diff options
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer')
2 files changed, 248 insertions, 0 deletions
| diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java new file mode 100644 index 000000000..0bc4a4839 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Date; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + + + +/** + * @author tlenz + * + */ +@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") +public class SSOTransferGUIServlet extends AuthServlet { + +	private static final long serialVersionUID = 3974201828186450839L; + +	public SSOTransferGUIServlet() { +		super(); +		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); +	} + +	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +			throws ServletException, IOException { +		super.doGet(req, resp); +		 +		//search SSO session +		SSOManager ssomanager = SSOManager.getInstance();		 +		String ssoid = ssomanager.getSSOSessionID(req); +		 +		VelocityContext context = new VelocityContext(); +		 +		try { +			if (ssomanager.isValidSSOSession(ssoid, null)) { +				Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		 +				if (createQRObj != null && createQRObj instanceof Integer) { +					 +					 +					 +				} else { +					//create first step of SSO Transfer GUI +					String authURL = HTTPUtils.extractAuthURLFromRequest(req); +					if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). +							contains(authURL)) {						 +						Logger.warn("Requested URL is not allowed.");; +						resp.sendError(500, "Requested URL is not allowed."); +						 +					} +					 +					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); +					if (MiscUtil.isNotEmpty(moaSessionID)) {					 +						AuthenticationSession authSession = AuthenticationSessionStoreage +								.getSession(moaSessionID); +						if(authSession != null) { +							Date now = new Date(); +							String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); +							 +							String token = Random.nextRandom(); +							AssertionStorage.getInstance().put(token, encodedSSOContainer); +							 +							String containerURL = authURL +									+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE +									+ "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; +							 +							JsonObject qrResult = new JsonObject(); +							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE,  +									SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); +							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + +							ByteArrayOutputStream qrStream =  +									QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							 +							String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							 +							context.put("QRImage", base64EncodedImage); +							 +							context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation."); +							 +							GUIUtils.printSSOTransferGUI(context, resp); +							 +						} +					} +				} +								 +			} else { +				context.put("errorMsg",  +						"No active Single Sign-On session found! SSO Session transfer is not possible."); +				GUIUtils.printSSOTransferGUI(context, resp); +			} +			 +		} catch (MOAIDException | MOADatabaseException e) { +			e.printStackTrace(); +			resp.sendError(500, e.getMessage()); +		 +		} +							 +	} +	 +	 +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java new file mode 100644 index 000000000..8ea15f985 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession") +public class TransferToSmartPhoneServlet extends AuthServlet { + +	private static final long serialVersionUID = 4323605569040872262L; +	 +	private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes +	 +	public TransferToSmartPhoneServlet() { +		super(); +		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'."); +	} +	 +	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +			throws ServletException, IOException { +		super.doGet(req, resp); +	 +		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		 +		if (tokenObj != null && tokenObj instanceof String) { +			String token = (String)tokenObj; +			try {						 +				String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut); +				if (MiscUtil.isNotEmpty(signedEncSession)) { +					resp.setContentType("text/html;charset=UTF-8"); +					PrintWriter out = new PrintWriter(resp.getOutputStream());  +					out.print(signedEncSession); +					out.flush();  +					 +				} else { +					Logger.info("Servlet " + getClass().getName() + " receive a token:" + +							token + ", which references an empty data object."); +					resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); +					 +				} +												 +			} catch (MOADatabaseException e) { +				Logger.info("Servlet " + getClass().getName() + " receive a token:" + +						token + ", which is UNKNOWN."); +				resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); +				 +				 +			} catch (AuthenticationException e) { +				Logger.info("Servlet " + getClass().getName() + " receive a token:" + +						token + ", which has a timeout."); +				resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); +				 +			} +		 +		} else { +			Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); +			resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); +			 +		} +		 +	} + +} | 
