALevel() {
- if (this.QAALevel != null &&
- this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
- String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
- if (MiscUtil.isNotEmpty(mappedQAA))
- return mappedQAA;
-
- else {
- Logger.error("STORK QAA-level:" + this.QAALevel
- + " can not be mapped to eIDAS QAA-level! Use "
- + PVPConstants.EIDAS_QAA_LOW + " as default value.");
- return PVPConstants.EIDAS_QAA_LOW;
-
- }
-
-
- } else
- return this.QAALevel;
-
- }
-
-
- /**
- * @return
- */
- public boolean isForeigner() {
- return this.foreigner;
- }
-
-
- /**
- * @param foreigner the foreigner to set
- */
- public void setForeigner(boolean foreigner) {
- this.foreigner = foreigner;
- }
-
-
- /**
- * Store QAA level in eIDAS format to authentication Data
- *
- * @param qAALevel the qAALevel to set
- * @throws AssertionAttributeExtractorExeption
- */
- public void setQAALevel(String qAALevel) {
- QAALevel = qAALevel;
-
- }
-
- /**
- * @return the ssoSession
- */
- public boolean isSsoSession() {
- return ssoSession;
- }
-
-
- /**
- * @param ssoSession the ssoSession to set
- */
- public void setSsoSession(boolean ssoSession) {
- this.ssoSession = ssoSession;
- }
-
- /**
- * @return the mandateReferenceValue
- */
- public String getMandateReferenceValue() {
- return mandateReferenceValue;
- }
-
- /**
- * @param mandateReferenceValue the mandateReferenceValue to set
- */
- public void setMandateReferenceValue(String mandateReferenceValue) {
- this.mandateReferenceValue = mandateReferenceValue;
- }
-
- /**
- * CountryCode of the citizen which is identified and authenticated
- *
- * @return the CountryCode <pre>like. AT, SI, ...</pre>
- */
- public String getCcc() {
- return ccc;
- }
-
- /**
- * @param ccc the ccc to set
- */
- public void setCcc(String ccc) {
- this.ccc = ccc;
- }
-
- /**
- * @return the sessionIndex
- */
- public String getSessionIndex() {
- return sessionIndex;
- }
-
- /**
- * @param sessionIndex the sessionIndex to set
- */
- public void setSessionIndex(String sessionIndex) {
- this.sessionIndex = sessionIndex;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
- */
- @Override
- public String getNameID() {
- return this.nameID;
- }
-
- /**
- * @param nameID the nameID to set
- */
- public void setNameID(String nameID) {
- this.nameID = nameID;
- }
-
- /**
- * @return the nameIDFormat
- */
- public String getNameIDFormat() {
- return nameIDFormat;
- }
-
- /**
- * @param nameIDFormat the nameIDFormat to set
- */
- public void setNameIDFormat(String nameIDFormat) {
- this.nameIDFormat = nameIDFormat;
- }
-
-// /**
-// * @return the interfederatedSSOSession
-// */
-// public boolean isInterfederatedSSOSession() {
-// return interfederatedSSOSession;
-// }
-//
-// /**
-// * @param interfederatedSSOSession the interfederatedSSOSession to set
-// */
-// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-// this.interfederatedSSOSession = interfederatedSSOSession;
-// }
-//
-// /**
-// * @return the interfederatedIDP
-// */
-// public String getInterfederatedIDP() {
-// return interfederatedIDP;
-// }
-//
-// /**
-// * @param interfederatedIDP the interfederatedIDP to set
-// */
-// public void setInterfederatedIDP(String interfederatedIDP) {
-// this.interfederatedIDP = interfederatedIDP;
-// }
-
- /**
- * @return the ssoSessionValidTo
- */
- public Date getSsoSessionValidTo() {
- return ssoSessionValidTo;
- }
-
- /**
- * @param ssoSessionValidTo the ssoSessionValidTo to set
- */
- public void setSsoSessionValidTo(Date ssoSessionValidTo) {
- this.ssoSessionValidTo = ssoSessionValidTo;
- }
-
- /**
- * @return the encbPKList
- */
- public List<String> getEncbPKList() {
- return encbPKList;
- }
-
- /**
- * @param encbPKList the encbPKList to set
- */
- public void setEncbPKList(List<String> encbPKList) {
- this.encbPKList = encbPKList;
- }
-
- /**
- * @return the roles
- */
- public List<AuthenticationRole> getAuthenticationRoles() {
-// if (this.roles == null) {
-// this.roles = new ArrayList<AuthenticationRole>();
-// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-// }
-
- return roles;
- }
-
- //ISA 1.18 attributes
- /**
- * @param roles the roles to set
- */
- public void addAuthenticationRole(AuthenticationRole role) {
- if (this.roles == null)
- this.roles = new ArrayList<AuthenticationRole>();
-
- this.roles.add(role);
- }
-
- /**
- * @return the pvpAttribute_OU
- */
- public String getPvpAttribute_OU() {
- return pvpAttribute_OU;
- }
-
- /**
- * @param pvpAttribute_OU the pvpAttribute_OU to set
- */
- public void setPvpAttribute_OU(String pvpAttribute_OU) {
- this.pvpAttribute_OU = pvpAttribute_OU;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
- */
- @Override
- public boolean isBaseIDTransferRestrication() {
- return isBaseIDTransferRestrication;
- }
-
- /**
- * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
- */
- public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
- this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
- }
-
- /**
- * Returns a generic data-object with is stored with a specific identifier
- *
- * @param key The specific identifier of the data object
- * @param clazz The class type which is stored with this key
- * @return The data object or null if no data is found with this key
- */
- public <T> T getGenericData(String key, final Class<T> clazz) {
- if (MiscUtil.isNotEmpty(key)) {
- Object data = genericDataStorate.get(key);
-
- if (data == null)
- return null;
-
- try {
- @SuppressWarnings("unchecked")
- T test = (T) data;
- return test;
-
- } catch (Exception e) {
- Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
- return null;
-
- }
-
- }
-
- Logger.warn("Can not load generic session-data with key='null'");
- return null;
-
- }
-
- /**
- * Store a generic data-object to session with a specific identifier
- *
