aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties6
-rw-r--r--id/server/idserverlib/pom.xml12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java252
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java176
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java28
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java23
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java73
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java4
40 files changed, 1161 insertions, 53 deletions
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index c7dece5c5..7ad5aefde 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -14,8 +14,8 @@ log4j.logger.org.hibernate=warn
# configure the stdout appender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
-log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c | %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n
# configure the rolling file appender (R)
log4j.appender.R=org.apache.log4j.RollingFileAppender
@@ -23,5 +23,5 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log
log4j.appender.R.MaxFileSize=10000KB
log4j.appender.R.MaxBackupIndex=1
log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 0bda107be..e7faf2df6 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -46,6 +46,18 @@
</dependency>
<dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-api</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>eventlog-slf4j</artifactId>
+ <version>0.4</version>
+ </dependency>
+
+ <dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
</dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
new file mode 100644
index 000000000..aae4dd8c4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egiz.components.eventlog.api.EventConstants;
+
+/**
+ * @author tlenz
+ *
+ *Defines Constants for Event Logging
+ *
+ *Event codes from 3000 to 9999 can be defined here
+ *
+ */
+public interface MOAIDEventConstants extends EventConstants {
+
+ //move to EventConstants
+ public static final int TRANSACTION_ERROR = 1103;
+ public static final int SESSION_ERROR = 1003;
+
+
+ //auth protocol specific information
+ public static final int AUTHPROTOCOL_TYPE = 3000;
+
+ public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
+
+ public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200;
+ public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
+
+
+ //authentication process information
+ public static final int AUTHPROCESS_START = 4000;
+ public static final int AUTHPROCESS_FINISHED = 4001;
+ public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002;
+ public static final int AUTHPROCESS_STORK_REQUESTED = 4003;
+ public static final int AUTHPROCESS_SSO = 4004;
+ public static final int AUTHPROCESS_SSO_INVALID = 4005;
+ public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006;
+ public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007;
+ public static final int AUTHPROCESS_INTERFEDERATION = 4008;
+ public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009;
+
+ public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110;
+ public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111;
+ public static final int AUTHPROCESS_BKU_URL = 4112;
+ public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113;
+
+ public static final int AUTHPROCESS_IDL_VALIDATED = 4220;
+ public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221;
+ public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222;
+ public static final int AUTHPROCESS_FOREIGN_FOUND = 4223;
+ public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224;
+ public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225;
+
+ public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330;
+ public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
+ public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
+
+ public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
+ public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
+
+ //person information
+ public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
+ public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001;
+ public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002;
+
+ public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103;
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
new file mode 100644
index 000000000..6e09ea439
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import at.gv.egiz.components.eventlog.api.Event;
+import at.gv.egiz.components.eventlog.api.EventLogFactory;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDEventLog extends EventLogFactory {
+
+ public static void logEvent(Event event) {
+ try {
+ getEventLog().logEvent(event);
+
+ } catch (EventLoggingException e) {
+ Logger.warn("Event logging FAILED!", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
new file mode 100644
index 000000000..1228a95a4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -0,0 +1,252 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+import java.security.MessageDigest;
+import java.util.Date;
+import java.util.List;
+
+import com.google.common.primitives.Ints;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAReversionLogger {
+
+ private static MOAReversionLogger instance = null;
+
+ private static final List<Integer> defaultEventCodes = Ints.asList(
+ MOAIDEventConstants.SESSION_CREATED,
+ MOAIDEventConstants.SESSION_DESTROYED,
+ MOAIDEventConstants.SESSION_ERROR,
+ MOAIDEventConstants.SESSION_IP,
+ MOAIDEventConstants.TRANSACTION_CREATED,
+ MOAIDEventConstants.TRANSACTION_DESTROYED,
+ MOAIDEventConstants.TRANSACTION_ERROR,
+ MOAIDEventConstants.TRANSACTION_IP,
+ MOAIDEventConstants.AUTHPROTOCOL_TYPE,
+ MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+
