diff options
Diffstat (limited to 'id/server/modules')
32 files changed, 948 insertions, 648 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 11917d0c3..065f3866b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1,10 +1,6 @@ package at.gv.egovernment.moa.id.auth; -import iaik.asn1.ObjectID; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -22,6 +18,8 @@ import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; import org.apache.xpath.XPathAPI; import org.opensaml.xml.util.Base64; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -29,7 +27,6 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -63,6 +60,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -76,6 +74,9 @@ import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import iaik.asn1.ObjectID; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -85,24 +86,11 @@ import at.gv.egovernment.moa.util.StringUtils; * @version $Id: AuthenticationServer.java 1273 2012-02-27 14:50:18Z kstranacher * $ */ +@Service("CitizenCardAuthenticationServer") public class AuthenticationServer extends BaseAuthenticationServer { - /** - * single instance - */ - private static AuthenticationServer instance; - - /** - * Returns the single instance of <code>AuthenticationServer</code>. - * - * @return the single instance of <code>AuthenticationServer</code> - */ - public static AuthenticationServer getInstance() { - if (instance == null) - instance = new AuthenticationServer(); - return instance; - } - + @Autowired private MOAReversionLogger revisionsLogger; + /** * Constructor for AuthenticationServer. */ @@ -139,13 +127,14 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param templateMandteURL URL providing an HTML template for the HTML form generated * (for signing in mandates mode) * @param req determines the protocol used + * @param pendingReq * @param sourceID * @return HTML form * @throws AuthenticationException * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (session == null) { @@ -154,7 +143,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //load OnlineApplication configuration OAAuthParameter oaParam = - AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + authConfig.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()}); @@ -172,7 +161,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { String infoboxReadRequest = ""; - String domainIdentifier = AuthConfigurationProviderFactory.getInstance().getSSOTagetIdentifier().trim(); + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) { //do not use SSO if no Target is set Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!"); @@ -209,34 +198,17 @@ public class AuthenticationServer extends BaseAuthenticationServer { String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session - .getSessionID()); + session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); //removed in MOAID 2.0 String pushInfobox = ""; - // VerifyInfoboxParameters verifyInfoboxParameters = oaParam - // .getVerifyInfoboxParameters(); - // if (verifyInfoboxParameters != null) { - // pushInfobox = verifyInfoboxParameters.getPushInfobox(); - // session.setPushInfobox(pushInfobox); - // } - - //build CertInfo request - //removed in MOA-ID 2.0 - // String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - // .build(); - // String certInfoDataURL = new DataURLBuilder() - // .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, - // session.getSessionID()); - //get Applet Parameters String appletwidth = req.getParameter(PARAM_APPLET_WIDTH); String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - //TODO: cleanup before MOA-ID 2.1 release try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, null, @@ -333,7 +305,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the <VerifyXMLSignatureResponse> @@ -349,7 +321,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; @@ -406,7 +378,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, @@ -441,7 +413,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); try { @@ -480,7 +452,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( AuthenticationSession session, AuthConfiguration authConf, - OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException, + IOAAuthParameters oaParam, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { // // check for intermediate processing of the infoboxes @@ -488,9 +460,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProviderFactory.getInstance(); + authConf = authConfig; if (oaParam == null) - oaParam = AuthConfigurationProviderFactory.getInstance() + oaParam = authConfig .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -529,7 +501,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { AuthConfiguration authConf = AuthConfigurationProviderFactory .getInstance(); - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, @@ -546,9 +518,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { // return "Redirect to Input Processor"; if (authConf == null) - authConf = AuthConfigurationProviderFactory.getInstance(); + authConf = authConfig; if (oaParam == null) - oaParam = AuthConfigurationProviderFactory.getInstance() + oaParam = authConfig .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); @@ -634,15 +606,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { * including the <code><ReadInfoboxResponse></code> * @throws BKUException */ - public X509Certificate getCertificate(IRequest pendingReq, String sessionID, + public X509Certificate getCertificate(IRequest pendingReq, Map<String, String> readInfoboxResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[]{ - REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID}); - String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters .get(PARAM_XMLRESPONSE); @@ -655,7 +623,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -673,7 +641,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * to be appended to the AUTH-Block. */ private String buildAuthenticationBlock(AuthenticationSession session, - OAAuthParameter oaParam, IRequest pendingReq) throws BuildException { + IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException { IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -1121,7 +1089,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() + OAAuthParameter oaParam = authConfig .