diff options
Diffstat (limited to 'id/server')
40 files changed, 1161 insertions, 53 deletions
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index c7dece5c5..7ad5aefde 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -14,8 +14,8 @@ log4j.logger.org.hibernate=warn # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n +#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n # configure the rolling file appender (R) log4j.appender.R=org.apache.log4j.RollingFileAppender @@ -23,5 +23,5 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log log4j.appender.R.MaxFileSize=10000KB log4j.appender.R.MaxBackupIndex=1 log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 0bda107be..e7faf2df6 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -46,6 +46,18 @@ </dependency>
<dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-api</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-slf4j</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
</dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java new file mode 100644 index 000000000..aae4dd8c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import at.gv.egiz.components.eventlog.api.EventConstants; + +/** + * @author tlenz + * + *Defines Constants for Event Logging + * + *Event codes from 3000 to 9999 can be defined here + * + */ +public interface MOAIDEventConstants extends EventConstants { + + //move to EventConstants + public static final int TRANSACTION_ERROR = 1103; + public static final int SESSION_ERROR = 1003; + + + //auth protocol specific information + public static final int AUTHPROTOCOL_TYPE = 3000; + + public static final int AUTHPROTOCOL_PVP_METADATA = 3100; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101; + public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102; + public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103; + public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104; + + public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200; + public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201; + + + //authentication process information + public static final int AUTHPROCESS_START = 4000; + public static final int AUTHPROCESS_FINISHED = 4001; + public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002; + public static final int AUTHPROCESS_STORK_REQUESTED = 4003; + public static final int AUTHPROCESS_SSO = 4004; + public static final int AUTHPROCESS_SSO_INVALID = 4005; + public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006; + public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007; + public static final int AUTHPROCESS_INTERFEDERATION = 4008; + public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009; + + public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110; + public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111; + public static final int AUTHPROCESS_BKU_URL = 4112; + public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113; + + public static final int AUTHPROCESS_IDL_VALIDATED = 4220; + public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221; + public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222; + public static final int AUTHPROCESS_FOREIGN_FOUND = 4223; + public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224; + public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225; + + public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330; + public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; + public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; + + public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; + public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; + + //person information + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; + public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001; + public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002; + + public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102; + public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java new file mode 100644 index 000000000..6e09ea439 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java @@ -0,0 +1,47 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import at.gv.egiz.components.eventlog.api.Event; +import at.gv.egiz.components.eventlog.api.EventLogFactory; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOAIDEventLog extends EventLogFactory { + + public static void logEvent(Event event) { + try { + getEventLog().logEvent(event); + + } catch (EventLoggingException e) { + Logger.warn("Event logging FAILED!", e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java new file mode 100644 index 000000000..1228a95a4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -0,0 +1,252 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + +import java.security.MessageDigest; +import java.util.Date; +import java.util.List; + +import com.google.common.primitives.Ints; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egiz.components.eventlog.api.EventLoggingException; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class MOAReversionLogger { + + private static MOAReversionLogger instance = null; + + private static final List<Integer> defaultEventCodes = Ints.asList( + MOAIDEventConstants.SESSION_CREATED, + MOAIDEventConstants.SESSION_DESTROYED, + MOAIDEventConstants.SESSION_ERROR, + MOAIDEventConstants.SESSION_IP, + MOAIDEventConstants.TRANSACTION_CREATED, + MOAIDEventConstants.TRANSACTION_DESTROYED, + MOAIDEventConstants.TRANSACTION_ERROR, + MOAIDEventConstants.TRANSACTION_IP, + MOAIDEventConstants.AUTHPROTOCOL_TYPE, + MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA, + + MOAIDEventConstants.AUTHPROCESS_START, + MOAIDEventConstants.AUTHPROCESS_FINISHED, + MOAIDEventConstants.AUTHPROCESS_BKU_URL, + MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, + MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, + MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, + MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH + + ); + + public static synchronized MOAReversionLogger getInstance() { + if (instance == null) { + instance = new MOAReversionLogger(); + MOAIDEventLog.reload(); + + } + + return instance; + } + + + public void logEvent(IOAAuthParameters oaConfig, + int eventCode, String message) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, + int eventCode, String message) { + List<Integer> OASpecificEventCodes = null; + if (oaConfig == null) + OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes(); + else + OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes(); + + if (OASpecificEventCodes.contains(eventCode)) + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + message, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID() + )); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message)); + + } + + /** + * @param sessionCreated + * @param uniqueSessionIdentifier + */ + public void logEvent(String sessionID, String transactionID, int eventCode, String message) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID)); + + } + + /** + * @param errorRequest + * @param transactionError + */ + public void logEvent(IRequest pendingRequest, int eventCode) { + MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, + pendingRequest.getSessionIdentifier(), + pendingRequest.getRequestID())); + + } + + public void logEvent(IRequest pendingRequest, int eventCode, String message) { + logEvent(pendingRequest.getOnlineApplicationConfiguration(), + pendingRequest, eventCode, message); + + } + + public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) { + if (MiscUtil.isNotEmpty(mandate.getOWbPK())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, + mandate.getOWbPK()); + + if (MiscUtil.isNotEmpty(mandate.getProfRep())) + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE, + mandate.getProfRep()); + + Mandate jaxBMandate = mandate.getMandateJaxB(); + if (jaxBMandate != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, + jaxBMandate.getAnnotation()); + + if (jaxBMandate.getMandator().getCorporateBody() != null) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "jur"); + try { + String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() + + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId(); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID, + jurBaseID); + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e); + + } + + } else { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, + "nat"); + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, + buildPersonInformationHash( + jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), + jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(), + jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth())); + } + } + } + + /** + * @param pendingReq + * @param identityLink + */ + public void logPersonalInformationEvent(IRequest pendingReq, + IdentityLink identityLink) { + logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, + buildPersonInformationHash( + identityLink.getGivenName(), + identityLink.getFamilyName(), + identityLink.getDateOfBirth() + )); + + } + + private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) { + + // {"hash":"hashvalue","salt":"testSalt"} + // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"} + + String salt = "default"; + String inputData = "{\"person\":{\"givenname\":\"" + + givenName + + "\",\"familyname\":\"" + + familyName + + "\",\"dateofbirth\":\"" + + dateofBirth + +"\"},\"salt\":\"" + + salt + +"\"}"; + + MessageDigest md; + try { + md = MessageDigest.getInstance("SHA-256"); + byte[] hash = md.digest(inputData.getBytes("UTF-8")); + String hashBase64 = Base64Utils.encode(hash); + return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}"; + + } catch (Throwable e) { + Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e); + return null; + + } + + } + + public List<Integer> getDefaulttReversionsLoggingEventCodes() { + return defaultEventCodes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java new file mode 100644 index 000000000..7f6f2c6b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.advancedlogging; + + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class TransactionIDUtils { + + public static void setTransactionId(String pendingRequestID) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + + } + + public static void removeTransactionId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + + } + + public static void setSessionId(String uniqueSessionId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + + } + + public static void removeSessionId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); + + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 54484a854..d7694ac2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -30,6 +30,8 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -68,6 +70,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -260,8 +263,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH); appletheigth = StringEscapeUtils.escapeHtml(appletheigth); appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - - + //TODO: cleanup before MOA-ID 2.1 release try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, @@ -301,7 +303,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { * link results in an Exception being thrown. * @throws BKUException */ - public String verifyIdentityLink(AuthenticationSession session, + public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session, Map<String, String> infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -371,10 +373,13 @@ public class AuthenticationServer extends MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - + //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + return "found!"; } @@ -447,6 +452,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { * containg the authentication block, meant to be returned to the security * layer implementation</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param infoboxReadResponseParameters The parameters from the response returned from the BKU @@ -647,13 +653,14 @@ public class AuthenticationServer extends MOAIDAuthConstants { * <li>Verifies signature by calling the MOA SP component</li> * <li>Returns the signer