+ MOAIDEventConstants.AUTHPROCESS_START,
+ MOAIDEventConstants.AUTHPROCESS_FINISHED,
+ MOAIDEventConstants.AUTHPROCESS_BKU_URL,
+ MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP,
+ MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
+ MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
+ MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
+ MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH
+
+ );
+
+ public static synchronized MOAReversionLogger getInstance() {
+ if (instance == null) {
+ instance = new MOAReversionLogger();
+ MOAIDEventLog.reload();
+
+ }
+
+ return instance;
+ }
+
+
+ public void logEvent(IOAAuthParameters oaConfig,
+ int eventCode, String message) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
+ }
+
+ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest,
+ int eventCode) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()));
+
+ }
+
+ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest,
+ int eventCode, String message) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ message,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()
+ ));
+
+ }
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ public void logEvent(int eventCode, String message) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
+
+ }
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID));
+
+ }
+
+ /**
+ * @param errorRequest
+ * @param transactionError
+ */
+ public void logEvent(IRequest pendingRequest, int eventCode) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()));
+
+ }
+
+ public void logEvent(IRequest pendingRequest, int eventCode, String message) {
+ logEvent(pendingRequest.getOnlineApplicationConfiguration(),
+ pendingRequest, eventCode, message);
+
+ }
+
+ public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) {
+ if (MiscUtil.isNotEmpty(mandate.getOWbPK()))
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK,
+ mandate.getOWbPK());
+
+ if (MiscUtil.isNotEmpty(mandate.getProfRep()))
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE,
+ mandate.getProfRep());
+
+ Mandate jaxBMandate = mandate.getMandateJaxB();
+ if (jaxBMandate != null) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE,
+ jaxBMandate.getAnnotation());
+
+ if (jaxBMandate.getMandator().getCorporateBody() != null) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ "jur");
+ try {
+ String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType()
+ + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId();
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID,
+ jurBaseID);
+
+ } catch (Throwable e) {
+ Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e);
+
+ }
+
+ } else {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ "nat");
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH,
+ buildPersonInformationHash(
+ jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0),
+ jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(),
+ jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth()));
+ }
+ }
+ }
+
+ /**
+ * @param pendingReq
+ * @param identityLink
+ */
+ public void logPersonalInformationEvent(IRequest pendingReq,
+ IdentityLink identityLink) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH,
+ buildPersonInformationHash(
+ identityLink.getGivenName(),
+ identityLink.getFamilyName(),
+ identityLink.getDateOfBirth()
+ ));
+
+ }
+
+ private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) {
+
+ // {"hash":"hashvalue","salt":"testSalt"}
+ // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"}
+
+ String salt = "default";
+ String inputData = "{\"person\":{\"givenname\":\""
+ + givenName
+ + "\",\"familyname\":\""
+ + familyName
+ + "\",\"dateofbirth\":\""
+ + dateofBirth
+ +"\"},\"salt\":\""
+ + salt
+ +"\"}";
+
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance("SHA-256");
+ byte[] hash = md.digest(inputData.getBytes("UTF-8"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}";
+
+ } catch (Throwable e) {
+ Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e);
+ return null;
+
+ }
+
+ }
+
+ public List<Integer> getDefaulttReversionsLoggingEventCodes() {
+ return defaultEventCodes;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
new file mode 100644
index 000000000..7f6f2c6b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.advancedlogging;
+
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TransactionIDUtils {
+
+ public static void setTransactionId(String pendingRequestID) {
+ org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
+ "TID-" + pendingRequestID);
+ org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
+ "TID-" + pendingRequestID);
+
+ }
+
+ public static void removeTransactionId() {
+ org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+ org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+
+ }
+
+ public static void setSessionId(String uniqueSessionId) {
+ org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
+ "TID-" + uniqueSessionId);
+ org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
+ "TID-" + uniqueSessionId);
+
+ }
+
+ public static void removeSessionId() {
+ org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+ org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 54484a854..d7694ac2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -30,6 +30,8 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -68,6 +70,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -260,8 +263,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
-
-
+
//TODO: cleanup before MOA-ID 2.1 release
try {
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
@@ -301,7 +303,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
* link results in an Exception being thrown.
