diff options
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa')
9 files changed, 198 insertions, 112 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index 2a2b7bf80..b9d08a20f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ this.priority = priority; } - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 4ce77d861..044366eb6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,21 +28,21 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * - */ -public class SSOTransferAuthenticationData implements IAuthData { + */ +public class SSOTransferAuthenticationData implements IMOAAuthData { private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; @@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() */ @Override - public Date getIssueInstant() { + public boolean isBaseIDTransferRestrication() { + return this.isIDPPrivateService; + } + + + @Override + public Date getAuthenticationIssueInstant() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() - */ + @Override - public String getIssuer() { + public String getAuthenticationIssueInstantString() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getAuthenticationIssuer() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getCiticenCountryCode() { // TODO Auto-generated method stub return null; } @@ -328,15 +345,6 @@ public class SSOTransferAuthenticationData implements IAuthData { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() - */ - @Override - public String getCcc() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() */ @Override @@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData { return this.authSession.getGenericDataFromSession(key, clazz); } + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() - */ @Override - public boolean isBaseIDTransferRestrication() { - return this.isIDPPrivateService; + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..c9bccb708 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -35,11 +35,16 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** - * @author tlenz + * @author tlenz * */ public class SSOTransferOnlineApplication implements IOAAuthParameters { + /** + * + */ + private static final long serialVersionUID = 1L; + public SSOTransferOnlineApplication() { } @@ -391,35 +396,88 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() + * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() - */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() - */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getConfigurationValue(String arg0, String arg1) { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() - */ @Override - public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index af64e745e..dc2baab7d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -72,11 +72,18 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -84,20 +91,16 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -138,7 +141,7 @@ public class SSOTransferServlet{ * @throws IOException */ @RequestMapping(value = { "/TestTransferSSOSession" - }, + }, method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { @@ -200,7 +203,7 @@ public class SSOTransferServlet{ InputStream idlstream = idlURL.openStream(); moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink()); internalTransferPersonalInformation(req, resp, container, moaSession, true); - + } else { Logger.info("Servlet " + getClass().getName() + " receive a token:" + token + ", which references an empty data object."); @@ -267,6 +270,14 @@ public class SSOTransferServlet{ Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } catch (ConfigurationException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } } else { @@ -367,6 +378,11 @@ public class SSOTransferServlet{ } catch (NoSuchPaddingException e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } @@ -405,10 +421,10 @@ public class SSOTransferServlet{ if (ssomanager.isValidSSOSession(ssoid, null)) { //create first step of SSO Transfer GUI - IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); - if(authSession != null) { + String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); + if(ssoSessionId != null) { internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), + ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; @@ -436,7 +452,7 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException { Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index e92925dfb..bf215373d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index be27de9a1..921e3844b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -33,9 +33,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -43,9 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -86,13 +86,13 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, - pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); container.setDhParams(dhKeyIDP); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce); //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1a216f0df..90b74ebd7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -43,20 +43,20 @@ import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -72,7 +72,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -99,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); - SSOTransferContainer container = pendingReq.getGenericData( + String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getRawData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", @@ -186,8 +186,9 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor); - + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -244,15 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); @@ -274,7 +268,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); + authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 9cfe12791..1a4a9b80b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -71,7 +71,7 @@ public class GUIUtils { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 568ffb330..cf7723c70 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,20 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -105,28 +119,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineA import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -140,6 +143,9 @@ import iaik.x509.X509Certificate; @Service("SSOContainerUtils") public class SSOContainerUtils { + @Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration; + @Autowired(required=true) private PVP2AssertionBuilder assertionBuilder; + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + "1.2.40.0.10.2.1.1.261.xx.xx"; @@ -207,7 +213,7 @@ public class SSOContainerUtils { Logger.error("SignerCertificate is not parseable.", e); } - + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); try { if (MiscUtil.isNotEmpty(idlStr)) { @@ -271,7 +277,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); @@ -295,7 +301,7 @@ public class SSOContainerUtils { } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); - } + } Credential credential = credentials.getIDPAssertionSigningCredential(); if (credential == null) { @@ -339,7 +345,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { - String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + String entityID = pvpConfiguration.getIDPEntityId(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -366,9 +372,9 @@ public class SSOContainerUtils { String sessionIndex = SAML2Utils.getSecureIdentifier(); - IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); - Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + Assertion assertion = assertionBuilder.buildGenericAssertion( entityID, entityID, new DateTime(date.getTime()), @@ -404,7 +410,7 @@ public class SSOContainerUtils { return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { + } catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) { Logger.warn("SSO container generation FAILED.", e); } |