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); // validates the <VerifyXMLSignatureResponse> @@ -1163,10 +1131,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { //set QAA Level four in case of card authentifcation session.setQAALevel(PVPConstants.STORK_QAA_1_4); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); - MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() + revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..18bf5a1ba --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/CitizenCardAuthenticationSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class CitizenCardAuthenticationSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource citizenCardAuthConfig = new ClassPathResource("/moaid_citizencard_auth.beans.xml", MOAIDAuthSpringResourceProvider.class); + + return new Resource[] {citizenCardAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID-CitizenCardAuthentication SpringResourceProvider"; + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 760d28d5b..79f407ca3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -175,7 +175,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session, - OAAuthParameter oaParam) + IOAAuthParameters oaParam2) throws BuildException { @@ -193,7 +193,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //adding type of wbPK domain identifier ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = - new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam2.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute); @@ -255,7 +255,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } //adding friendly name of OA - String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); + String oaFriendlyName = StringUtils.isEmpty(oaParam2.getFriendlyName()) ? "" : oaParam2.getFriendlyName(); ExtendedSAMLAttribute oaFriendlyNameAttribute = new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java deleted file mode 100644 index 5c1b12e0d..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.builder; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.logging.Logger; - -public class StartAuthenticationBuilder { - - private static StartAuthenticationBuilder instance = null; - - public static StartAuthenticationBuilder getInstance() { - if (instance == null) { - instance = new StartAuthenticationBuilder(); - } - return instance; - } - - - /** - * Depending on the selected citizen's country ({@code moasession.ccc}): - * <ul> - * <li><strong>Either</strong> creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card - * environment for reading the subject's IdentityLink</li> - * </ul> - * - * @return The IdentityLinkForm. - */ - public String build(AuthenticationSession moasession, HttpServletRequest req, - HttpServletResponse resp) throws WrongParametersException, MOAIDException { - - if (moasession == null) { - throw new AuthenticationException("auth.18", new Object[] { }); - } - - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req); - - return getIdentityLinkForm; - } -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java index cac7359c7..29118ac17 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal; + import org.apache.commons.lang3.StringUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -9,7 +10,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor */ -public class DefaultAuthModuleImpl implements AuthModule { +public class AuthModuleImpl implements AuthModule { @Override public int getPriority() { @@ -19,8 +20,15 @@ public class DefaultAuthModuleImpl implements AuthModule { @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication + + boolean performBKUSelection = false; + Object performBKUSelectionObj = context.get("performBKUSelection"); + if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) + performBKUSelection = (boolean) performBKUSelectionObj; + if (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU))) + StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && + !performBKUSelection) return "DefaultAuthentication"; else diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 7e1bf1fc7..6ff0177ac 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE; import java.io.IOException; @@ -9,22 +10,24 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.BooleanUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.<p/> @@ -46,44 +49,69 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("CertificateReadRequestTask") public class CertificateReadRequestTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - // TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate" - Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); - - setNoCachingHeaders(resp); + Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + try { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12"); + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); } - - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - boolean useMandate = session.getUseMandate(); + + boolean useMandate = moasession.getUseMandate(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); throw new AuthenticationException("auth.13", null); } - - // change MOASessionID - AuthenticationSessionStoreage.changeSessionID(session); // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); // build dataurl (to the VerifyCertificateSerlvet) - String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE, - session.getSessionID()); + String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, + pendingReq.getRequestID()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index 307074ee2..ef17700d3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -1,33 +1,28 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; - import java.io.PrintWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; /** @@ -62,46 +57,60 @@ import at.gv.egovernment.moa.util.StringUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("CreateIdentityLinkFormTask") public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) - throws TaskExecutionException { - - String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID))); - AuthenticationSession moasession = null; + throws TaskExecutionException { try { - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); + } + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; try { - moasession = AuthenticationSessionStoreage.getSession(moasessionid); - - AuthenticationSessionStoreage.changeSessionID(moasession); - executionContext.remove(PARAM_SESSIONID); + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); } catch (Throwable e) { Logger.info("No HTTP Session found!"); throw new MOAIDException("auth.18", new Object[] {}); } + + + + + + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); - StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); - String getIdentityLinkForm = startauth.build(moasession, req, resp); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { @@ -109,7 +118,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); out.flush(); - Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class); + Logger.debug("Finished GET " + CreateIdentityLinkFormTask.class); } } catch (WrongParametersException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index b729f26e1..5c88afc56 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -13,12 +15,15 @@ import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; @@ -33,14 +38,12 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** @@ -68,16 +71,17 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("GetForeignIDTask") public class GetForeignIDTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { Logger.debug("POST GetForeignIDServlet"); - setNoCachingHeaders(resp); - Map<String, String> parameters; try { @@ -88,30 +92,53 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); - String pendingRequestID = null; - String redirectURL = null; - AuthenticationSession session = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } + String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); } - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - // change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + Logger.debug(xmlCreateXMLSignatureResponse); CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) @@ -119,7 +146,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { try { String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); - session.setAuthBlock(serializedAssertion); + moasession.setAuthBlock(serializedAssertion); } catch (TransformerException e) { throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); @@ -132,13 +159,14 @@ public class GetForeignIDTask extends AbstractAuthServletTask { Element signature = csresp.getDsigSignature(); try { - session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); + } catch (CertificateException e) { Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); throw new MOAIDException("auth.14", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); // make SZR request to the identity link @@ -152,30 +180,24 @@ public class GetForeignIDTask extends AbstractAuthServletTask { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( response.getIdentityLink())); IdentityLink identitylink = ilParser.parseIdentityLink(); - session.setIdentityLink(identitylink); + moasession.setIdentityLink(identitylink); // set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); - - AuthenticationServer.getInstance().getForeignAuthenticationData(session); - - // session is implicit stored in changeSessionID!!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + authServer.getForeignAuthenticationData(moasession); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("Session store error", null); } - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); + } } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index d85681b40..938b4ce77 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.pki.PKIException; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.security.GeneralSecurityException; import java.util.List; @@ -12,34 +12,31 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.pki.PKIException; /** * Retrieves a mandate from the online mandate issuing service.<p/> @@ -64,45 +61,64 @@ import at.gv.egovernment.moa.util.DOMUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("GetMISSessionIDTask") public class GetMISSessionIDTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { Logger.debug("POST GetMISSessionIDServlet"); - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - AuthenticationSession session = null; - String pendingRequestID = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", - PARAM_SESSIONID, "auth.12"); - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } - String misSessionID = session.getMISSessionID(); + String misSessionID = moasession.getMISSessionID(); - AuthConfiguration authConf = AuthConfigurationProviderFactory - .getInstance(); - ConnectionParameter connectionParameters = authConf + ConnectionParameter connectionParameters = authConfig .getOnlineMandatesConnectionParameter(); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - AuthConfigurationProviderFactory.getInstance(), + authConfig, connectionParameters); List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( @@ -113,7 +129,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); @@ -136,25 +152,17 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { null, null).getDocumentElement(); // extract RepresentationType - AuthenticationServer.getInstance().verifyMandate(session, mandate); + authServer.verifyMandate(moasession, mandate); - session.setMISMandate(mandate); + moasession.setMISMandate(mandate); //log mandate specific set of events - MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate); - - String oldsessionID = session.getSessionID(); - - //Session is implicite stored in changeSessionID!!! - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + revisionsLogger.logMandateEventSet(pendingReq, mandate); + + //Stor MOAsession + authenticatedSessionStorage.storeSession(moasession); - Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); - Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); - } catch (MOAIDException ex) { throw new TaskExecutionException(ex.getMessage(), ex); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 1dd4780f7..86d8de047 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -27,8 +27,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -37,12 +38,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -51,6 +49,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("InitializeBKUAuthenticationTask") public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -62,19 +61,22 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); - String pendingRequestID = (String) executionContext.get("pendingRequestID"); - - //load pending request - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + IRequest pendingReq = requestStoreage.getPendingRequest( + (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); + if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); } - + //load MOASession object - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); + AuthenticationSession moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + if (moasession == null) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -83,8 +85,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { if (isLegacyRequest) { //parse request parameter into MOASession - Logger.info("Start Authentication Module: " + moasession.getModul() - + " Action: " + moasession.getAction()); + Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + + " Action: " + pendingReq.requestedAction()); StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq); @@ -92,12 +94,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE); String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); - - //remove MOASessionID from executionContext because it is not needed any more - - - if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use."); + + if (MiscUtil.isEmpty(bkuid)) { + Logger.warn("BKU-type is empty. Maybe an old BKU-selection template is in use."); throw new MOAIDException("auth.23", new Object[] {}); } @@ -108,21 +107,21 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && - pendingReq.requestedModule().equals("id_saml1")) - target = pendingReq.getTarget(); + if (MiscUtil.isNotEmpty(pendingReq.getGenericData("target", String.class)) && + pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) + target = pendingReq.getGenericData("target", String.class); else target = oaParam.getTarget(); String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid); + bkuURL = authConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -133,13 +132,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid); + templateURL = authConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + authConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -155,8 +154,6 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL, useMandate, ccc, - moasession.getModul(), - moasession.getAction(), request, pendingReq); } @@ -166,7 +163,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { // make sure moa session has been persisted before running the process try { - AuthenticationSessionStoreage.storeSession(moasession); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 49888c136..1c5f3c202 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -1,29 +1,29 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/> @@ -45,47 +45,68 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("PrepareAuthBlockSignatureTask") public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - Logger.debug("Process IdentityLink"); - - setNoCachingHeaders(resp); + Logger.debug("Process CreateAuthBlock Task"); - String pendingRequestID = null; - try { + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + } - - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - // change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); - String createXMLSignatureRequest = AuthenticationServer.getInstance() - .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq); + String createXMLSignatureRequest = authServer + .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, authConfig, oaParam, pendingReq); - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); - CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, + CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 099bc085c..3d8b94239 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -23,17 +23,21 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.util.List; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -44,14 +48,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; @@ -63,6 +62,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@Service("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { /* (non-Javadoc) @@ -75,62 +75,66 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + request.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); - //get Session from context - String moasessionid = (String) executionContext.get(PARAM_SESSIONID); - AuthenticationSession session = null; - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; try { - session = AuthenticationSessionStoreage.getSession(moasessionid); - AuthenticationSessionStoreage.changeSessionID(session); - + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); } catch (Throwable e) { Logger.info("No HTTP Session found!"); throw new MOAIDException("auth.18", new Object[] {}); - - } finally { - executionContext.remove(PARAM_SESSIONID); - } - - AuthConfiguration authConf= AuthConfigurationProviderFactory.getInstance(); - ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProviderFactory.getInstance(), connectionParameters); + ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); // get identitity link as byte[] - Element elem = session.getIdentityLink().getSamlAssertion(); + Element elem = moasession.getIdentityLink().getSamlAssertion(); String s = DOMUtils.serializeNode(elem); //System.out.println("IDL: " + s); byte[] idl = s.getBytes("UTF-8"); - - // redirect url - // build redirect(to the GetMISSessionIdSerlvet) - - //change MOASessionID before MIS request - String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - + String redirectURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), + pendingReq.getAuthURL(), GET_MIS_SESSIONID, - newMOASessionID); + pendingReq.getRequestID()); - String oaURL = session.getOAURLRequested(); + String oaURL = pendingReq.getOAURL(); IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); if (oaParam == null) { - oaParam = authConf.getOnlineApplicationParameter(oaURL); + oaParam = authConfig.getOnlineApplicationParameter(oaURL); Logger.info("No Service info in PendingRequest --> load service info from configuration"); } @@ -143,9 +147,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { } String oaFriendlyName = oaParam.getFriendlyName(); - String mandateReferenceValue = session.getMandateReferenceValue(); - byte[] cert = session.getEncodedSignerCertificate(); - byte[] authBlock = session.getAuthBlock().getBytes("UTF-8"); + String mandateReferenceValue = moasession.getMandateReferenceValue(); + byte[] cert = moasession.getEncodedSignerCertificate(); + byte[] authBlock = moasession.getAuthBlock().getBytes("UTF-8"); //TODO: check in case of SSO!!! String targetType = null; @@ -154,13 +158,13 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) targetType = id; else - targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moasession.getDomainIdentifier(); } else { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( @@ -181,17 +185,17 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { } String redirectMISGUI = misSessionID.getRedirectURL(); - session.setMISSessionID(misSessionID.getSessiondId()); + moasession.setMISSessionID(misSessionID.getSessiondId()); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); } catch (MOADatabaseException | BuildException e) { throw new MOAIDException("Session store error", null); } - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 35104bf3e..78be6c8c8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -1,50 +1,35 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.pki.PKIException; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.List; import java.util.Map; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; -import org.w3c.dom.Element; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/> @@ -79,62 +64,84 @@ import at.gv.egovernment.moa.util.DOMUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet Logger.debug("POST VerifyAuthenticationBlock"); - String pendingRequestID = null; - Map<String, String> parameters; try { parameters = getParameters(req); - } catch (FileUploadException | IOException e) - { + } catch (FileUploadException | IOException e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); - } - String sessionID = req.getParameter(PARAM_SESSIONID); - String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + } + + String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); + String redirectURL = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) - throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) + throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - - AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse); + + authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); //store