* @throws BKUException
*/
- public String verifyIdentityLink(AuthenticationSession session,
+ public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session,
Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
@@ -371,10 +373,13 @@ public class AuthenticationServer extends MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
-
+
//Removed in MOA-ID 2.0
//verifyInfoboxes(session, infoboxReadResponseParameters, false);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+
return "found!";
}
@@ -447,6 +452,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -647,13 +653,14 @@ public class AuthenticationServer extends MOAIDAuthConstants {
* <li>Verifies signature by calling the MOA SP component</li>
* <li>Returns the signer certificate</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param readInfoboxResponseParameters The parameters from the response returned from the BKU
* including the <code>&lt;ReadInfoboxResponse&gt;</code>
* @throws BKUException
*/
- public X509Certificate getCertificate(String sessionID,
+ public X509Certificate getCertificate(IRequest pendingReq, String sessionID,
Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
@@ -674,6 +681,9 @@ public class AuthenticationServer extends MOAIDAuthConstants {
xmlReadInfoboxResponse);
X509Certificate cert = p.parseCertificate();
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
+
return cert;
}
@@ -1065,6 +1075,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
* <li>Deletes authentication session</li>
* <li><strike>Returns the SAML artifact, encoded BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse String representation of the
@@ -1073,7 +1084,7 @@ public class AuthenticationServer extends MOAIDAuthConstants {
* BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)
* @throws BKUException
*/
- public String verifyAuthenticationBlock(AuthenticationSession session,
+ public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException, BKUException {
@@ -1236,6 +1247,12 @@ public class AuthenticationServer extends MOAIDAuthConstants {
vsresp.setX509certificate(null);
session.setForeigner(false);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+
+ MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink()
+ );
+
if (session.getUseMandate()) {
// mandate mode
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 3d12bae61..b29e0d9f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -167,4 +167,6 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
+ public static final String MDC_TRANSACTION_ID = "transactionId";
+ public static final String MDC_SESSION_ID = "sessionId";
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
new file mode 100644
index 000000000..61b8f7bd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.io.Serializable;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionExtensions implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ private String uniqueSessionId = null;
+
+ /**
+ * @return the uniqueSessionId
+ */
+ public String getUniqueSessionId() {
+ return uniqueSessionId;
+ }
+
+ /**
+ * @param uniqueSessionId the uniqueSessionId to set
+ */
+ public void setUniqueSessionId(String uniqueSessionId) {
+ this.uniqueSessionId = uniqueSessionId;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index 8909564c3..1a311993e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
@@ -110,7 +111,7 @@ public class SignatureVerificationInvoker {
AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
authConnParam = authConfigProvider.getMoaSpConnectionParameter();
//If the ConnectionParameter do NOT exist, we try to get the api to work....
- if (authConnParam != null) {
+ if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
endPoint = authConnParam.getUrl();
call.setTargetEndpointAddress(endPoint);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ee6f0d5a4..183467d87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -8,8 +8,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -19,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -74,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
try {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
AuthenticationSessionStoreage.changeSessionID(moasession);
executionContext.remove(PARAM_SESSIONID);
@@ -89,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, req, resp);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
+ if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
@@ -114,6 +130,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
finally {
ConfigurationDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 6bf68e2eb..8f1cd8cfe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
-
+
Element signature = csresp.getDsigSignature();
try {
@@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
throw new MOAIDException("auth.14", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+
// make SZR request to the identity link
CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
@@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
// TODO[branch]: Final step back to /dispatcher
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d30dfd562..67d42e442 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringEscapeUtils;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -26,7 +28,9 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -85,6 +89,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -106,6 +113,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
throw new AuthenticationException("auth.15", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
+
+
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
@@ -131,6 +142,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
+ //log mandate specific set of events
+ MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);
+
//set QAA Level four in case of card authentifcation
session.setQAALevel(PVPConstants.STORK_QAA_1_4);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index d9c4c3c4e..fd1400ed1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -32,7 +34,9 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -115,10 +119,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+ String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);