certificate</li> * </ul> + * @param pendingReq * * @param sessionID ID of associated authentication session data * @param readInfoboxResponseParameters The parameters from the response returned from the BKU * including the <code><ReadInfoboxResponse></code> * @throws BKUException */ - public X509Certificate getCertificate(String sessionID, + public X509Certificate getCertificate(IRequest pendingReq, String sessionID, Map<String, String> readInfoboxResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -674,6 +681,9 @@ public class AuthenticationServer extends MOAIDAuthConstants { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + return cert; } @@ -1065,6 +1075,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { * <li>Deletes authentication session</li> * <li><strike>Returns the SAML artifact, encoded BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)</li> * </ul> + * @param pendingReq * * @param sessionID session ID of the running authentication session * @param xmlCreateXMLSignatureReadResponse String representation of the @@ -1073,7 +1084,7 @@ public class AuthenticationServer extends MOAIDAuthConstants { * BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???) * @throws BKUException */ - public String verifyAuthenticationBlock(AuthenticationSession session, + public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { @@ -1236,6 +1247,12 @@ public class AuthenticationServer extends MOAIDAuthConstants { vsresp.setX509certificate(null); session.setForeigner(false); + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink() + ); + if (session.getUseMandate()) { // mandate mode return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 3d12bae61..b29e0d9f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -167,4 +167,6 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; + public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_SESSION_ID = "sessionId"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java new file mode 100644 index 000000000..61b8f7bd3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.data; + +import java.io.Serializable; + +/** + * @author tlenz + * + */ +public class AuthenticationSessionExtensions implements Serializable{ + + private static final long serialVersionUID = 1L; + + private String uniqueSessionId = null; + + /** + * @return the uniqueSessionId + */ + public String getUniqueSessionId() { + return uniqueSessionId; + } + + /** + * @param uniqueSessionId the uniqueSessionId to set + */ + public void setUniqueSessionId(String uniqueSessionId) { + this.uniqueSessionId = uniqueSessionId; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index 8909564c3..1a311993e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.MiscUtil; /** * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br> @@ -110,7 +111,7 @@ public class SignatureVerificationInvoker { AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); authConnParam = authConfigProvider.getMoaSpConnectionParameter(); //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null) { + if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); endPoint = authConnParam.getUrl(); call.setTargetEndpointAddress(endPoint); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index ee6f0d5a4..183467d87 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -8,8 +8,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -19,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -74,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { try {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
AuthenticationSessionStoreage.changeSessionID(moasession);
executionContext.remove(PARAM_SESSIONID);
@@ -89,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, req, resp);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
+ if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
@@ -114,6 +130,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { finally {
ConfigurationDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 6bf68e2eb..8f1cd8cfe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask { pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
-
+
Element signature = csresp.getDsigSignature();
try {
@@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new MOAIDException("auth.14", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+
// make SZR request to the identity link
CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
@@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { // TODO[branch]: Final step back to /dispatcher
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index d30dfd562..67d42e442 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.lang.StringEscapeUtils;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -26,7 +28,9 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -85,6 +89,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -106,6 +113,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
+
+
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
@@ -131,6 +142,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
+ //log mandate specific set of events
+ MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);
+
//set QAA Level four in case of card authentifcation
session.setQAALevel(PVPConstants.STORK_QAA_1_4);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index d9c4c3c4e..fd1400ed1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -32,7 +34,9 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -115,10 +119,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+ String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);
if (authenticatedMOASessionId == null) {
//mandate Mode
@@ -174,6 +183,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
+
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
connectionParameters.getUrl(),
idl,
@@ -202,6 +214,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { // TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 607641532..26c10399d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
@@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { }
else {
-
-
+
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