- * @param key Identifier for this data-object
- * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
- * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
- */
- public void setGenericData(String key, Object object) throws SessionDataStorageException {
- if (MiscUtil.isEmpty(key)) {
- Logger.warn("Generic session-data can not be stored with a 'null' key");
- throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-
- }
-
- if (object != null) {
- if (!Serializable.class.isInstance(object)) {
- Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
- throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-
- }
- }
-
- if (genericDataStorate.containsKey(key))
- Logger.debug("Overwrite generic data with key:" + key);
- else
- Logger.trace("Add generic data with key:" + key + " to session.");
-
- genericDataStorate.put(key, object);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
new file mode 100644
index 000000000..b8dccfa65
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+
+public interface IMOAAuthData extends IAuthData{
+
+ @Deprecated
+ /**
+ * Return STORK QAA level
+ *
+ * @return
+ */
+ String getQAALevel();
+
+ List<String> getEncbPKList();
+ IIdentityLink getIdentityLink();
+ byte[] getSignerCertificate();
+ String getAuthBlock();
+ boolean isPublicAuthority();
+ String getPublicAuthorityCode();
+ boolean isQualifiedCertificate();
+ String getBkuURL();
+ String getInterfederatedIDP();
+ boolean isInterfederatedSSOSession();
+ boolean isUseMandate();
+ IMISMandate getMISMandate();
+ Element getMandate();
+ String getMandateReferenceValue();
+
+ //ISA 1.18 attributes
+ String getPvpAttribute_OU();
+ List<AuthenticationRole> getAuthenticationRoles();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
new file mode 100644
index 000000000..0e8a988ce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -0,0 +1,968 @@
+/**
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
+
+ private static final long serialVersionUID = 1L;
+ private IIdentityLink identityLink;
+ private boolean qualifiedCertificate;
+ private boolean publicAuthority;
+ private String publicAuthorityCode;
+ private String bkuURL;
+ private byte[] signerCertificate = null;
+ private String authBlock = null;
+ private String QAALevel = null;
+ private List<String> encbPKList;
+
+ //ISA 1.18 attributes
+ private List<AuthenticationRole> roles = null;
+ private String pvpAttribute_OU = null;
+
+ private boolean useMandate = false;
+ private IMISMandate mandate = null;
+ private String mandateReferenceValue = null;
+
+ private boolean interfederatedSSOSession;
+ private String interfederatedIDP;
+
+
+ /**
+ * @return
+ */
+ @Override
+ public String getQAALevel() {
+ if (this.QAALevel != null &&
+ this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+ String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+ if (MiscUtil.isNotEmpty(mappedQAA))
+ return mappedQAA;
+
+ else {
+ Logger.error("eIDAS QAA-level:" + this.QAALevel
+ + " can not be mapped to STORK QAA-level! Use "
+ + PVPConstants.STORK_QAA_1_1 + " as default value.");
+ return PVPConstants.STORK_QAA_1_1;
+
+ }
+
+
+ } else
+ return this.QAALevel;
+
+ }
+
+ @Override
+ public List<String> getEncbPKList() {
+ return this.encbPKList;
+ }
+
+
+ @Override
+ public IIdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * @param identityLink the identityLink to set
+ */
+ public void setIdentityLink(IIdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ @Override
+ public byte[] getSignerCertificate() {
+ return signerCertificate;
+ }
+
+
+ /**
+ * @param signerCertificate the signerCertificate to set
+ */
+ public void setSignerCertificate(byte[] signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+
+ @Override
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+
+ /**
+ * @param authBlock the authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+
+ @Override
+ public IMISMandate getMISMandate() {
+ return mandate;
+ }
+
+ @Override
+ public Element getMandate() {
+ if (mandate == null)
+ return null;
+
+ //parse Element from mandate XML
+ try {
+ byte[] byteMandate = mandate.getMandate();
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMISMandate(IMISMandate mandate) {
+ this.mandate = mandate;
+ }
+
+
+ @Override
+ public boolean isUseMandate() {
+ return useMandate;
+ }
+
+
+ public void setUseMandate(boolean useMandate) {
+ this.useMandate = useMandate;
+ }
+
+
+ @Override
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ @Override
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ @Override
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+
+ @Override
+ public String getBkuURL() {
+ return bkuURL;
+
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ @Override
+ public boolean isInterfederatedSSOSession() {
+ return this.interfederatedSSOSession;
+ }
+
+ /**
+ * @param interfederatedSSOSession the interfederatedSSOSession to set
+ */
+ public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+ this.interfederatedSSOSession = interfederatedSSOSession;
+ }
+
+ @Override
+ public String getInterfederatedIDP() {
+ return this.interfederatedIDP;
+ }
+
+ /**
+ * @param interfederatedIDP the interfederatedIDP to set
+ */
+ public void setInterfederatedIDP(String interfederatedIDP) {
+ this.interfederatedIDP = interfederatedIDP;
+ }
+
+
+ @Override
+ public String getMandateReferenceValue() {
+ return mandateReferenceValue;
+ }
+
+ /**
+ * @param mandateReferenceValue the mandateReferenceValue to set
+ */
+ public void setMandateReferenceValue(String mandateReferenceValue) {
+ this.mandateReferenceValue = mandateReferenceValue;
+ }
+
+
+ @Override
+ public List<AuthenticationRole> getAuthenticationRoles() {
+ return roles;
+ }
+
+ //ISA 1.18 attributes
+ /**
+ * @param roles the roles to set
+ */
+ public void addAuthenticationRole(AuthenticationRole role) {