if (authenticatedMOASessionId == null) {
//mandate Mode
@@ -174,6 +183,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
+
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
connectionParameters.getUrl(),
idl,
@@ -202,6 +214,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 607641532..26c10399d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
@@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
else {
-
-
+
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
if (countrycode.compareToIgnoreCase("AT") == 0) {
@@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
// Foreign Identities Modus
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
+
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 44557453a..821bb572a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
}
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
+ boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
AuthenticationSessionStoreage.storeSession(session);
executionContext.put("identityLinkAvailable", identityLinkAvailable);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 7b55564c4..1d4b442da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -39,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -48,6 +51,7 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessInstance;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -104,16 +108,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
else {
-
+
//get Target from config or from request in case of SAML 1
String target = null;
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
+
if (MiscUtil.isNotEmpty(pendingReq.getTarget()) &&
pendingReq.requestedModule().equals(SAML1Protocol.PATH))
target = pendingReq.getTarget();
else
target = oaParam.getTarget();
-
+
String bkuURL = oaParam.getBKUURL(bkuid);
if (MiscUtil.isEmpty(bkuURL)) {
Logger.info("No OA specific BKU defined. Use BKU from default configuration");
@@ -160,6 +168,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
ec.put("ccc", moasession.getCcc());
ec.put("useMandate", moasession.getUseMandate());
ec.put("bkuURL", moasession.getBkuURL());
+ ec.put("pendingRequestID", pendingRequestID);
// select and create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 0b6180d0f..83caaf75a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -7,10 +7,13 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.slf4j.MDC;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -65,8 +68,14 @@ public class ProcessEngineSignalServlet extends AuthServlet {
// retrieve moa session
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ //add transactionID and unique sessionID to Logger
+ if (extendedSessionInformation != null)
+ TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
+ TransactionIDUtils.setTransactionId(pendingRequestID);
+
// process instance is mandatory
if (session.getProcessInstanceId() == null) {
throw new IllegalStateException("MOA session does not provide process instance id.");
@@ -77,8 +86,12 @@ public class ProcessEngineSignalServlet extends AuthServlet {
} catch (Exception ex) {
handleError(null, ex, req, resp, pendingRequestID);
+
} finally {
MOASessionDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
new file mode 100644
index 000000000..e9019ded4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -0,0 +1,176 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
+ * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence. This product combines work with different licenses. See the "NOTICE" text file for
+ * details on the various modules and licenses. The "NOTICE" text file is part of the distribution.
+ * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.config;
+
+import java.io.Serializable;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+
+/**
+ * Configuration parameters belonging to an online application, to be used within both, the MOA ID
+ * Auth and the MOA ID PROXY component.
+ *
+ * @author Harald Bratko
+ */
+public class OAParameter implements Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ public OAParameter() { }
+
+ public OAParameter(OnlineApplication oa) {
+
+ this.oaType = oa.getType();
+
+ if (this.oaType.equals("businessService"))
+ this.businessService = true;
+ else
+ this.businessService = false;
+
+ this.publicURLPrefix = oa.getPublicURLPrefix();
+
+ this.friendlyName = oa.getFriendlyName();
+
+ this.target = oa.getTarget();
+
+ this.targetFriendlyName = oa.getTargetFriendlyName();
+
+ this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock();
+
+ this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
+
+ this.isInderfederationIDP = oa.isIsInterfederationIDP();
+
+ this.isSTORKPVPGateway = oa.isIsInterfederationGateway();
+
+ }
+
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+
+ /**
+ * specifies whether the online application is a business application or not (<code>true</code>
+ * if value of {@link #oaType} is "businessService"
+ */
+ protected boolean businessService;
+
+
+ /**
+ * public URL prefix of the online application
+ */
+ protected String publicURLPrefix;
+
+ /**
+ * specifies a human readable name of the Online Application
+ */
+ protected String friendlyName;
+
+ /**
+ * specified a specific target for the Online Application (overwrites the target in der request)
+ */
+ protected String target;
+ /**
+ * specifies a friendly name for the target
+ */
+ protected String targetFriendlyName;
+
+ protected boolean removePBKFromAuthblock;
+
+ protected Boolean isInderfederationIDP;
+
+ protected Boolean isSTORKPVPGateway;
+
+ /**
+ * Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
+ */
+ private OAOAUTH20 oAuth20Config;
+
+ public String getOaType() {
+ return oaType;
+ }
+
+ public boolean getBusinessService() {
+ return businessService;
+ }
+
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ public String getTarget() {
+ return target;
+ }
+
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ public boolean isRemovePBKFromAuthBlock() {
+ return removePBKFromAuthblock;
+ }
+
+ public OAOAUTH20 getoAuth20Config() {
+ return oAuth20Config;
+ }
+
+ /**