all changes in session DAO - AuthenticationSessionStoreage.storeSession(session); - - //put session to context - executionContext.put(PARAM_SESSIONID, session.getSessionID()); - + authenticatedSessionStorage.storeSession(moasession); + } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 2734d1027..5c9a069ee 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -1,7 +1,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; -import iaik.x509.X509Certificate; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID; import java.io.IOException; import java.util.Map; @@ -11,28 +11,28 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/> @@ -59,15 +59,18 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyCertificateTask") public class VerifyCertificateTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - Logger.debug("POST VerifyCertificateServlet"); + Logger.debug("Reveive VerifyCertificate Response"); Map<String, String> parameters; try @@ -78,48 +81,73 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); } - String sessionID = req.getParameter(PARAM_SESSIONID); - - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); - AuthenticationSession session = null; try { - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); - - session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + String pendingRequestID = StringEscapeUtils.escapeHtml( + ObjectUtils.defaultIfNull( + req.getParameter(PARAM_TARGET_PENDINGREQUESTID), + (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID))); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); + } + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - //change MOASessionID - sessionID = AuthenticationSessionStoreage.changeSessionID(session); - X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters); + X509Certificate cert = authServer.getCertificate(pendingReq, parameters); if (cert == null) { Logger.error("Certificate could not be read."); throw new AuthenticationException("auth.14", null); } - boolean useMandate = session.getUseMandate(); + boolean useMandate = moasession.getUseMandate(); if (useMandate) { // verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq); + String createXMLSignatureRequestOrRedirect = authServer.verifyCertificate(moasession, cert, pendingReq); try { - AuthenticationSessionStoreage.storeSession(session); + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("session store error", null); } - // TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock" - CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); + CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); } else { @@ -133,24 +161,24 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); - String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert); + String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(moasession, cert); // build dataurl (to the GetForeignIDSerlvet) String dataurl = new DataURLBuilder().buildDataURL( - session.getAuthURL(), + pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - session.getSessionID()); + pendingReq.getRequestID()); - try { - AuthenticationSessionStoreage.storeSession(session); + try { + authenticatedSessionStorage.storeSession(moasession); + } catch (MOADatabaseException e) { throw new MOAIDException("session store error", null); } - // TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID" CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); Logger.debug("Send CreateXMLSignatureRequest to BKU"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 50ef11f27..2c23254e4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*; +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID; import java.io.IOException; import java.util.Map; @@ -9,23 +9,23 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; - +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the identity link.<p/> @@ -51,17 +51,16 @@ import at.gv.egovernment.moa.logging.Logger; * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * */ +@Service("VerifyIdentityLinkTask") public class VerifyIdentityLinkTask extends AbstractAuthServletTask { + @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - - Logger.debug("POST VerifyIdentityLink"); - - setNoCachingHeaders(resp); + Logger.debug("Receive VerifyIdentityLink Response"); Map<String, String> parameters; @@ -74,20 +73,50 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); + String pendingRequestID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); + + if (MiscUtil.isEmpty(pendingRequestID)) { + Logger.info("No PendingRequestID received"); + throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"}); } - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - IRequest pendingReq = RequestStorage.getPendingRequest( - (String) executionContext.get("pendingRequestID")); - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + + IRequest pendingReq = requestStoreage.getPendingRequest(pendingRequestID); + + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //change pending-request ID + String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); + executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); + + AuthenticationSession moasession = null;; + try { + moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + + if (moasession == null) { + Logger.warn("MOASessionID is empty."); + throw new MOAIDException("auth.18", new Object[] {}); + } + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); - boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null; - AuthenticationSessionStoreage.storeSession(session); + boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; + + authenticatedSessionStorage.storeSession(moasession); executionContext.put("identityLinkAvailable", identityLinkAvailable); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java new file mode 100644 index 000000000..139be49fe --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +/** + * @author tlenz + * + */ +@Controller +public class CitizenCardAuthProcessEngineSignalController extends AbstractProcessEngineSignalController { + + @RequestMapping(value = {"/GetMISSessionID", + "/GetForeignID", + "/VerifyAuthBlock", + "/VerifyCertificate", + "/VerifyIdentityLink" + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + +} +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 276d6a105..36bab9355 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -53,13 +53,13 @@ import java.io.IOException; import java.io.OutputStream; import java.net.URLEncoder; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; /** @@ -73,21 +73,21 @@ public class CitizenCardServletUtils extends ServletUtils{ * depending on the requests starting text. * * @param resp The httpServletResponse - * @param session The current AuthenticationSession + * @param pendingReq The current AuthenticationSession * @param createXMLSignatureRequestOrRedirect The request * @param servletGoal The servlet to which the redirect should happen * @param servletName The servlet name for debug purposes * @throws MOAIDException * @throws IOException */ - public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) + public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, IRequest pendingReq, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) throws MOAIDException, IOException { if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, session.getSessionID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -100,7 +100,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..2ca8587b6 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.CitizenCardAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule index 865096055..02b4e5d7c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -1,2 +1,2 @@ # The default moaid process -at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl +at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 6bbaf6ece..74792ed72 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -5,17 +5,17 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> - <pd:Task id="initializeBKUAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask" /> - <pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" /> - <pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask" async="true" /> - <pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" /> - <pd:Task id="verifyCertificate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask" async="true" /> - <pd:Task id="getMISMandate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask" async="true" /> - <pd:Task id="certificateReadRequest" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" /> - <pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" /> - <pd:Task id="prepareGetMISMandate" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareGetMISMandateTask" /> - <pd:Task id="finalizeAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask" /> - <pd:Task id="getForeignID" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask" async="true" /> + <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" /> + <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" /> + <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" /> + <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" /> + <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" /> + <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" /> + <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" /> + <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> + <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml new file mode 100644 index 000000000..dcea83b8a --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/moaid_citizencard_auth.beans.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="CitizenCardAuthenticationServer" + class="at.gv.egovernment.moa.id.auth.AuthenticationServer"/> + + +<!-- Authentication Process Tasks --> + <bean id="InitializeBKUAuthenticationTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask"/> + + <bean id="CreateIdentityLinkFormTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask"/> + + <bean id="VerifyIdentityLinkTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask"/> + + <bean id="CertificateReadRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask"/> + + <bean id="VerifyCertificateTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask"/> + + <bean id="PrepareAuthBlockSignatureTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask"/> + + <bean id="VerifyAuthenticationBlockTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask"/> + + <bean id="PrepareGetMISMandateTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareGetMISMandateTask"/> + + <bean id="GetMISSessionIDTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask"/> + + <bean id="GetForeignIDTask" + class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 88e26da76..fcde874b4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,6 +30,9 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -51,20 +54,23 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; +@Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); String code = Random.nextRandom(); @@ -87,7 +93,7 @@ class OAuth20AuthAction implements IAction { } // store data in oath session - AssertionStorage.getInstance().put(code, o); + transactionStorage.put(code, o); Logger.debug("Saved OAuth20SessionObject in session with id: " + code); @@ -113,8 +119,8 @@ class OAuth20AuthAction implements IAction { Logger.warn("An error occur during OpenID-Connect idToken generation.", e); //remove OAuthSessionObject if it already exists - if (AssertionStorage.getInstance().containsKey(code)) { - AssertionStorage.getInstance().remove(code); + if (transactionStorage.containsKey(code)) { + transactionStorage.remove(code); } if (e instanceof OAuth20Exception) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index e5d8db873..ecef9b0a3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseType import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.logging.Logger; public class OAuth20AuthRequest extends OAuth20BaseRequest { @@ -55,6 +55,12 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { public OAuth20AuthRequest(HttpServletRequest req) throws ConfigurationException { super(req); + + //AuthnRequest needs authentication + this.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20AuthAction.class.getName()); } private static final long serialVersionUID = 1L; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 5fcac0b2f..5906964a4 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -81,7 +81,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setTarget(oaParam.getTarget()); if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) || StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -120,7 +119,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; - public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception { + public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception { OAuth20BaseRequest res; try { if (action.equals(OAuth20Protocol.AUTH_ACTION)) { @@ -139,7 +138,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - res.setAction(action); res.setModule(OAuth20Protocol.NAME); res.populateParameters(request); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 70c29359e..52204d7f6 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.io.IOException; import java.net.URLEncoder; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -9,12 +11,18 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.gson.JsonObject; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -23,11 +31,7 @@ import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -import com.google.gson.JsonObject; - -import java.util.Arrays; - -public class OAuth20Protocol