+ if (this.roles == null)
+ this.roles = new ArrayList<AuthenticationRole>();
+
+ this.roles.add(role);
+ }
+
+ @Override
+ public String getPvpAttribute_OU() {
+ return pvpAttribute_OU;
+ }
+
+ /**
+ * @param pvpAttribute_OU the pvpAttribute_OU to set
+ */
+ public void setPvpAttribute_OU(String pvpAttribute_OU) {
+ this.pvpAttribute_OU = pvpAttribute_OU;
+ }
+
+ /**
+ * Store QAA level in eIDAS format to authentication Data
+ *
+ * @param qAALevel the qAALevel to set
+ * @throws AssertionAttributeExtractorExeption
+ */
+ public void setQAALevel(String qAALevel) {
+ this.QAALevel = qAALevel;
+
+ }
+
+ /**
+ * @param encbPKList the encbPKList to set
+ */
+ public void setEncbPKList(List<String> encbPKList) {
+ this.encbPKList = encbPKList;
+ }
+
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+
+// private static final long serialVersionUID = -1042697056735596866L;
+// public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+//
+// /**
+// * URL of the MOA-ID Auth component issueing this assertion
+// */
+// private String issuer;
+// /**
+// * time instant of issue of this assertion
+// */
+// private Date issueInstant;
+// /**
+// * user identification value (Stammzahl); <code>null</code>,
+// * if the authentication module is configured not to return this data
+// */
+// private String identificationValue;
+// /**
+// * user identification type
+// */
+// private String identificationType;
+//
+// /**
+// * user identityLink specialized to OAParamter
+// */
+// private IIdentityLink identityLink;
+//
+// /**
+// * application specific user identifier (bPK/wbPK)
+// */
+// private String bPK;
+//
+// /**
+// * application specific user identifier type
+// */
+// private String bPKType;
+//
+// /**
+// * given name of the user
+// */
+// private String givenName;
+// /**
+// * family name of the user
+// */
+// private String familyName;
+// /**
+// * date of birth of the user
+// */
+// private Date dateOfBirth;
+// /**
+// * says whether the certificate is a qualified certificate or not
+// */
+//
+// /**
+// * says whether the certificate is a public authority or not
+// */
+// /**
+// * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+// */
+//
+//
+// /**
+// * URL of the BKU
+// */
+//
+// /**
+// * the corresponding <code>lt;saml:Assertion&gt;</code>
+// */
+//
+// private boolean isBaseIDTransferRestrication = true;
+//
+//
+// /**
+// * STORK attributes from response
+// */
+// private String ccc = null;
+//
+// private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+//
+//
+//
+// private String authBlock = null;
+// private List<String> encbPKList = null;
+//
+// //ISA 1.18 attributes
+// private List<AuthenticationRole> roles = null;
+// private String pvpAttribute_OU = null;
+//
+// private boolean useMandate = false;
+// private IMISMandate mandate = null;
+// private String mandateReferenceValue = null;
+//
+// private boolean foreigner =false;
+// private String QAALevel = null;
+//
+// private boolean ssoSession = false;
+// private Date ssoSessionValidTo = null;
+//
+//// private boolean interfederatedSSOSession = false;
+//// private String interfederatedIDP = null;
+//
+// private String sessionIndex = null;
+// private String nameID = null;
+// private String nameIDFormat = null;
+//
+// public AuthenticationData() {
+// issueInstant = new Date();
+// }
+//
+// /**
+// * Returns the publicAuthority.
+// * @return boolean
+// */
+// public boolean isPublicAuthority() {
+// return publicAuthority;
+// }
+//
+// /**
+// * Returns the publicAuthorityCode.
+// * @return String
+// */
+// public String getPublicAuthorityCode() {
+// return publicAuthorityCode;
+// }
+//
+// /**
+// * Returns the qualifiedCertificate.
+// * @return boolean
+// */
+// public boolean isQualifiedCertificate() {
+// return qualifiedCertificate;
+// }
+//
+// /**
+// * Returns the bPK.
+// * @return String
+// */
+// public String getBPK() {
+// return bPK;
+// }
+//
+// /**
+// * Sets the publicAuthority.
+// * @param publicAuthority The publicAuthority to set
+// */
+// public void setPublicAuthority(boolean publicAuthority) {
+// this.publicAuthority = publicAuthority;
+// }
+//
+// /**
+// * Sets the publicAuthorityCode.
+// * @param publicAuthorityIdentification The publicAuthorityCode to set
+// */
+// public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+// this.publicAuthorityCode = publicAuthorityIdentification;
+// }
+//
+// /**
+// * Sets the qualifiedCertificate.
+// * @param qualifiedCertificate The qualifiedCertificate to set
+// */
+// public void setQualifiedCertificate(boolean qualifiedCertificate) {
+// this.qualifiedCertificate = qualifiedCertificate;
+// }
+//
+// /**
+// * Sets the bPK.
+// * @param bPK The bPK to set
+// */
+// public void setBPK(String bPK) {
+// this.bPK = bPK;
+// }
+//
+// /**
+// * Returns the dateOfBirth.
+// * @return String
+// */
+// public Date getDateOfBirth() {
+// return dateOfBirth;
+// }
+//
+// public String getFormatedDateOfBirth() {
+// DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+// if (getDateOfBirth() != null)
+// return pvpDateFormat.format(getDateOfBirth());
+// else
+// return "2999-12-31";
+// }
+//
+// /**
+// * Returns the familyName.
+// * @return String
+// */
+// public String getFamilyName() {
+// return familyName;
+// }
+//
+// /**
+// * Returns the givenName.
+// * @return String
+// */
+// public String getGivenName() {
+// return givenName;
+// }
+//
+// /**
+// * Holds the baseID of a citizen
+// *
+// * @return baseID
+// */
+// public String getIdentificationValue() {
+// return identificationValue;
+// }
+//
+// /**
+// * Holds the type of the baseID
+// *
+// * @return baseID-Type
+// */
+// public String getIdentificationType() {
+// return identificationType;
+// }
+//
+// /**
+// * Returns the issueInstant.