+ * @return the isInderfederationIDP
+ */
+ public boolean isInderfederationIDP() {
+ if (isInderfederationIDP == null)
+ return false;
+
+ return isInderfederationIDP;
+ }
+
+ public boolean isSTORKPVPGateway() {
+ if (isSTORKPVPGateway == null)
+ return false;
+
+ return isSTORKPVPGateway;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 6bf9388dc..92d0856ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -207,4 +207,6 @@ public interface IOAAuthParameters {
*/
public Collection<StorkAttributeProviderPlugin> getStorkAPs();
+ public List<Integer> getReversionsLoggingEventCodes();
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 4587f0bc3..d3292b021 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -853,4 +853,14 @@ public boolean isRemovePBKFromAuthBlock() {
return false;
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+@Override
+public List<Integer> getReversionsLoggingEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index ac1470dc6..44f4da027 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -453,4 +453,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {
// TODO Auto-generated method stub
return null;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+ @Override
+ public List<Integer> getReversionsLoggingEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 15dbf818d..0b45bb461 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 25aaf4310..06b55fb66 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -148,7 +151,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
authSession.setAuthenticatedUsed(true);
AuthenticationSessionStoreage.storeSession(authSession);
-
+
return true; // got authenticated
}
}
@@ -335,6 +338,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
authSession.setAuthenticated(false);
//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
AuthenticationSessionStoreage.destroySession(moaSessionID);
@@ -351,13 +358,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
- Logger.info("Starting authentication ...");
+ Logger.info("Starting authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_START);
if (MiscUtil.isEmpty(target.getRequestedIDP())) {
perfomLocalAuthentication(request, response, target);
} else {
Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
buildPVP21AuthenticationRequest(request, response, target);
}
@@ -370,7 +381,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
target.requestedAction(), target.getRequestID(), oaParam,
AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
-
+
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
out.print(form);
@@ -569,7 +583,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
try {
//check if an MOASession exists and if not create an new MOASession
//moasession = getORCreateMOASession(request);
- moasession = AuthenticationSessionStoreage.createSession(target.getRequestID());
+ moasession = AuthenticationSessionStoreage.createSession(target);
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
@@ -592,6 +606,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
executionContext.put("useMandate", moasession.getUseMandate());
executionContext.put("bkuURL", moasession.getBkuURL());
executionContext.put(PARAM_SESSIONID, moasession.getSessionID());
+ executionContext.put("pendingRequestID", target.getRequestID());
// create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
@@ -620,6 +635,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
processEngine.start(processInstanceId);
} else {
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+
//load Parameters from OnlineApplicationConfiguration
OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
.getOnlineApplicationParameter(target.getOAURL());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index aaeb84f92..8f3ed9fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,10 +22,12 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import java.util.Date;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
public interface IRequest {
@@ -40,9 +42,11 @@ public interface IRequest {
public String getTarget();
public void setRequestID(String id);
public String getRequestID();
+ public String getSessionIdentifier();
public String getRequestedIDP();
public MOAResponse getInterfederationResponse();
public List<Attribute> getRequestedAttributes();
+ public IOAAuthParameters getOnlineApplicationConfiguration();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 4a54a516b..26fb7bd29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
public abstract class RequestImpl implements IRequest, Serializable{
@@ -41,6 +42,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String action = null;
private String target = null;
private String requestID;
+ private String sessionIdentifier;
+ private IOAAuthParameters OAConfiguration = null;
//MOA-ID interfederation
private String requestedIDP = null;
@@ -147,6 +150,23 @@ public abstract class RequestImpl implements IRequest, Serializable{
this.response = response;
}
+ public String getSessionIdentifier() {
+ return this.sessionIdentifier;
+
+ }
+
+ public void setSessionIdentifier(String sessionIdentifier) {
+ this.sessionIdentifier = sessionIdentifier;
+
+ }
+ public IOAAuthParameters getOnlineApplicationConfiguration() {
+ return this.OAConfiguration;
+ }
+
+ public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) {
+ this.OAConfiguration = oaConfig;
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 21b4e2b65..f0b12431a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
@@ -34,6 +35,11 @@ public class RequestStorage {
try {
AssertionStorage storage = AssertionStorage.getInstance();
IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
+
+ //set transactionID and sessionID to Logger
+ TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
+ TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
+
return pendingRequest;
} catch (MOADatabaseException e) {
@@ -49,7 +55,7 @@ public class RequestStorage {
if (pendingRequest instanceof IRequest) {
storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
-
+
} else {