if (countrycode.compareToIgnoreCase("AT") == 0) {
@@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { }
// Foreign Identities Modus
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
+
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 44557453a..821bb572a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { }
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
+ boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
AuthenticationSessionStoreage.storeSession(session);
executionContext.put("identityLinkAvailable", identityLinkAvailable);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 7b55564c4..1d4b442da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; @@ -39,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -48,6 +51,7 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessInstance; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -104,16 +108,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { - + //get Target from config or from request in case of SAML 1 String target = null; IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && pendingReq.requestedModule().equals(SAML1Protocol.PATH)) target = pendingReq.getTarget(); else target = oaParam.getTarget(); - + String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); @@ -160,6 +168,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { ec.put("ccc", moasession.getCcc()); ec.put("useMandate", moasession.getUseMandate()); ec.put("bkuURL", moasession.getBkuURL()); + ec.put("pendingRequestID", pendingRequestID); // select and create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index 0b6180d0f..83caaf75a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -7,10 +7,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.slf4j.MDC;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -65,8 +68,14 @@ public class ProcessEngineSignalServlet extends AuthServlet { // retrieve moa session
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ //add transactionID and unique sessionID to Logger
+ if (extendedSessionInformation != null)
+ TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
+ TransactionIDUtils.setTransactionId(pendingRequestID);
+
// process instance is mandatory
if (session.getProcessInstanceId() == null) {
throw new IllegalStateException("MOA session does not provide process instance id.");
@@ -77,8 +86,12 @@ public class ProcessEngineSignalServlet extends AuthServlet { } catch (Exception ex) {
handleError(null, ex, req, resp, pendingRequestID);
+
} finally {
MOASessionDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java new file mode 100644 index 000000000..e9019ded4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -0,0 +1,176 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between + * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology. + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/ + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. This product combines work with different licenses. See the "NOTICE" text file for + * details on the various modules and licenses. The "NOTICE" text file is part of the distribution. + * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.config; + +import java.io.Serializable; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + +/** + * Configuration parameters belonging to an online application, to be used within both, the MOA ID + * Auth and the MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter implements Serializable { + + private static final long serialVersionUID = 1L; + + public OAParameter() { } + + public OAParameter(OnlineApplication oa) { + + this.oaType = oa.getType(); + + if (this.oaType.equals("businessService")) + this.businessService = true; + else + this.businessService = false; + + this.publicURLPrefix = oa.getPublicURLPrefix(); + + this.friendlyName = oa.getFriendlyName(); + + this.target = oa.getTarget(); + + this.targetFriendlyName = oa.getTargetFriendlyName(); + + this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock(); + + this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20(); + + this.isInderfederationIDP = oa.isIsInterfederationIDP(); + + this.isSTORKPVPGateway = oa.isIsInterfederationGateway(); + + } + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not (<code>true</code> + * if value of {@link #oaType} is "businessService" + */ + protected boolean businessService; + + + /** + * public URL prefix of the online application + */ + protected String publicURLPrefix; + + /** + * specifies a human readable name of the Online Application + */ + protected String friendlyName; + + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + protected String target; + /** + * specifies a friendly name for the target + */ + protected String targetFriendlyName; + + protected boolean removePBKFromAuthblock; + + protected Boolean isInderfederationIDP; + + protected Boolean isSTORKPVPGateway; + + /** + * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) + */ + private OAOAUTH20 oAuth20Config; + + public String getOaType() { + return oaType; + } + + public boolean getBusinessService() { + return businessService; + } + + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + public String getFriendlyName() { + return friendlyName; + } + + public String getTarget() { + return target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public boolean isRemovePBKFromAuthBlock() { + return removePBKFromAuthblock; + } + + public OAOAUTH20 getoAuth20Config() { + return oAuth20Config; + } + + /** + * @return the isInderfederationIDP + */ + public boolean isInderfederationIDP() { + if (isInderfederationIDP == null) + return false; + + return isInderfederationIDP; + } + + public boolean isSTORKPVPGateway() { + if (isSTORKPVPGateway == null) + return false; + + return isSTORKPVPGateway; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index 6bf9388dc..92d0856ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -207,4 +207,6 @@ public interface IOAAuthParameters { */ public Collection<StorkAttributeProviderPlugin> getStorkAPs(); + public