+// * @return String
+// */
+// public String getIssueInstantString() {
+// return DateTimeUtils.buildDateTimeUTC(issueInstant);
+//
+// }
+//
+// /**
+// * Returns the issueInstant.
+// * @return String
+// */
+// public Date getIssueInstant() {
+// return issueInstant;
+//
+// }
+//
+// public void setIssueInstant(Date date) {
+// this.issueInstant = date;
+// }
+//
+// /**
+// * Returns the issuer.
+// * @return String
+// */
+// public String getIssuer() {
+// return issuer;
+// }
+//
+// /**
+// * Returns the BKU URL.
+// * @return String
+// */
+// public String getBkuURL() {
+// return bkuURL;
+// }
+//
+// /**
+// * Sets the dateOfBirth.
+// * @param dateOfBirth The dateOfBirth to set
+// */
+// public void setDateOfBirth(Date dateOfBirth) {
+// this.dateOfBirth = dateOfBirth;
+// }
+//
+// public void setDateOfBirth(String dateOfBirth) {
+// try {
+// if (MiscUtil.isNotEmpty(dateOfBirth)) {
+// DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+// this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+// }
+//
+// } catch (ParseException e) {
+// Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+//
+// }
+// }
+//
+// /**
+// * Sets the familyName.
+// * @param familyName The familyName to set
+// */
+// public void setFamilyName(String familyName) {
+// this.familyName = familyName;
+// }
+//
+// /**
+// * Sets the givenName.
+// * @param givenName The givenName to set
+// */
+// public void setGivenName(String givenName) {
+// this.givenName = givenName;
+// }
+//
+// /**
+// * Sets the identificationValue.
+// * @param identificationValue The identificationValue to set
+// */
+// public void setIdentificationValue(String identificationValue) {
+// this.identificationValue = identificationValue;
+// }
+//
+// /**
+// * Sets the identificationType.
+// * @param identificationType The identificationType to set
+// */
+// public void setIdentificationType(String identificationType) {
+// this.identificationType = identificationType;
+// }
+//
+// /**
+// * Sets the issuer.
+// * @param issuer The issuer to set
+// */
+// public void setIssuer(String issuer) {
+// this.issuer = issuer;
+// }
+//
+// /**
+// * Sets the bkuURL
+// * @param url The BKU URL to set
+// */
+// public void setBkuURL(String url) {
+// this.bkuURL = url;
+// }
+//
+// public String getBPKType() {
+// return bPKType;
+// }
+//
+// public void setBPKType(String bPKType) {
+// this.bPKType = bPKType;
+// }
+//
+
+//
+//
+
+//
+//
+// public String getEIDASQAALevel() {
+// if (this.QAALevel != null &&
+// this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+// String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+// if (MiscUtil.isNotEmpty(mappedQAA))
+// return mappedQAA;
+//
+// else {
+// Logger.error("STORK QAA-level:" + this.QAALevel
+// + " can not be mapped to eIDAS QAA-level! Use "
+// + PVPConstants.EIDAS_QAA_LOW + " as default value.");
+// return PVPConstants.EIDAS_QAA_LOW;
+//
+// }
+//
+//
+// } else
+// return this.QAALevel;
+//
+// }
+//
+//
+// /**
+// * @return
+// */
+// public boolean isForeigner() {
+// return this.foreigner;
+// }
+//
+//
+// /**
+// * @param foreigner the foreigner to set
+// */
+// public void setForeigner(boolean foreigner) {
+// this.foreigner = foreigner;
+// }
+//
+//
+
+//
+// /**
+// * @return the ssoSession
+// */
+// public boolean isSsoSession() {
+// return ssoSession;
+// }
+//
+//
+// /**
+// * @param ssoSession the ssoSession to set
+// */
+// public void setSsoSession(boolean ssoSession) {
+// this.ssoSession = ssoSession;
+// }
+//
+// /**
+// * @return the mandateReferenceValue
+// */
+// public String getMandateReferenceValue() {
+// return mandateReferenceValue;
+// }
+//
+// /**
+// * @param mandateReferenceValue the mandateReferenceValue to set
+// */
+// public void setMandateReferenceValue(String mandateReferenceValue) {
+// this.mandateReferenceValue = mandateReferenceValue;
+// }
+//
+// /**
+// * CountryCode of the citizen which is identified and authenticated
+// *
+// * @return the CountryCode <pre>like. AT, SI, ...</pre>
+// */
+// public String getCcc() {
+// return ccc;
+// }
+//
+// /**
+// * @param ccc the ccc to set
+// */
+// public void setCcc(String ccc) {
+// this.ccc = ccc;
+// }
+//
+// /**
+// * @return the sessionIndex
+// */
+// public String getSessionIndex() {
+// return sessionIndex;
+// }
+//
+// /**
+// * @param sessionIndex the sessionIndex to set
+// */
+// public void setSessionIndex(String sessionIndex) {
+// this.sessionIndex = sessionIndex;
+// }
+//
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+// */
+// @Override
+// public String getNameID() {
+// return this.nameID;
+// }
+//
+// /**
+// * @param nameID the nameID to set
+// */
+// public void setNameID(String nameID) {
+// this.nameID = nameID;
+// }
+//
+// /**
+// * @return the nameIDFormat
+// */
+// public String getNameIDFormat() {
+// return nameIDFormat;
+// }
+//
+// /**
+// * @param nameIDFormat the nameIDFormat to set
+// */
+// public void setNameIDFormat(String nameIDFormat) {
+// this.nameIDFormat = nameIDFormat;
+// }
+//
+//// /**
+//// * @return the interfederatedSSOSession
+//// */
+//// public boolean isInterfederatedSSOSession() {
+//// return interfederatedSSOSession;
+//// }
+////
+//// /**
+//// * @param interfederatedSSOSession the interfederatedSSOSession to set
+//// */
+//// public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+//// this.interfederatedSSOSession = interfederatedSSOSession;
+//// }
+////
+//// /**
+//// * @return the interfederatedIDP
+//// */
+//// public String getInterfederatedIDP() {
+//// return interfederatedIDP;
+//// }
+////
+//// /**
+//// * @param interfederatedIDP the interfederatedIDP to set
+//// */
+//// public void setInterfederatedIDP(String interfederatedIDP) {
+//// this.interfederatedIDP = interfederatedIDP;
+//// }
+//
+// /**
+// * @return the ssoSessionValidTo
+// */
+// public Date getSsoSessionValidTo() {
+// return ssoSessionValidTo;
+// }
+//
+// /**
+// * @param ssoSessionValidTo the ssoSessionValidTo to set
+// */
+// public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+// this.ssoSessionValidTo = ssoSessionValidTo;
+// }
+//
+// /**
+// * @return the encbPKList
+// */
+// public List<String> getEncbPKList() {
+// return encbPKList;
+// }
+//
+// /**
+// * @param encbPKList the encbPKList to set
+// */
+// public void setEncbPKList(List<String> encbPKList) {
+// this.encbPKList = encbPKList;
+// }
+//
+// /**
+// * @return the roles
+// */
+// public List<AuthenticationRole> getAuthenticationRoles() {
+//// if (this.roles == null) {
+//// this.roles = new ArrayList<AuthenticationRole>();
+//// this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+//// this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+//// }