implements IModulInfo { +public class OAuth20Protocol extends AbstractProtocolModulController { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -60,16 +64,65 @@ public class OAuth20Protocol implements IModulInfo { return actions.get(action); } + //OpenID Connect auth request + @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + //PreProcess + IRequest pendingReq = preProcess(req, resp, AUTH_ACTION); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + + } + + //openID Connect tokken request + @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + if (!authConfig.getAllowedProtocols().isOAUTHActive()) { + Logger.info("OpenID-Connect is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + //PreProcess + IRequest pendingReq = preProcess(req, resp, TOKEN_ACTION); + + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); + revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent( + pendingReq.getUniqueSessionIdentifier(), + pendingReq.getUniqueTransactionIdentifier(), + MOAIDEventConstants.TRANSACTION_IP, + req.getRemoteAddr()); + + //process request + performAuthentication(req, resp, (RequestImpl)pendingReq); + + } + /* * (non-Javadoc) * @see * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest, * javax.servlet.http.HttpServletResponse, java.lang.String) */ - public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action, - String sessionId, String transactionId) throws MOAIDException { + public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation - OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId); + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); Logger.debug("Created: " + res); return res; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2238a25e1..bb0126a7b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,6 +26,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonObject; + import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -38,13 +43,15 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import com.google.gson.JsonObject; - +@Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { + @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected ITransactionStorage transactionStorage; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { @@ -53,13 +60,13 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; - MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); auth20SessionObject = - AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class); + transactionStorage.get(oAuthRequest.getCode(), OAuth20SessionObject.class); } catch (MOADatabaseException e) { throw new OAuth20UnauthorizedClientException(); @@ -97,7 +104,7 @@ class OAuth20TokenAction implements IAction { // destroy session for clean up Logger.debug("Going to destroy session: " + auth20SessionObject.getCode()); - AssertionStorage.getInstance().remove(auth20SessionObject.getCode()); + transactionStorage.remove(auth20SessionObject.getCode()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index abfe4ce15..9b0ee099e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -48,6 +48,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { public OAuth20TokenRequest(HttpServletRequest req) throws ConfigurationException { super(req); + + //AuthnRequest needs authentication + this.setNeedAuthentication(false); + + //set protocol action, which should be executed after authentication + this.setAction(OAuth20TokenAction.class.getName()); } private static final long serialVersionUID = 1L; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 7f3c353f1..b4c8c37d4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,6 +27,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; @@ -43,8 +46,11 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; import eu.eidas.auth.commons.IPersonalAttributeList; +@Service("SAML1_GetArtifactAction") public class GetArtifactAction implements IAction { + @Autowired private SAML1AuthenticationServer saml1server; + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { @@ -69,15 +75,13 @@ public class GetArtifactAction implements IAction { try { OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(oaURL); - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - + // add other stork attributes to MOA assertion if available IPersonalAttributeList storkAttributes = authData.getGenericData( AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, IPersonalAttributeList.class); if(null != storkAttributes) { - List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes); + List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes); authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); Logger.info("MOA assertion assembled and SAML Artifact generated."); } @@ -88,7 +92,8 @@ public class GetArtifactAction implements IAction { String url = req.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) - url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, + URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -100,7 +105,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (!oaParam.getBusinessService()) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getTarget(), "UTF-8")); + URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 2b4aaf458..7e46e53fe 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -54,7 +54,6 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -134,11 +133,14 @@ public class GetAuthenticationDataService implements Constants { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + + //SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); try { - - samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); + + samlAssertion = "Find a solution to integrate Axis 1 into Spring"; + //samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); // success statusCode = "samlp:Success"; @@ -148,7 +150,8 @@ public class GetAuthenticationDataService implements Constants { catch (ClassCastException ex) { try { - Throwable error = saml1server.getErrorResponse(samlArtifact); + //Throwable error = saml1server.getErrorResponse(samlArtifact); + Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring"); statusCode = "samlp:Responder"; ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); @@ -171,12 +174,12 @@ public class GetAuthenticationDataService implements Constants { } - catch (AuthenticationException ex) { - //no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } +// catch (AuthenticationException ex) { +// //no authentication data for given SAML artifact +// statusCode = "samlp:Requester"; +// subStatusCode = "samlp:ResourceNotRecognized"; +// statusMessage = ex.toString(); +// } } } catch (Throwable t) { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 5312d779c..1d06bb48a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -35,6 +35,8 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.lang3.