List<Integer> getReversionsLoggingEventCodes(); + }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 4587f0bc3..d3292b021 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -853,4 +853,14 @@ public boolean isRemovePBKFromAuthBlock() { return false; } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ +@Override +public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index ac1470dc6..44f4da027 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -453,4 +453,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters { // TODO Auto-generated method stub return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ + @Override + public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 15dbf818d..0b45bb461 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 25aaf4310..06b55fb66 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -148,7 +151,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { authSession.setAuthenticatedUsed(true); AuthenticationSessionStoreage.storeSession(authSession); - + return true; // got authenticated } } @@ -335,6 +338,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { authSession.setAuthenticated(false); //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); AuthenticationSessionStoreage.destroySession(moaSessionID); @@ -351,13 +358,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - Logger.info("Starting authentication ..."); + Logger.info("Starting authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_START); if (MiscUtil.isEmpty(target.getRequestedIDP())) { perfomLocalAuthentication(request, response, target); } else { Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION); buildPVP21AuthenticationRequest(request, response, target); } @@ -370,7 +381,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), target.requestedAction(), target.getRequestID(), oaParam, AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); - + + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); + response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); out.print(form); @@ -569,7 +583,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { try { //check if an MOASession exists and if not create an new MOASession //moasession = getORCreateMOASession(request); - moasession = AuthenticationSessionStoreage.createSession(target.getRequestID()); + moasession = AuthenticationSessionStoreage.createSession(target); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); @@ -592,6 +606,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { executionContext.put("useMandate", moasession.getUseMandate()); executionContext.put("bkuURL", moasession.getBkuURL()); executionContext.put(PARAM_SESSIONID, moasession.getSessionID()); + executionContext.put("pendingRequestID", target.getRequestID()); // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); @@ -620,6 +635,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { processEngine.start(processInstanceId); } else { + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); + //load Parameters from OnlineApplicationConfiguration OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() .getOnlineApplicationParameter(target.getOAURL()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index aaeb84f92..8f3ed9fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,10 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import java.util.Date; import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public interface IRequest { @@ -40,9 +42,11 @@ public interface IRequest { public String getTarget(); public void setRequestID(String id); public String getRequestID(); + public String getSessionIdentifier(); public String getRequestedIDP(); public MOAResponse getInterfederationResponse(); public List<Attribute> getRequestedAttributes(); + public IOAAuthParameters getOnlineApplicationConfiguration(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 4a54a516b..26fb7bd29 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -27,6 +27,7 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; public abstract class RequestImpl implements IRequest, Serializable{ @@ -41,6 +42,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String target = null; private String requestID; + private String sessionIdentifier; + private IOAAuthParameters OAConfiguration = null; //MOA-ID interfederation private String requestedIDP = null; @@ -147,6 +150,23 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.response = response; } + public String getSessionIdentifier() { + return this.sessionIdentifier; + + } + + public void setSessionIdentifier(String sessionIdentifier) { + this.sessionIdentifier = sessionIdentifier; + + } + public IOAAuthParameters getOnlineApplicationConfiguration() { + return this.OAConfiguration; + } + + public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) { + this.OAConfiguration = oaConfig; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 21b4e2b65..f0b12431a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -34,6 +35,11 @@ public class RequestStorage { try { AssertionStorage storage = AssertionStorage.getInstance(); IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); + + //set transactionID and sessionID to Logger + TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); + TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier()); + return pendingRequest; } catch (MOADatabaseException e) { @@ -49,7 +55,7 @@ public class RequestStorage { if (pendingRequest instanceof IRequest) { storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); - + } else { throw new MOAIDException("auth.20", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index df12c7fa9..d90df51e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,6 +30,8 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -62,8 +64,10 @@ class OAuth20AuthAction implements IAction { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); - String code = Random.nextRandom(); + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); + String code = Random.nextRandom(); + try { String accessToken = UUID.randomUUID().toString(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 