+//
+// return roles;
+// }
+//
+// //ISA 1.18 attributes
+// /**
+// * @param roles the roles to set
+// */
+// public void addAuthenticationRole(AuthenticationRole role) {
+// if (this.roles == null)
+// this.roles = new ArrayList<AuthenticationRole>();
+//
+// this.roles.add(role);
+// }
+//
+// /**
+// * @return the pvpAttribute_OU
+// */
+// public String getPvpAttribute_OU() {
+// return pvpAttribute_OU;
+// }
+//
+// /**
+// * @param pvpAttribute_OU the pvpAttribute_OU to set
+// */
+// public void setPvpAttribute_OU(String pvpAttribute_OU) {
+// this.pvpAttribute_OU = pvpAttribute_OU;
+// }
+//
+// /* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+// */
+// @Override
+// public boolean isBaseIDTransferRestrication() {
+// return isBaseIDTransferRestrication;
+// }
+//
+// /**
+// * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+// */
+// public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+// this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+// }
+//
+// /**
+// * Returns a generic data-object with is stored with a specific identifier
+// *
+// * @param key The specific identifier of the data object
+// * @param clazz The class type which is stored with this key
+// * @return The data object or null if no data is found with this key
+// */
+// public <T> T getGenericData(String key, final Class<T> clazz) {
+// if (MiscUtil.isNotEmpty(key)) {
+// Object data = genericDataStorate.get(key);
+//
+// if (data == null)
+// return null;
+//
+// try {
+// @SuppressWarnings("unchecked")
+// T test = (T) data;
+// return test;
+//
+// } catch (Exception e) {
+// Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+// return null;
+//
+// }
+//
+// }
+//
+// Logger.warn("Can not load generic session-data with key='null'");
+// return null;
+//
+// }
+//
+// /**
+// * Store a generic data-object to session with a specific identifier
+// *
+// * @param key Identifier for this data-object
+// * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+// * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+// */
+// public void setGenericData(String key, Object object) throws SessionDataStorageException {
+// if (MiscUtil.isEmpty(key)) {
+// Logger.warn("Generic session-data can not be stored with a 'null' key");
+// throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+//
+// }
+//
+// if (object != null) {
+// if (!Serializable.class.isInstance(object)) {
+// Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+// throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+//
+// }
+// }
+//
+// if (genericDataStorate.containsKey(key))
+// Logger.debug("Overwrite generic data with key:" + key);
+// else
+// Logger.trace("Add generic data with key:" + key + " to session.");
+//
+// genericDataStorate.put(key, object);
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a24683545..2e1af43e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
@@ -31,11 +29,11 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.StatusCode;
@@ -46,21 +44,22 @@ import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -69,10 +68,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
@@ -81,36 +76,50 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_AuthenticationManager")
-public class AuthenticationManager extends MOAIDAuthConstants {
+public class AuthenticationManager extends AbstractAuthenticationManager {
- private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
- private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
-
+ public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+ public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+ public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
+ public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
+ public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
public static final int SLOTIMEOUT = 30 * 1000; //30 sec
- @Autowired private ProcessEngine processEngine;
- @Autowired private SSOManager ssoManager;
- @Autowired private IRequestStorage requestStoreage;
+
@Autowired private ITransactionStorage transactionStorage;
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
- @Autowired private MOAReversionLogger revisionsLogger;
- @Autowired protected AuthConfiguration authConfig;
+
@Autowired private SingleLogOutBuilder sloBuilder;
@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
@Autowired private IGUIFormBuilder guiBuilder;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+
+ @Override
+ public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
+ throws EAAFException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+ throws EAAFException {
+ // TODO Auto-generated method stub
+
+ }
+
+
+
public void performSingleLogOut(HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
@@ -123,39 +132,6 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
- /**
- * @param req
- * @param resp
- * @param moasessionid
- */
- public void performOnlyIDPLogOut(AuthenticationSession authSession) {
-
- if (authSession == null) {
- Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
- return;
-
- }
-
- try {
-
- authSession.setAuthenticated(false);
- //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
- //log Session_Destroy to reversionslog
- AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-
- authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
-
- //session.invalidate();
-
- } catch (MOADatabaseException e) {
- Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
- return;
- }
-
- }
-
public void performOnlyIDPLogOut(HttpServletRequest request,
HttpServletResponse response, String internalMOASsoSessionID) {
@@ -187,327 +163,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
}
-
-
- /**
- * Authenticates the authentication request {pendingReq}, which is actually processed
- *
- * @param httpReq HttpServletRequest
- * @param httpResp HttpServletResponse
- * @param protocolRequest Authentication request which is actually in process
- *
- * @return Return already authenticated MOASession if exists, otherwise return null
- * @throws MOADatabaseException
- * @throws MOAIDException
- * @throws IOException
- * @throws ServletException
- *
- */
- public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
- HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
-
- //load OA configuration from pending request
- IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-
- //set logging context and log unique OA identifier to revision log
- TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
- revisionsLogger.logEvent(oaParam,
- pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
-
- //generic authentication request validation
- if (pendingReq.isPassiv()
- && pendingReq.forceAuth()) {
- // conflict!
