diff options
Diffstat (limited to 'id/server')
79 files changed, 5147 insertions, 1726 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index f2235b91f..68fb1c6c6 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -9,6 +9,12 @@ <description>Select Bürgerkartenartenumgebung</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class> </servlet> + <servlet> + <servlet-name>GenerateIframeTemplate</servlet-name> + <display-name>GenerateIframeTemplate</display-name> + <description>Generate BKU Request template</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> + </servlet> <servlet> <servlet-name>StartAuthentication</servlet-name> <display-name>StartAuthentication</display-name> @@ -130,9 +136,13 @@ <url-pattern>/SelectBKU</url-pattern> </servlet-mapping> <servlet-mapping> + <servlet-name>GenerateIframeTemplate</servlet-name> + <url-pattern>/GenerateIframeTemplate</url-pattern> + </servlet-mapping>GenerateIframeTemplate +<!-- <servlet-mapping> <servlet-name>StartAuthentication</servlet-name> <url-pattern>/StartBKUAuthentication</url-pattern> - </servlet-mapping> + </servlet-mapping> --> <servlet-mapping> <servlet-name>VerifyIdentityLink</servlet-name> <url-pattern>/VerifyIdentityLink</url-pattern> diff --git a/id/server/auth/src/main/webapp/css/2.0/stammzahl.css b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css new file mode 100644 index 000000000..99c9ab425 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css @@ -0,0 +1,192 @@ +#header { + position: relative; + top: -5px; padding-top : 114px; +/* background: url("../../img/2.0/logo_dsk_szr_header.png") right top no-repeat; */ + text-align: right; + padding-top: 114px; +} + +html { + height: 100%; +} + +body { + margin: 0px; background : url(../../../img/2.0/bg_header.png) 0 0 repeat-x; + padding-bottom: 2em; + font-weight: inherit; + font-style: inherit; + font-size: 100%; + font-family: Verdana, Arial, Helvetica, sans-serif; + line-height: 1; + min-height: 101%; + background: url(../../img/2.0/bg_header.png) 0 0 repeat-x; +} + +ol,ul { + list-style-type: none; + list-style-image: none; + list-style-position: outside; +} + +#pagebase { + background: url(../../img/2.0/bg_footer.png) repeat-x left bottom; + width: 100%; +} + +#page { + min-width: 800px; + max-width: 1000px; + margin: 0 auto 5px auto; + padding: 0 5px; +} + +#homelink { + position: absolute; + top: 20px; + left: 0; +} + +#homelink a:hover,#homelink a:focus,#homelink a:active { + border-bottom: 3px solid #c51713; +} + +#mainnav { + margin-top: 0px; + margin-bottom: 0px; + margin-left: 95px; + background: url(../../img/2.0/bg_mainnav.png) right bottom repeat-x; + float: right; + padding-top: 0pt; + padding-right: 0pt; + padding-bottom: 0pt; + padding-left: 0pt; +} + +#mainnav li { + float: left; + /*font-size: 0.9em;*/ + background: #fff url(../../img/2.0/bg_mainnav_right.png) right top no-repeat; + margin-left: 2px; +} + +#mainnav li.first-item { + margin-left: 0; +} + +#mainnav li a { + display: block; + font-weight: bold; + padding: 7px 0.75em; + text-decoration: none; + color: Black; + background: url(../../img/2.0/bg_mainnav_left.png) left top no-repeat; +} + +#mainnav li a.current { + color: #c51713; +} + +#mainnav li a:hover,#mainnav li a:focus,#mainnav li a:active { + color: #c51713; + text-decoration: underline; +} + +#footer { + position: relative; + clear: both; + display: block; + height: 48px; +} + +#footer ul { + float: right; + margin-top: 0.5em; + background: url(../../img/2.0/bg_bottom_line.png) 0 3px repeat-x; +} + +#footer li { + float: left; + font-size: 0.8em; + display: inline; +} + +#footer li a { + display: