diff options
Diffstat (limited to 'id/server/idserverlib')
6 files changed, 65 insertions, 89 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 1061a2802..9aecefd43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -207,7 +207,7 @@ public class AuthenticationSession implements Serializable {  	private boolean ssoRequested = false; -	private OAuth20SessionObject oAuth20SessionObject; +//	private OAuth20SessionObject oAuth20SessionObject;  	// /**  	// * Indicates if target from configuration is used or not @@ -963,18 +963,18 @@ public class AuthenticationSession implements Serializable {  	}  	/** -	 * @return the oAuth20SessionObject -	 */ -	public OAuth20SessionObject getoAuth20SessionObject() { -		return oAuth20SessionObject; -	} -	 -	/** -	 * @param oAuth20SessionObject -	 *            the oAuth20SessionObject to set -	 */ -	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { -		this.oAuth20SessionObject = oAuth20SessionObject; -	} +//	 * @return the oAuth20SessionObject +//	 */ +//	public OAuth20SessionObject getoAuth20SessionObject() { +//		return oAuth20SessionObject; +//	} +//	 +//	/** +//	 * @param oAuth20SessionObject +//	 *            the oAuth20SessionObject to set +//	 */ +//	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { +//		this.oAuth20SessionObject = oAuth20SessionObject; +//	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java index 20711373e..4c7d1a37b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java @@ -15,7 +15,7 @@ public class OAuth20SessionObject implements Serializable {  	private String code; -	private AuthenticationSession authDataSession; +	private String authDataSession;  	public String getScope() {  		return scope; @@ -40,11 +40,11 @@ public class OAuth20SessionObject implements Serializable {  		this.code = code;  	} -	public AuthenticationSession getAuthDataSession() { +	public String getAuthDataSession() {  		return authDataSession;  	} -	public void setAuthDataSession(AuthenticationSession authDataSession) { +	public void setAuthDataSession(String authDataSession) {  		this.authDataSession = authDataSession;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 68f508103..17649487a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -13,7 +13,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;  import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;  import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;  import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.logging.Logger;  class OAuth20AuthAction implements IAction { @@ -32,25 +34,25 @@ class OAuth20AuthAction implements IAction {  		String responseType = oAuthRequest.getResponseType();  		AuthenticationSession session = null; +		String code = Random.nextRandom(); +		  		try { -			session = AuthenticationSessionStoreage.createSession(); -			 -			String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession); +					  			Logger.debug("Stored session with id: " + code);  			OAuth20SessionObject o = new OAuth20SessionObject();  			if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {  				o.setScope(oAuthRequest.getScope());  				o.setCode(code); -				o.setAuthDataSession(moasession); +				o.setAuthDataSession(moasession.getSessionID());  			} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {  				throw new OAuth20ResponseTypeException();  			} -			// store data in oath session -			session.setoAuth20SessionObject(o); -			AuthenticationSessionStoreage.storeSession(session); -			Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID()); +			// store data in oath session			 +			AssertionStorage.getInstance().put(code, o); +			 +			Logger.debug("Saved OAuth20SessionObject in session with id: " + code);  			// add code and state to redirect url  			httpResp.setStatus(HttpServletResponse.SC_FOUND); @@ -65,14 +67,12 @@ class OAuth20AuthAction implements IAction {  			Logger.debug("REDIRECT TO: " + finalUrl.toString());  		}  		catch (Exception e) { -			try { -				if (session != null) { -					Logger.debug("Going to destroy session: " + session.getSessionID()); -					AuthenticationSessionStoreage.destroySession(session.getSessionID()); -				} -			} -			catch (MOADatabaseException e1) { + +			//remove OAuthSessionObject if it already exists +			if (AssertionStorage.getInstance().containsKey(code)) { +				AssertionStorage.getInstance().remove(code);  			} +			  			if (e instanceof OAuth20Exception) {  				throw (OAuth20Exception) e;  			} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 3dceaecdf..b975b5594 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Unauthorized  import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;  import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;  import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; +import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.logging.Logger; @@ -38,25 +39,41 @@ class OAuth20TokenAction