- throw new NoPassivAuthenticationException();
- }
-
- //get SSO cookie from http request
- String ssoId = ssoManager.getSSOSessionID(httpReq);
-
- //check if interfederation IDP is requested
- ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
-
- //check if SSO session cookie is already used
- if (ssoId != null) {
- String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId);
-
- if (correspondingMOASession != null) {
- Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
- "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
-
- //destroy internal SSO-session object and SSO-session cooky
- authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
- ssoManager.deleteSSOSessionID(httpReq, httpResp);
- }
- }
-
- //check if SSO Session is valid
- boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-
- // check if Service-Provider allows SSO sessions
- boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
-
- //if a legacy request is used SSO should not be allowed in case of mandate authentication
- boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
-
- //check if SSO is allowed for the actually executed request
- //INFO: Actually, useMandate disables SSO functionality!!!!!
- boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested);
- pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
-
- //get MOASession from SSO-Cookie if SSO is allowed
- AuthenticationSession ssoMOASession = null;
- if (isValidSSOSession && isSSOAllowed) {
- ssoMOASession = ssoManager.getInternalMOASession(ssoId);
-
- if (ssoMOASession == null)
- Logger.info("No MOASession FOUND with provided SSO-Cookie.");
-
- else {
- Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
- revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO);
-
- }
- }
-
- //check if session is already authenticated
- boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
-
- //force new authentication authentication process
- if (pendingReq.forceAuth()) {
- startAuthenticationProcess(httpReq, httpResp, pendingReq);
- return null;
-
- //perform SSO-Consents evaluation if it it required
- } else if (isSessionAuthenticated && oaParam.useSSOQuestion()) {
- sendSingleSignOnConsentsEvaluation(httpReq, httpResp, pendingReq);
- return null;
-
- } else if (pendingReq.isPassiv()) {
- if (isSessionAuthenticated) {
- // Passive authentication ok!
- revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return ssoMOASession;
-
- } else {
- throw new NoPassivAuthenticationException();
-
- }
- } else {
- if (isSessionAuthenticated) {
- // Is authenticated .. proceed
- revisionsLogger.logEvent(oaParam,
- pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return ssoMOASession;
-
- } else {
- // Start authentication!
- startAuthenticationProcess(httpReq, httpResp, pendingReq);
- return null;
- }
- }
- }
-
- /**
- * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
- *
- * @param httpReqParam http parameter name, but never null
- */
- public void addParameterNameToWhiteList(String httpReqParam) {
- if (MiscUtil.isNotEmpty(httpReqParam))
- reqParameterWhiteListeForModules.add(httpReqParam);
-
- }
-
- /**
- * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
- *
- * @param httpReqParam http header name, but never null
- */
- public void addHeaderNameToWhiteList(String httpReqParam) {
- if (MiscUtil.isNotEmpty(httpReqParam))
- reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
- }
-
- /**
- * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
- *
- * @param protocolRequest Authentication request which is actually in process
- * @param moaSession MOASession with authentication information or null if no active MOASession exists
- *
- * @return true if session is already authenticated, otherwise false
- * @throws MOAIDException
- */
- private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
-
- //if no MOASession exist -> authentication is required
- if (ssoMOASession == null) {
- return false;
-
- } else {
- //if MOA SSO-Session is found but not authenticated --> authentication is required
- if (!ssoMOASession.isAuthenticated()) {
- return false;
- }
-
- //if MOASession is already authenticated and protocol-request is authenticated
- // --> no authentication is required any more
- else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
- protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
- return true;
-
- // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
- } else if (!protocolRequest.isAuthenticated()
- && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
- Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
- protocolRequest.setAuthenticated(true);
- protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
- return true;
-
- }
-
- // force authentication as backup solution
- else {
- Logger.warn("Authentication-required check find an unsuspected state --> force authentication");
- return false;
-
- }
- }
- }
-
- private void startAuthenticationProcess(HttpServletRequest httpReq,
- HttpServletResponse httpResp, RequestImpl pendingReq)
- throws ServletException, IOException, MOAIDException {
-
- Logger.info("Starting authentication ...");
- revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_START);
-
- //is legacy allowed
- List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols();
- boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
-
- //check legacy request parameter
- boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-
- //create authentication process execution context
- ExecutionContext executionContext = new ExecutionContextImpl();
-
- //set oaIdentifeir
- executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER,
- pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
-
- //set interfederation authentication flag
- executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH,
- MiscUtil.isNotEmpty(
- pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
-
- //set legacy mode or BKU-selection flags
- boolean leagacyMode = (legacyallowed && legacyparamavail);
- executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
- executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode
- && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
-
- //add X509 SSL client certificate if exist
- if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
- Logger.debug("Find SSL-client-certificate on request --> Add it to context");
- executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE,
- ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
-
- }
-
- //add additional http request parameter to context
- if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) {
- Enumeration<String> reqParamNames = httpReq.getParameterNames();
- while(reqParamNames.hasMoreElements()) {