throw new MOAIDException("auth.20", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index df12c7fa9..d90df51e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,6 +30,8 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -62,8 +64,10 @@ class OAuth20AuthAction implements IAction {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
String responseType = oAuthRequest.getResponseType();
- String code = Random.nextRandom();
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
+ String code = Random.nextRandom();
+
try {
String accessToken = UUID.randomUUID().toString();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 944da38d0..2238a25e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction {
try {
OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+
try {
Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 0a8a6a581..1b187d82e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -85,6 +87,8 @@ public class MetadataAction implements IAction {
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
+
EntitiesDescriptor idpEntitiesDescriptor =
SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e9b18348c..5440e7138 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,6 +57,9 @@ import org.opensaml.xml.signature.SignableXMLObject;
import java.util.Arrays;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -253,10 +256,19 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if (obj instanceof RequestImpl) {
RequestImpl iReqSP = (RequestImpl) obj;
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
if ( processedMsg != null ) {
- iReqSP.setInterfederationResponse(processedMsg);
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+
+ Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
+ + ". Switch to original transaction with ID " + iReqSP.getRequestID());
+ TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+ TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
} else {
Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
@@ -461,11 +473,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- config.setOAURL(oaURL);
- config.setBinding(msg.getRequestBinding());
+ config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
+ config.setBinding(msg.getRequestBinding());
+
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
} else if (inMsg instanceof MOAResponse &&
@@ -540,8 +556,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setRequest(moaRequest);
config.setOAURL(moaRequest.getEntityID());
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+
return config;
}
@@ -628,11 +647,13 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
String oaURL = moaRequest.getEntityMetadata().getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(consumerService.getBinding());
config.setRequest(moaRequest);
config.setConsumerURL(consumerService.getLocation());
@@ -640,7 +661,9 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
//parse AuthRequest
config.setPassiv(authReq.isPassive());
config.setForce(authReq.isForceAuthn());
-
+
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+
return config;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index a1b4932d4..61bc51565 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -265,7 +265,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
} catch (PVP2Exception e) {
- Logger.warn(
+ Logger.info(
"Attribute generation failed! for "
+ reqAttribut.getFriendlyName());
if (reqAttribut.isRequired()) {
@@ -274,7 +274,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
}
} catch (Exception e) {
- Logger.error(
+ Logger.warn(
"General Attribute generation failed! for "
+ reqAttribut.getFriendlyName(), e);
if (reqAttribut.isRequired()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index cdc50d8a3..f75293ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -154,8 +154,9 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
throw new InvalidProtocolRequestException("auth.00",
new Object[] { null });
}
-
+ config.setOnlineApplicationConfiguration(oaParam);
config.setSourceID(sourceID);
+
if (MiscUtil.isNotEmpty(target))
config.setTarget(target);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 42cf04877..843b519a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -192,6 +192,7 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo {
throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()});
else {
+ STORK2Request.setOnlineApplicationConfiguration(oaParam);
if (oaParam.isSTORKPVPGateway()) {
if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) {
Logger.info("Received request for STORK->PVP gateway. " +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index d843a171e..30b6caef8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -33,7 +33,10 @@ import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
+import com.fasterxml.jackson.core.JsonProcessingException;
+
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage {
//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+ private static JsonMapper mapper = new JsonMapper();
+
public static boolean isAuthenticated(String moaSessionID) {
AuthenticatedSessionStore session;
@@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage {
}
}
- public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException {
+ public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
String id = Random.nextRandom();
-
- AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
- dbsession.setSessionid(id);
- dbsession.setAuthenticated(false);
+ try {
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(false);
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- Date now = new Date();
- dbsession.setCreated(now);
- dbsession.setUpdated(now);
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ Date now = new Date();
+ dbsession.setCreated(now);
+ dbsession.setUpdated(now);
- dbsession.setPendingRequestID(pendingRequestID);
+ dbsession.setPendingRequestID(target.getRequestID());
- AuthenticationSession session = new AuthenticationSession(id, now);
- encryptSession(session, dbsession);
+ //set additional session informations
+ AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
+ sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+ dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