944da38d0..2238a25e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction { try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST); + try { Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 0a8a6a581..1b187d82e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.data.IAuthData; @@ -85,6 +87,8 @@ public class MetadataAction implements IAction { HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { + MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); + EntitiesDescriptor idpEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e9b18348c..5440e7138 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,6 +57,9 @@ import org.opensaml.xml.signature.SignableXMLObject; import java.util.Arrays; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -253,10 +256,19 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { if (obj instanceof RequestImpl) { RequestImpl iReqSP = (RequestImpl) obj; + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); + MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); if ( processedMsg != null ) { - iReqSP.setInterfederationResponse(processedMsg); + iReqSP.setInterfederationResponse(processedMsg); + + MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); + + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() + + ". Switch to original transaction with ID " + iReqSP.getRequestID()); + TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); + TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); } else { Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." @@ -461,11 +473,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { String oaURL = metadata.getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); - config.setOAURL(oaURL); - config.setBinding(msg.getRequestBinding()); + config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); + config.setBinding(msg.getRequestBinding()); + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); } else if (inMsg instanceof MOAResponse && @@ -540,8 +556,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setRequest(moaRequest); config.setOAURL(moaRequest.getEntityID()); + config.setOnlineApplicationConfiguration(oa); config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); + return config; } @@ -628,11 +647,13 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { String oaURL = moaRequest.getEntityMetadata().getEntityID(); oaURL = StringEscapeUtils.escapeHtml(oaURL); + OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding()); PVPTargetConfiguration config = new PVPTargetConfiguration(); config.setOAURL(oaURL); + config.setOnlineApplicationConfiguration(oa); config.setBinding(consumerService.getBinding()); config.setRequest(moaRequest); config.setConsumerURL(consumerService.getLocation()); @@ -640,7 +661,9 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { //parse AuthRequest config.setPassiv(authReq.isPassive()); config.setForce(authReq.isForceAuthn()); - + + MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); + return config; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index a1b4932d4..61bc51565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -265,7 +265,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } catch (PVP2Exception e) { - Logger.warn( + Logger.info( "Attribute generation failed! for " + reqAttribut.getFriendlyName()); if (reqAttribut.isRequired()) { @@ -274,7 +274,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } } catch (Exception e) { - Logger.error( + Logger.warn( "General Attribute generation failed! for " + reqAttribut.getFriendlyName(), e); if (reqAttribut.isRequired()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index cdc50d8a3..f75293ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -154,8 +154,9 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo { throw new InvalidProtocolRequestException("auth.00", new Object[] { null }); } - + config.setOnlineApplicationConfiguration(oaParam); config.setSourceID(sourceID); + if (MiscUtil.isNotEmpty(target)) config.setTarget(target); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index 42cf04877..843b519a6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -192,6 +192,7 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo { throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()}); else { + STORK2Request.setOnlineApplicationConfiguration(oaParam); if (oaParam.isSTORKPVPGateway()) { if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) { Logger.info("Received request for STORK->PVP gateway. " + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index d843a171e..30b6caef8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -33,7 +33,10 @@ import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import com.fasterxml.jackson.core.JsonProcessingException; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; @@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.JsonMapper; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage { //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + private static JsonMapper mapper = new JsonMapper(); + public static boolean isAuthenticated(String moaSessionID) { AuthenticatedSessionStore session; @@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage { } } - public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException { + public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { String id = Random.nextRandom(); - - AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); - dbsession.setSessionid(id); - dbsession.setAuthenticated(false); + try { + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - Date now = new Date(); - dbsession.setCreated(now); - dbsession.setUpdated(now); + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); - dbsession.setPendingRequestID(pendingRequestID); + dbsession.setPendingRequestID(target.getRequestID()); - AuthenticationSession session = new AuthenticationSession(id, now); - encryptSession(session, dbsession); + //set additional session informations + AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); + sessionExt.setUniqueSessionId(target.getSessionIdentifier()); + dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - //store AssertionStore element to Database - try { + AuthenticationSession session = new AuthenticationSession(id, now); + encryptSession(session, dbsession); + + //store AssertionStore element to Database MOASessionDBUtils.saveOrUpdate(dbsession); Logger.info("MOASession with sessionID=" + id + " is stored in Database"); + return session; + } catch (MOADatabaseException e) { Logger.warn("MOASession could not be created."); throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException(e); + } - - return session; + } public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { @@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage { throw new MOADatabaseException("MOASession deserialization-exception"); } } + + public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { + try { + return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), + AuthenticationSessionExtensions.class); + + } catch (Exception e) { + Logger.warn("Extended session information extraction FAILED!", e); + } + } + return null; + + } + + public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + dbsession.setAdditionalInformation( + mapper.serialize(sessionExtensions)); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); + + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException("Extended session information can not be stored.", e); + + } + + } public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { storeSession(session, null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index 2d9fb9196..22a021d99 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -83,7 +83,7 @@ public class Random { ByteBuffer bb = ByteBuffer.wrap(b); long l = bb.getLong(); - return "" + l; + return "" + Math.abs(l); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 1edb8d1f3..8e42f0df7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.Serializable;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class MISMandate implements Serializable{
@@ -91,6 +97,28 @@ public class MISMandate implements Serializable{ public byte[] getMandate() {
return mandate;
}
+
+ public Element getMandateDOM() {
+ try {
+ byte[] byteMandate = mandate;
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ public Mandate getMandateJaxB() {
+ Element domMandate = getMandateDOM();
+ if (domMandate != null)
+ return MandateBuilder.buildMandate(domMandate);
+
+ return null;
+ }
+
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index e27bd6cd7..af5950c98 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -96,6 +96,10 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "pendingRequestID", nullable=true) private String pendingRequestID = ""; + @Column(name = "additionalInformation", nullable=true) + @Lob + private String additionalInformation; + @Column(name = "created", updatable=false, nullable=false) @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -113,11 +117,6 @@ public class AuthenticatedSessionStore implements Serializable{ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER) private List<InterfederationSessionStore> inderfederation = null; - @PrePersist - protected void created() { - this.updated = this.created = new Date(); - } - @PreUpdate protected void lastUpdate() { this.updated = new Date(); @@ -262,6 +261,20 @@ public class AuthenticatedSessionStore implements Serializable{ public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) { this.isInterfederatedSSOSession = isInterfederatedSSOSession; } + + /** + * @return the additionalInformation + */ + public String getAdditionalInformation() { + return additionalInformation; + } + + /** + * @param additionalInformation the additionalInformation to set + */ + public void setAdditionalInformation(String additionalInformation) { + this.additionalInformation = additionalInformation; + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java new file mode 100644 index 000000000..7940955e2 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.commons.utils; + +import java.io.IOException; + +import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.databind.type.TypeFactory; + +/** + * Helper class to handle the JSON (de-)serialization. + * + */ +public class JsonMapper { + + private ObjectMapper mapper = new ObjectMapper(); + + /** + * The default constructor where the default pretty printer is disabled. + */ + public JsonMapper() { + this(false); + } + + /** + * The constructor. + * @param prettyPrint enables or disables the default pretty printer + */ + public JsonMapper(boolean prettyPrint) { + mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); + mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); + mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); + if (prettyPrint) { + mapper.enable(SerializationFeature.INDENT_OUTPUT); + } + } + + /** + * Serialize an object to a JSON string. + * @param value the object to serialize + * @return a JSON string + * @throws JsonProcessingException thrown when an error occurs during serialization + */ + public String serialize(Object value) throws JsonProcessingException { + return mapper.writeValueAsString(value); + } + + /** + * Deserialize a JSON string. + * + * @param value the JSON string to deserialize + * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned. + * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object} + * @throws JsonParseException if the JSON string contains invalid content. + * @throws JsonMappingException if the input JSON structure does not match structure expected for result type + * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input) + */ + public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{ + + ObjectMapper mapper = new ObjectMapper(); + if (clazz != null) { + JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); + return mapper.readValue(value, javaType); + } else { + return mapper.readValue(value, Object.class); + } + } +} diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 8b013ab4d..849ce72fe 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -60,6 +60,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
|