- String paramName = reqParamNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName) &&
- ( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)
- || reqParameterWhiteListeForModules.contains(paramName) ))
- executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
- }
- }
-
- //add additional http request parameter to context
- if (!reqHeaderWhiteListeForModules.isEmpty()) {
- Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
- while(reqHeaderNames.hasMoreElements()) {
- String paramName = reqHeaderNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
- executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));
- }
- }
- }
-
- //start process engine
- startProcessEngine(pendingReq, executionContext);
-
- }
-
- private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request,
- HttpServletResponse response, RequestImpl pendingReq)
- throws ServletException, IOException, MOAIDException {
-
- Logger.info("Start SSO user-consents evaluation ...");
-
- //set authenticated flag to false, because user consents is required
- pendingReq.setAuthenticated(false);
-
- //create execution context
- ExecutionContext executionContext = new ExecutionContextImpl();
- executionContext.put(SingleSignOnConsentsModuleImpl.PARAM_SSO_CONSENTS_EVALUATION, true);
-
- //start process engine
- startProcessEngine(pendingReq, executionContext);
-
- }
-
- private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws MOAIDException {
- try {
- //put pending-request ID on execurtionContext
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
-
- // create process instance
- String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
-
- if (processDefinitionId == null) {
- Logger.warn("No suitable process found for SessionID " + pendingReq.getRequestID() );
- throw new MOAIDException("process.02",new Object[] {
- pendingReq.getRequestID()});
- }
-
- String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
-
- // keep process instance id in protocol pending-request
- pendingReq.setProcessInstanceId(processInstanceId);
-
- //store pending-request
- requestStoreage.storePendingRequest(pendingReq);
-
- // start process
- processEngine.start(pendingReq);
-
- } catch (ProcessExecutionException e) {
- Throwable cause = e.getCause();
- if (cause != null && cause instanceof TaskExecutionException) {
- Throwable taskCause = cause.getCause();
- if (taskCause != null && taskCause instanceof MOAIDException) {
- MOAIDException moaTaskCause = (MOAIDException) taskCause;
- Logger.warn(taskCause);
- throw moaTaskCause;
-
- }
- }
-
- throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getRequestID() }, e);
- }
- }
private void performSingleLogOut(HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
@@ -732,5 +388,45 @@ public class AuthenticationManager extends MOAIDAuthConstants {
e.printStackTrace();
}
}
+
+ @Override
+ protected void populateExecutionContext(ExecutionContext executionContext, RequestImpl pendingReq, HttpServletRequest httpReq)
+ throws EAAFException {
+ //is legacy allowed
+ boolean legacyallowed = false;
+ if (authConfig instanceof AuthConfiguration) {
+ List<String> legacyallowed_prot = ((AuthConfiguration)authConfig).getLegacyAllowedProtocols();
+ legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
+
+ } else
+ Logger.info("Base configuration is NOT of type 'AuthConfiguration'. LegacyMode is disabled");
+
+
+ //check legacy request parameter
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
+
+
+ //set interfederation authentication flag
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH,
+ MiscUtil.isNotEmpty(
+ pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+
+ //set legacy mode or BKU-selection flags
+ boolean leagacyMode = (legacyallowed && legacyparamavail);
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode
+ && MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+
+ //add additional http request parameter to context
+ if (leagacyMode) {
+ Enumeration<String> reqParamNames = httpReq.getParameterNames();
+ while(reqParamNames.hasMoreElements()) {
+ String paramName = reqParamNames.nextElement();
+ if (StringUtils.isNotEmpty(paramName) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) )
+ executionContext.put(paramName, StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
+ }
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 718f730b0..bded1943b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -33,12 +33,20 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -46,12 +54,15 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_SSOManager")
-public class SSOManager {
+public class SSOManager implements ISSOManager {
+
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "slo_template.html";
public static String CONTEXTPATH = "contextPath";
@@ -62,9 +73,160 @@ public class SSOManager {
private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
- @Autowired protected AuthConfiguration authConfig;
+ @Autowired private AuthConfiguration authConfig;
+ @Autowired private IRevisionLogger revisionsLogger;
+
+
//@Autowired private MOASessionDBUtils moaSessionDBUtils;
+
+ public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException {
+ try {
+ //get SSO cookie from http request
+ String ssoId = getSSOSessionID(httpReq);
+
+ //check if interfederation IDP is requested
+ checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
+
+ //check if SSO session cookie is already used
+ if (ssoId != null) {
+ String correspondingMOASession = existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+ revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_INVALID);
+
+ //destroy internal SSO-session object and SSO-session cooky
+ authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
+ deleteSSOSessionID(httpReq, httpResp);
+ }
+ }
+
+ //check if SSO Session is valid
+ boolean isSSOValid = isValidSSOSession(ssoId, pendingReq);
+
+ if (isSSOValid)
+ pendingReq.setSSOSessionIdentifier(ssoId);
+
+ return isSSOValid;
+
+
+ } catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+ Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
+ Logger.info("All SSO session will be ignored.");
+
+ }
+
+ return false;
+
+ }
+
+
+
+ public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) {
+ // check if Service-Provider allows SSO sessions
+ IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+ boolean useSSOOA = oaConfig.useSSO() || oaConfig.isInderfederationIDP();
+
+ //if a legacy request is used SSO should not be allowed in case of mandate authentication
+ boolean isUseMandateRequested = false;
+ try {
+ isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
+
+ //check if SSO is allowed for the actually executed request
+ //INFO: Actually, useMandate disables SSO functionality!!!!!