- //store AssertionStore element to Database
- try {
+ AuthenticationSession session = new AuthenticationSession(id, now);
+ encryptSession(session, dbsession);
+
+ //store AssertionStore element to Database
MOASessionDBUtils.saveOrUpdate(dbsession);
Logger.info("MOASession with sessionID=" + id + " is stored in Database");
+ return session;
+
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be created.");
throw new MOADatabaseException(e);
+
+ } catch (JsonProcessingException e) {
+ Logger.warn("Extended session information can not be stored.", e);
+ throw new MOADatabaseException(e);
+
}
-
- return session;
+
}
public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
@@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("MOASession deserialization-exception");
}
}
+
+ public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+
+ if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
+ try {
+ return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(),
+ AuthenticationSessionExtensions.class);
+
+ } catch (Exception e) {
+ Logger.warn("Extended session information extraction FAILED!", e);
+ }
+ }
+ return null;
+
+ }
+
+ public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+
+ dbsession.setAdditionalInformation(
+ mapper.serialize(sessionExtensions));
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+
+ } catch (JsonProcessingException e) {
+ Logger.warn("Extended session information can not be stored.", e);
+ throw new MOADatabaseException("Extended session information can not be stored.", e);
+
+ }
+
+ }
public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
storeSession(session, null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 2d9fb9196..22a021d99 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -83,7 +83,7 @@ public class Random {
ByteBuffer bb = ByteBuffer.wrap(b);
long l = bb.getLong();
- return "" + l;
+ return "" + Math.abs(l);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 1edb8d1f3..8e42f0df7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
import java.io.Serializable;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class MISMandate implements Serializable{
@@ -91,6 +97,28 @@ public class MISMandate implements Serializable{
public byte[] getMandate() {
return mandate;
}
+
+ public Element getMandateDOM() {
+ try {
+ byte[] byteMandate = mandate;
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ public Mandate getMandateJaxB() {
+ Element domMandate = getMandateDOM();
+ if (domMandate != null)
+ return MandateBuilder.buildMandate(domMandate);
+
+ return null;
+ }
+
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index e27bd6cd7..af5950c98 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -96,6 +96,10 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "pendingRequestID", nullable=true)
private String pendingRequestID = "";
+ @Column(name = "additionalInformation", nullable=true)
+ @Lob
+ private String additionalInformation;
+
@Column(name = "created", updatable=false, nullable=false)
@Temporal(TemporalType.TIMESTAMP)
private Date created;
@@ -113,11 +117,6 @@ public class AuthenticatedSessionStore implements Serializable{
@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
private List<InterfederationSessionStore> inderfederation = null;
- @PrePersist
- protected void created() {
- this.updated = this.created = new Date();
- }
-
@PreUpdate
protected void lastUpdate() {
this.updated = new Date();
@@ -262,6 +261,20 @@ public class AuthenticatedSessionStore implements Serializable{
public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
this.isInterfederatedSSOSession = isInterfederatedSSOSession;
}
+
+ /**
+ * @return the additionalInformation
+ */
+ public String getAdditionalInformation() {
+ return additionalInformation;
+ }
+
+ /**
+ * @param additionalInformation the additionalInformation to set
+ */
+ public void setAdditionalInformation(String additionalInformation) {
+ this.additionalInformation = additionalInformation;
+ }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
new file mode 100644
index 000000000..7940955e2
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+
+/**
+ * Helper class to handle the JSON (de-)serialization.
+ *
+ */
+public class JsonMapper {
+
+ private ObjectMapper mapper = new ObjectMapper();
+
+ /**
+ * The default constructor where the default pretty printer is disabled.
+ */
+ public JsonMapper() {
+ this(false);
+ }
+
+ /**
+ * The constructor.
+ * @param prettyPrint enables or disables the default pretty printer
+ */
+ public JsonMapper(boolean prettyPrint) {
+ mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
+ mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY);
+ mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY);
+ if (prettyPrint) {
+ mapper.enable(SerializationFeature.INDENT_OUTPUT);
+ }
+ }
+
+ /**
+ * Serialize an object to a JSON string.
+ * @param value the object to serialize
+ * @return a JSON string
+ * @throws JsonProcessingException thrown when an error occurs during serialization
+ */
+ public String serialize(Object value) throws JsonProcessingException {
+ return mapper.writeValueAsString(value);
+ }
+
+ /**
+ * Deserialize a JSON string.
+ *
+ * @param value the JSON string to deserialize
+ * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned.
+ * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object}
+ * @throws JsonParseException if the JSON string contains invalid content.
+ * @throws JsonMappingException if the input JSON structure does not match structure expected for result type
+ * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input)
+ */
+ public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{
+
+ ObjectMapper mapper = new ObjectMapper();
+ if (clazz != null) {
+ JavaType javaType = TypeFactory.defaultInstance().constructType(clazz);
+ return mapper.readValue(value, javaType);
+ } else {
+ return mapper.readValue(value, Object.class);
+ }
+ }
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index 8b013ab4d..849ce72fe 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -60,6 +60,10 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;