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; import org.w3c.dom.Element; import org.xml.sax.SAXException; @@ -60,7 +62,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -77,19 +79,10 @@ import eu.eidas.auth.commons.IPersonalAttributeList; import eu.eidas.auth.commons.PersonalAttribute; //import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +@Service("SAML1AuthenticationServer") public class SAML1AuthenticationServer extends AuthenticationServer { - - private static SAML1AuthenticationServer instance; - - public static SAML1AuthenticationServer getInstace() { - if (instance == null) - instance = new SAML1AuthenticationServer(); - return instance; - } - - private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); - + @Autowired private ITransactionStorage authenticationDataStore; /** * time out in milliseconds used by {@link cleanup} for authentication data @@ -129,7 +122,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @param iPersonalAttributeList STORK attribute list * @return */ - public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { + public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) { List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>(); if(null == iPersonalAttributeList) diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 6573270e4..417bf4dc9 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -22,18 +22,20 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.saml1; +import java.io.IOException; import java.util.Arrays; -import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; @@ -42,17 +44,23 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; -public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { +@Controller +public class SAML1Protocol extends AbstractProtocolModulController { + @Autowired private SAML1AuthenticationServer saml1AuthServer; + + public static final String REQ_DATA_SOURCEID = "sourceID"; + public static final String REQ_DATA_TARGET = "target"; + public static final String NAME = SAML1Protocol.class.getName(); public static final String PATH = "id_saml1"; @@ -72,24 +80,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { PVPConstants.EID_SOURCE_PIN_TYPE_NAME }); - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); - - static { - - actions.put(GETARTIFACT, new GetArtifactAction()); - - instance = new SAML1Protocol(); - } - - private static SAML1Protocol instance = null; - - public static SAML1Protocol getInstance() { - if (instance == null) { - instance = new SAML1Protocol(); - } - return instance; - } - public String getName() { return NAME; } @@ -98,16 +88,29 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { return PATH; } - public IRequest preProcess(HttpServletRequest request, - HttpServletResponse response, String action, - String sessionId, String transactionId) throws MOAIDException { - SAML1RequestImpl config = new SAML1RequestImpl(request); - + + @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) + public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { Logger.info("SAML1 is deaktivated!"); throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); } + + SAML1RequestImpl pendingRequest = new SAML1RequestImpl(req); + pendingRequest.setModule(NAME); + + //preProcess SAML1 Request + preProcess(req, resp, pendingRequest); + + performAuthentication(req, resp, pendingRequest); + return; + + } + + + public void preProcess(HttpServletRequest request, + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { String oaURL = (String) request.getParameter(PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); @@ -135,7 +138,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - config.setOAURL(oaURL); + pendingRequest.setOAURL(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); @@ -157,19 +160,23 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); } - config.setOnlineApplicationConfiguration(oaParam); - config.setSourceID(sourceID); + pendingRequest.setOnlineApplicationConfiguration(oaParam); + pendingRequest.setSourceID(sourceID); - MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); + revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) - config.setTarget(target); + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); else - config.setTarget(oaParam.getTarget()); - - - return config; + pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget()); + + //AuthnRequest needs authentication + pendingRequest.setNeedAuthentication(true); + + //set protocol action, which should be executed after authentication + pendingRequest.setAction(AuthenticationAction.class.getName()); + } public boolean generateErrorMessage(Throwable e, @@ -181,9 +188,8 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { if (!oa.getSAML1Parameter().isProvideAllErrors()) return false; - else { - SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); - String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + else { + String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); @@ -199,15 +205,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { } } - public IAction getAction(String action) { - return actions.get(action); - } - - public IAction canHandleRequest(HttpServletRequest request, - HttpServletResponse response) { - return null; - } - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java index a7d7b9759..4e5bed97c 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -28,35 +28,38 @@ import java.util.Arrays; import java.util.List; import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.monitoring.TestManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@WebServlet(name = "MonitoringServlet", value = "/MonitoringServlet") -public class MonitoringServlet extends AuthServlet { +@Controller +public class MonitoringServlet { - private static final long serialVersionUID = 1L; private static final String REQUEST_ATTR_MODULE = "module"; + @Autowired private AuthConfiguration authConfig; + public MonitoringServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'."); } - protected void doGet(HttpServletRequest req, HttpServletResponse resp) + @RequestMapping(value = "/MonitoringServlet", method = RequestMethod.GET) + public void getStatusInformation(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - try { - AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); - - if (config.isMonitoringActive()) { + try { + if (authConfig.isMonitoringActive()) { Logger.debug("Monitoring Servlet received request"); TestManager tests = TestManager.getInstance(); @@ -71,7 +74,7 @@ public class MonitoringServlet extends AuthServlet { } else { resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess())); Logger.info("Monitoring Servlet finished without errors"); } @@ -84,7 +87,7 @@ public class MonitoringServlet extends AuthServlet { } else { resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); + resp.getWriter().write(getHtml(authConfig.getMonitoringMessageSuccess())); Logger.info("Monitoring Servlet finished without errors"); } |