+ pendingReq.setNeedSingleSignOnFunctionality((useSSOOA && !isUseMandateRequested));
+
+ //check if current service provider needs user consent for SSO
+ pendingReq.setNeedUserConsent(oaConfig.useSSOQuestion());
+
+ } catch (WrongParametersException e) {
+ Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage());
+
+ }
+
+ }
+
+ public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {
+ //populate pending request with eID data from SSO session if no userConsent is required
+ try {
+ AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+
+ if (ssoMOASession == null)
+ Logger.info("No MOASession FOUND with provided SSO-Cookie.");
+
+ else {
+ Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
+ revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
+
+ Logger.trace("Populatint pending request with SSO session information .... ");
+ pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+ pendingReq.setAuthenticated(true);
+
+ }
+
+ } catch (EAAFStorageException e) {
+ Logger.warn("Can NOT populate pending request from SSO session.", e);
+ throw new EAAFSSOException("", new Object[] {},
+ "Can NOT populate pending request from SSO session", e);
+
+ }
+
+ }
+
+
+ @Override
+ public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException {
+ //get SSO token from request
+ String ssoid = null;
+ if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getSSOSessionIdentifier())) {
+ ssoid = pendingReq.getSSOSessionIdentifier();
+
+ } else {
+ ssoid = getSSOSessionID(httpReq);
+
+ }
+ try {
+ if (isValidSSOSession(ssoid, null)) {
+
+ //delete SSO session and MOA session
+ AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+
+ if (ssoSession == null) {
+ Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+ return false;
+
+ }
+
+
+ ssoSession.setAuthenticated(false);
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions =
+ authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+ authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+ }
+
+ } catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+ Logger.info("NO MOA Authentication data for ID " + ssoid);
+ return false;
+
+ }
+
+
+ //Remove SSO token
+ deleteSSOSessionID(httpReq, httpResp);
+
+ return true;
+
+ }
+
+
+ //*********************************** old **************************************
+
/**
* Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
* Set the requested interfederation IDP as attribte of the {protocolRequest}
@@ -209,7 +371,7 @@ public class SSOManager {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
if (moaSession != null) {
- AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
return extSessionInformation.getUniqueSessionId();
}
@@ -336,4 +498,28 @@ public class SSOManager {
setCookie(httpReq, httpResp, cookieName, "", 0);
}
+
+
+ @Override
+ public void createNewSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+ // TODO Auto-generated method stub
+
+ }
+
+
+
+ @Override
+ public String createNewSSOSessionCookie(HttpServletRequest arg0, HttpServletResponse arg1, IRequest arg2)
+ throws EAAFSSOException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+ @Override
+ public void updateSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+ // TODO Auto-generated method stub
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index d3b2a5c38..1168773dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,11 +46,15 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
try {
- String authblock = authData.getAuthBlock();
- if (MiscUtil.isNotEmpty(authblock)) {
- return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
- Base64Utils.encodeToString(authblock.getBytes("UTF-8")));
- }
+ if (authData instanceof IMOAAuthData) {
+ String authblock = ((IMOAAuthData)authData).getAuthBlock();
+ if (MiscUtil.isNotEmpty(authblock)) {
+ return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
+ Base64Utils.encodeToString(authblock.getBytes("UTF-8")));
+ }
+
+ } else
+ Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is only available in MOA-ID context");
}
catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
index f87a9b673..5e14e598f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class EIDCcsURL implements IPVPAttributeBuilder {
@@ -38,12 +40,16 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ if (authData instanceof IMOAAuthData) {
+ String bkuurl = ((IMOAAuthData)authData).getBkuURL();
+ if (MiscUtil.isNotEmpty(bkuurl))
+ return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+
+
+ } else
+ Logger.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context");
- String bkuurl = authData.getBkuURL();
- if (MiscUtil.isNotEmpty(bkuurl))
- return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
- else
- throw new UnavailableAttributeException(EID_CCS_URL_NAME);
+ throw new UnavailableAttributeException(EID_CCS_URL_NAME);
}
public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 715bc376e..76b1a1cda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -27,7 +27,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
@Deprecated
@@ -39,15 +42,21 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ if (authData instanceof IMOAAuthData) {
+ String qaaLevel = null;
+ if (((IMOAAuthData)authData).getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
+ qaaLevel = ((IMOAAuthData)authData).getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
+ else
+ qaaLevel = ((IMOAAuthData)authData).getQAALevel();
+
+ return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
+
+ } else
+ Logger.info(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + " is only available in MOA-ID context");
- String qaaLevel = null;
- if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
- qaaLevel = authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
- else
- qaaLevel = authData.getQAALevel();
+ throw new UnavailableAttributeException(EID_CITIZEN_QAA_LEVEL_NAME);
- return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index cc916ef73..d11d57ab8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -69,6 +69,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
@@ -85,7 +86,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index 335cf55ce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IStatusMessager;
-import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.util.Messages;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-@Service("MOAIDMessageProvider")
-public class MOAIDMessageProvider implements IStatusMessager {
-
- //internal messanges
- private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" };
- private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") };
- private Messages messages;
-
- //external error codes
- private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" };
- private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") };
- private Messages externalError = null;
-
-
- public MOAIDMessageProvider() {
- this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
- this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
-
- }
-
- /**
- * Get the message corresponding to a given message ID.
- *
- * @param messageId The ID of the message.
- * @param parameters The parameters to fill in into the message arguments.
- * @return The formatted message.
- */
- @Override
- public String getMessage(String messageId, Object[] parameters) {
- return messages.getMessage(messageId, parameters);
- }
-
-
-@Override
-public String getResponseErrorCode(Throwable throwable) {
- String errorCode = null;
-
- if (throwable instanceof BKUException) {
- BKUException error = (BKUException) throwable;
- errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
- error.getBkuErrorCode();
-
- } else if (throwable instanceof MISSimpleClientException) {
- MISSimpleClientException error = (MISSimpleClientException) throwable;
-
- if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
- errorCode = mapInternalErrorToExternalError(error.getMessageId()) +
- error.getMISErrorCode();
- else
- errorCode = mapInternalErrorToExternalError(error.getMessageId());
-
- } else if (throwable instanceof MOAIDException) {
- MOAIDException error = (MOAIDException) throwable;
- errorCode = mapInternalErrorToExternalError(error.getMessageId());
-
- } else if (throwable instanceof ProcessExecutionException) {
- errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE;
-
- } else {
- errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
-
- }
-
- return errorCode;
-}
-
-
-@Override
-public String mapInternalErrorToExternalError(String intErrorCode) {
- String extErrorCode = messages.getMessage(intErrorCode, null);
-
- if (MiscUtil.isEmpty(extErrorCode))
- extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
-
- return extErrorCode;
-}
-
-}