implements IAction {  	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,  			AuthenticationSession moasession) throws MOAIDException { -		AuthenticationSession session = null; +		 +		OAuth20SessionObject auth20SessionObject = null;  		try {  			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; +		 +			try { +				Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); +				 +				auth20SessionObject =  +						AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class); -			session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode()); -			if (session == null) { +			} catch (MOADatabaseException e) {  				throw new OAuth20UnauthorizedClientException(); +				  			} -			 -			OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject(); -			Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID()); -			 +  			// do checking for different grant types and code  			if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {  				throw new OAuth20UnauthorizedClientException();  			} else {  				Logger.debug("Loaded of OAuth20SessionObject was successful");  			} + +			Logger.debug("Load MOASession from database"); +			AuthenticationSession session = AuthenticationSessionStoreage.getSession(auth20SessionObject.getAuthDataSession()); +			if (session == null) { +				Logger.warn("NO MOASession found with SessionID " + auth20SessionObject.getAuthDataSession()); +				throw new OAuth20UnauthorizedClientException(); +				 +			} else { +				Logger.debug("Loading of MOASession was successful."); +				 +			} +						  			final String accessToken = UUID.randomUUID().toString();  			// create response @@ -67,7 +84,7 @@ class OAuth20TokenAction implements IAction {  			// build id token and scope  			Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, -					auth20SessionObject.getAuthDataSession()); +					session);  			Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());  			params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());  			Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); @@ -93,14 +110,12 @@ class OAuth20TokenAction implements IAction {  		}  		finally { -			if (session != null) { +			if (auth20SessionObject != null) {  				// destroy session for clean up -				try { -					Logger.debug("Going to destroy session: " + session.getSessionID()); -					AuthenticationSessionStoreage.destroySession(session.getSessionID()); -				} -				catch (MOADatabaseException e) { -				} + +				Logger.debug("Going to destroy session: " + auth20SessionObject.getCode()); +				AssertionStorage.getInstance().remove(auth20SessionObject.getCode()); +  			}  		}  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 2c4eb15de..dc1a4f04b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -1,36 +1,22 @@  package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.util.MandateBuilder;  public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {  	public String getName() {  		return MANDATE_REFERENCE_VALUE_NAME;  	} -	public Attribute build(AuthenticationSession authSession,   	public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,  			IAttributeGenerator<ATT> g) throws AttributeException {  		if (authSession.getUseMandate()) { -			Element mandate = authSession.getMandate(); -			if (mandate == null) { -				throw new NoMandateDataAttributeException(); -			} -			Mandate mandateObject = MandateBuilder.buildMandate(mandate); -			if (mandateObject == null) { -				throw new NoMandateDataAttributeException(); -			} -			 +		  			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, -					mandateObject.getMandateID()); +					authSession.getMandateReferenceValue());  		}  		return null; @@ -40,29 +26,3 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild  		return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME);  	}  } - -	public Attribute build(AuthenticationSession authSession,  -			OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { -		if(authSession.getUseMandate()) { -			 -//			Element mandate = authSession.getMandate(); -//			if(mandate == null) { -//				throw new NoMandateDataAvailableException(); -//			} -//			Mandate mandateObject = MandateBuilder.buildMandate(mandate); -//			if(mandateObject == null) { -//				throw new NoMandateDataAvailableException(); -//			} -			 -			return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,  -					MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue()); -		} -		return null; -		 -	} -	 -	public Attribute buildEmpty() { -		return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,  -				MANDATE_REFERENCE_VALUE_NAME); -	} -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 0c7dea3c8..9de385307 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import javax.xml.transform.TransformerException; +import org.joda.time.DateTime;  import org.opensaml.Configuration;  import org.opensaml.common.xml.SAMLConstants;  import org.opensaml.saml2.core.Assertion; | 