block; + padding: 0 1em; + margin-top: 3px; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#footer li a.last-item { + border-right: none; + padding-right: 0; +} + +#footer li a:hover,#footer li a:focus,#footer li a:active { + text-decoration: underline; +} + +#servicenav { + margin: 0px; + padding: 0px; position : absolute; + top: 0; + left: 0; + width: 100%; + text-align: right; + margin-top: 3px; + position: absolute; +} + +#servicenav li { + display: inline; + font-size: 0.8em; + line-height: 1.2; +} + +#servicenav li a,#servicenav li span.current { + padding: 0 0.5em; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#servicenav li a:hover,#servicenav li a:focus,#servicenav li a:active { + text-decoration: underline; +} + +#servicenav li span.current { + color: #c51713; + font-weight: bold; +} + +#servicenav li a.last-item { + border-right: none; + padding-right: 2px; +} + +.hidden { + position: absolute; + top: -1000em; + left: -1000em; + height: 1px; + width: 1px; + overflow: hidden; +} + +.clearfix:after { + content: "."; + display: block; + height: 0; + clear: both; + visibility: hidden; +} + +.clearfix { + display: inline-block; +} + +.clearfix { + display: block; +}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesinput.css b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css new file mode 100644 index 000000000..000888b7b --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css @@ -0,0 +1,251 @@ +@CHARSET "utf-8"; + +/* ************************************* */ +/* * generated css (see input.css.jsp) * */ +/* ************************************* */ +/* **** classes for value **** */ + +fieldset label.value, textarea.value, input.value { + width: 150px !important; +} + +textarea.value { + height: 50px !important; +} + +select.value { + /* Firefox ... */ + width: 154px !important; + /* IE5 - IE6 */ + _width: 156px !important; + /* IE7 */ + !width: 156px !important; +} +/* **** classes for xs **** */ + +fieldset label.xs, textarea.xs, input.xs { + width: 25px !important; +} + +select.xs { + /* Firefox ... */ + width: 29px !important; + /* IE5 - IE6 */ + _width: 31px !important; + /* IE7 */ + !width: 31px !important; +} + +/* **** classes for s **** */ + +fieldset label.s, textarea.s, input.s { + width: 50px !important; +} + +select.s { + /* Firefox ... */ + width: 54px !important; + /* IE5 - IE6 */ + _width: 56px !important; + /* IE7 */ + !width: 56px !important; +} + +/* **** classes for m **** */ + +fieldset label.m, textarea.m, input.m { + width: 75px !important; +} + +select.m { + /* Firefox ... */ + width: 79px !important; + /* IE5 - IE6 */ + _width: 81px !important; + /* IE7 */ + !width: 81px !important; +} + +/* **** classes for l **** */ + +fieldset label.l, textarea.l, input.l { + width: 100px !important; +} + +select.l { + /* Firefox ... */ + width: 104px !important; + /* IE5 - IE6 */ + _width: 106px !important; + /* IE7 */ + !width: 106px !important; +} + +/* **** classes for xl **** */ + +fieldset label.xl, textarea.xl, input.xl { + width: 200px !important; +} + +select.xl { + /* Firefox ... */ + width: 204px !important; + /* IE5 - IE6 */ + _width: 206px !important; + /* IE7 */ + !width: 206px !important; +} + +/* **** classes for xll **** */ + +fieldset label.xll, textarea.xll, input.xll { + width: 250px !important; +} + +select.xll { + /* Firefox ... */ + width: 254px !important; + /* IE5 - IE6 */ + _width: 256px !important; + /* IE7 */ + !width: 256px !important; +} + +/* **** classes for xlll **** */ + +fieldset label.xlll, textarea.xlll, input.xlll { + width: 300px !important; +} + +select.xlll { + /* Firefox ... */ + width: 304px !important; + /* IE5 - IE6 */ + _width: 306px !important; + /* IE7 */ + !width: 306px !important; +} + +/* **** classes for xllll **** */ + +fieldset label.xllll, textarea.xllll, input.xllll { + width: 350px !important; +} + +select.xllll { + /* Firefox ... */ + width: 354px !important; + /* IE5 - IE6 */ + _width: 356px !important; + /* IE7 */ + !width: 356px !important; +} + +/* **** classes for xxl **** */ + +fieldset label.xxl, textarea.xxl, input.xxl { + width: 400px !important; +} + +fieldset input[type=file].xxl { + margin-right: 5px; + width: 250px !important; + !width: 400px !important; + _width: 400px !important; +} + + + +textarea.xxl { + height: 100px !important; +} + +select.xxl { + /* Firefox ... */ + width: 404px !important; + /* IE5 - IE6 */ + _width: 406px !important; + /* IE7 */ + !width: 406px !important; +} + +/* **** classes for xxll **** */ + +fieldset label.xxll, textarea.xxll, input.xxll { + width: 450px !important; +} + +select.xxll { + /* Firefox ... */ + width: 454px !important; + /* IE5 - IE6 */ + _width: 456px !important; + /* IE7 */ + !width: 456px !important; +} + +/* **** classes for xxlll **** */ + +fieldset label.xxlll, textarea.xxlll, input.xxlll { + width: 500px !important; +} + +select.xxlll { + /* Firefox ... */ + width: 504px !important; + /* IE5 - IE6 */ + _width: 506px !important; + /* IE7 */ + !width: 506px !important; +} + +/* **** classes for xxllll **** */ + +fieldset label.xxllll, textarea.xxllll, input.xxllll { + width: 550px !important; +} + +select.xxllll { + /* Firefox ... */ + width: 554px !important; + /* IE5 - IE6 */ + _width: 556px !important; + /* IE7 */ + !width: 556px !important; +} + +/* **** classes for xxxl **** */ + +fieldset label.xxxl, textarea.xxxl, input.xxxl { + width: 600px !important; +} + +textarea.xxxl { + height: 200px !important; +} + +select.xxxl { + /* Firefox ... */ + width: 604px !important; + /* IE5 - IE6 */ + _width: 606px !important; + /* IE7 */ + !width: 606px !important; +} +fieldset label.xxxxl, textarea.xxxxl, input.xxxxl { + width: 700px !important; +} + +textarea.xxxxl { + height: 250px !important; +} + +select.xxxxl { + /* Firefox ... */ + width: 704px !important; + /* IE5 - IE6 */ + _width: 706px !important; + /* IE7 */ + !width: 706px !important; +} + diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesnew.css b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css new file mode 100644 index 000000000..e9c02120f --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css @@ -0,0 +1,830 @@ +@CHARSET "utf-8"; + +/* TODO: check min-width for all styles */ + +/* ********************************** */ +/* Neudefinition von bestehenden Tags */ +/* ********************************** */ + +html { + margin: 0px; + padding: 0px; +} + +body { + margin: 0px; + padding: 0px; + +} + +input, textarea, html, body { + font-family: Arial, Helvetica, sans-serif; + font-size: 10pt; +} + +h1 { + font-weight: bold; + font-size: 14pt; + color: #006464; + margin: 10px 0px 10px 0px; +} + +h2, h3, h4, h5, h6 { + background-color: #CCCCCC; + font-size: 11pt; + padding: 3px; + margin: 3px 2px 4px 2px; +} + + p { + margin: 1px; + padding: 4px 3px 0px 3px; +} + +img { + border: 0px; +} + +fieldset { + border: 0px; + margin: 0px; +} + +a { + color: #D60029; + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +textarea { + overflow: auto; +} + +/* ****************** */ +/* allgemeine Klassen */ +/* ****************** */ + +.pageWidth { + min-width: 982px; /* wegen padding vom body, 950+20px */ + margin: 5px; + /* IE 6 hack */ + _width: 982px; +} + +.info-label{ + padding:6px; + white-space:nowrap; + width:100%; + font-size: 10pt; + font-weight: normal; +} + + + +.box, .overflowedBox, .whiteBox, .debugBox { + padding: 0px 0px; +} + +.box, .overflowedBox, .debugBox { + /*background-color: #EEEEEE;*/ +} + +.box { + padding-bottom: 4px; +} + +/*.whiteBox { + background-color: #FFFFFF; + border: 2px solid #EEEEEE; +}*/ + +.overflowedBox { + overflow: auto; +} + +.marginBottomNegative { + margin-bottom: -10px; + margin-top: 5px; +} + +.redColor { + color: #CC0000; +} + +.emcolor { + color: #006464; +} + +.subheader{ + font-weight: bold; + font-size:14pt; + color: #CC0000; + padding: 0px; + border: none; + background: #FFFFF; + padding: 0px; +} + +.pathnavigation { + border: none; + font-weight: bold; + font-family: Helvetica, sans-serif; + font-size: .9em; + margin-bottom: 10px; + padding: 3px; + cursor: pointer; + margin-right: 5px; +} + +.pathnavigation.selected { + color: #FFFFFF; + background: #006464; +} + +.pathnavigation.deselected { + color: #006464; + background: #FFFFFF; +} + +.upload-remove { + margin: 0px 2px 0px 2px; + width: 75px !important; +/* display: inline !important; + float: none !important;*/ +} + +.upload { + margin-top:2px; + padding:4px 1px 0px 3px; +} + +.repeat-evenindex, tr.repeat-item.repeat-evenindex td { + background-color: #dddddd; +} + +.repeat-minimal { + margin-bottom: 0px; +} + +.repeat-minimal, .repeat-minimal-item { + overflow: auto; +} + +fieldset.box .repeat-minimal-item input, +fieldset.box .repeat-minimal-item select, +fieldset.box .repeat-minimal-item textarea { + !margin-top: 1px; +} + +.repeat-minimal-item { + padding: 2px 0px; + margin: 2px; + _height: 100%; +} + +/* vertical centering ?? */ +/*.repeat-minimal-item span, .repeat-minimal-item a, .repeat-minimal-item input { + display: block; + float: left; + vertical-align: middle; + margin-right: 3px; +}*/ + +.repeat-selector { + width: auto !important; +} + +.full-repeat-box { + overflow: auto; + margin: 10px 0px 10px 0px; +} + +.disabled, .deselected-case { + display: none !important; +} + +.output-spaced { + display: block; +} + +.output{ + padding-top: 6px; + padding-left: 6px; + vertical-align: top; + text-align: left; +} + +fieldset.box span.verylarge{ + width: 650px; +} + +fieldset.box span.selector-item { + margin: 0px 5px; +} + +.groupwide { + width: 900px; +} + +fieldset.box span { + display: block; + float: left; + padding: 0px 3px; + min-height: 14px; + _height: 14px; +} + +fieldset.box span.output { + padding-top: 4px; +} + +dl.ic { + padding: 0px; + margin: 0px; + clear: both; +} + +dl.ic dt { + width: 200px; + font-weight: bold; + float: left; + clear: none; + text-align: right; + padding: 2px 0px 2px 10px; + margin: 0 2px 0 0; +} +dl.ic dd { + padding: 2px 3px 2px 0px; + margin-left: 215px; +} + +fieldset.box div { + padding-top: 0px; + !padding-top: 0px; + _padding-top: 0px; +} + +fieldset.box div span.selector-item { + float: none; + display: inline; +} + +fieldset.box div span.selector-item span, fieldset.box div span.selector-item input { + float: none; + display: inline; + vertical-align: middle; +} + + +/*fieldset.box div span, fieldset.box span span { + display: inline; + float: none; +}*/ + +.group { + background: #EEEEEE; + padding: 2px; + margin: 5px 0px; +} + +.groupwhite { + background: #FFFFFF; + padding: 2px; + margin: 5px 0px; +} + +.repeat-item { + padding: 0px; + margin: 0px; +} + +.repeated-evenindex { + background: #dddddd; + overflow: auto; +} + +div.spacing{ + overflow: hidden; + float: left; + !margin_bottom: 2px; + _height: 100%; +} + + +/* ******************** */ +/* tag specific classes */ +/* ******************** */ + +h2.label { + /*min-width: 954px;*/ + +} + +h3.inputcommit, h4.inputcommit, h5.inputcommit, h6.inputcommit { + margin: 10px 0px 0px -10px; +} + +a.info, span.info { + margin-right: 7px; + padding-bottom: 3px; +} + +div.signaturblock { + overflow: visible; + min-height: 160px; +} + +div.signaturtop { + float: left; + font-size: 9pt; + padding-left: 13px; + padding-top: 13px; + width: 240px; +} + +#amtssignaturtext .bold { + font-weight: bold; +} + +img.signaturlogo { + /*position: absolute;*/ + border: none; + padding-bottom: 3px; + display: block; +} + +br.clearAll { + clear: both; +} + +br.clearLeft { + clear: left; +} + +span.label { + float: left; + margin: 3px 0px 3px 0px; +} + +/* **** Inputs **** */ + +/* doesn't work with IE6 */ +/*input[type=submit].value, input[type=button].value { + width: auto !important; + margin-right: 5px; +} + +input[type=radio], input[type=radio].value { + width: auto !important; +} + +input[type=checkbox], input[type=checkbox].value { + width: auto !important; + float: left; +}*/ + +input.textright { + text-align: right; +} + +input.button, fieldset.box input.button, div input.button, div div input.button{ + width: auto !important; + margin-right: 5px; +} + +input.radio, fieldset.box input.radio { + width: auto !important; + margin: 4px 3px; + !margin: 4px; +} + +fieldset.box input[type=hidden] { + width: 0px; + display: none; +} + +input.checkbox, fieldset.box input.checkbox { + width: auto !important; + float: left; + padding: 2px; +} + +tr.repeat-item td label { + width: auto; +} + +/* **** Fieldsets **** */ + +/* needed to be html4 conform, only used for screen readers */ +fieldset.box legend { + display: none; +} + +fieldset.box { + padding-bottom: 0px; + margin-bottom: 0px; +} + +fieldset.box span.required,fieldset.box span.error,fieldset.box a.info, +span.required, span.error, a.info, span.info { + display: block; + float: left; + width: 10px; + overflow: hidden; + text-align: center; + font-weight: bold; + margin-right: 4px 0px 2px 0px; + height: 14px; + padding: 3px 0px 3px; +} + +fieldset.box a.info , fieldset.box span.error, span.error, a.info, span.info, span.required { + margin-top: 4px; + margin-left: 1px; + margin-right: 1px; +} + +fieldset.box .repeat-minimal-item a.info, +fieldset.box .repeat-minimal-item span.error, +fieldset.box .repeat-minimal-item span.info { + margin-top: 3px; + !margin-top: 3px; + _margin-top: 3px; +} + +/* +fieldset.box span.error, fieldset.box a.info, fieldset.box span.required +fieldset.box input, fieldset.box select, fieldset.box textarea, fieldset.box label { + margin-bottom: 5px; +}*/ + +fieldset.box span.error, span.error { + color: white; + background-color: red; +} + +fieldset.box a.info, a.info { + background-color: #005A00; + color: white; + font-family: serif; + text-decoration: none; + margin: 4px 4px; +} + +fieldset.box label { + display: block; + float: left; + width: 150px; + text-align: right; + padding: 4px 1px 0px 10px; + margin-top: 0px; +} + +fieldset.box label.bold { + font-weight: bold; +} + +fieldset.box br { + line-height: 1px; + !line-height: 2px; /* IE7 */ +} + +fieldset.box label.labelnone { + width: 0px; +} + +fieldset.box label.labelverysmall { + width: 50px; +} + +fieldset.box label.labelabitsmall { + width: 80px; +} + +fieldset.box label.labelsmaller { + width: 100px; +} + +fieldset.box label.labelsmall { + width: 120px; +} + +fieldset.box label.labelsm { + width: 130px; +} + +fieldset.box label.labelmedium { + width: 150px; +} + +fieldset.box label.labelml { + width: 170px; +} + +fieldset.box label.labelwide { + width: 190px; /* wegen tourismus-formular-seitenbreite */ +} + +fieldset.box label.labellarge { + width: 230px; +} + +fieldset.box label.labellarger { + width: 250px; +} + +fieldset.box label.labelverylarge, +div.box dl.labelverylarge dt { + width: 650px; +} + +fieldset.box input,fieldset.box output, fieldset.box select, fieldset.box textarea { + float: left; + display: block; + width: 150px; + margin: 3px 4px 3px 0px; +} + +fieldset.box br { + clear: left; + margin: 1px; +} + +/*fieldset.box label.s { + display: block; + float: left; + width: 100px !important; + text-align: right; + padding-right: 5px; + margin-top: 2px; +} + +fieldset.box label.xxxl { + width: 300px; +}*/ + +/* **** dl Liste **** */ + +dl.tabbed, dl.info, dl.signatur { + margin: 3px 0px; + min-height: 160px; +} + +dl.tabbed dt, dl.info dt, dl.signatur dt { + font-weight: bold; + width: 250px; + float: left; + text-align: right; + padding: 1px 5px; + clear: left; +} + +dl.signatur dt { + width: 170px; + clear: none; +} + +dl.tabbed dt.labelverylarge { + width: 650px; +} + +dl.info dt { + /* doesn't work with IE, caused by the float: left */ + /*display: list-item;*/ + width: 150px; + text-align: left; + margin-left: 25px; + padding: 0px 5px 5px 5px; +} + +dl.tabbed dd, dl.info dd, dl.signatur dd { + margin-left: 160px; + padding: 1px 3px 2px 0px; +} + +dl.signatur dd { + margin-left: 440px; +} + +dl.info dd { + padding: 0px 5px 5px 5px; +} + +/* ******** */ +/* Regionen */ +/* ******** */ + +/* **** Logo **** */ +#szrlogo { + float:right; + top: 10px; + right: 10px; + text-align: right; +} + +#logotext { + white-space: nowrap; + font-weight: bold; + font-size: 14pt; + color: #006464; +} + +/* **** Empfängerinfo **** */ + +#empfaengerinfo { + + float: left; +} + +#empfaengerinfo span#empfaenger { + font-weight: bold; + display: block; +} + +/* **** Hinweisbox **** */ +#hinweisbox { + background-color: #EEEEEE; + overflow: auto; + _padding-bottom: 40px; +} + +#hinweisbox #bittebeachten { + font-size: 16px; + font-weight: bold; + background-color: #d60028; + padding: 10px; + float: left; + color: white; + margin-right: 5px; +} + +#hinweisbox .spaced { + margin: 12px 50px 0px 0px; + float: left; +} + +#hinweisbox .spaced .error, #hinweisbox .spaced .info { + margin-right: 7px; + margin-top: -2px; + padding-top: 2px; +} + +#hinweisbox .spaced .info{ + background-color: #005A00; + color: white; + font-family: serif; +} + +/* **** Fehlermeldungen **** */ + +#fehlermeldungen h2 { + border-width: 0px; + background-color: #FFFFFF; +} + +#fehlermeldungen ul { + padding-left: 15px; +} + +#fehlermeldungen h2, #fehlermeldungen ul li, #fehlermeldungen ul li a{ + color:red; + font-weight: bold; + font-size: 10pt; +} + +#erfolgsmeldungen h2, #erfolgsmeldungen ul li, #erfolgsmeldungen ul li a{ + color:#009900; + font-weight: bold; + font-size: 10pt; +} + +/* **** Fehlermeldungen Transaction **** */ + +#fehlertransaction span { + color:red; + font-weight: bold; + font-size: 10pt; +} + +/* **** Navigationsleiste **** */ + +#submitbar { + clear: both; + background-color: #EEEEEE; + margin-top: 5px; + padding: 5px 10px; + overflow: auto; +} + +#submitbar #leftbuttons { + float: left; +} + +#submitbar #centerbuttons { + text-align: center; +} + +#submitbar #rightbuttons { + float: right; +} + +#submitbar #kontrollseite { + float: right; +} + +/* **** Fußzeile **** */ + +#footerbar { + margin-top: 5px; + background-color: #EEEEEE; + padding: 0px 5px; + overflow: auto; +} + +#footerbar #serverinfo { + float: left; + padding: 15px 0px; +} + +#footerbar #support { + text-align: center; + padding: 15px 0px; +} + +#footerbar #xgovguetesiegel { + float: right; + margin: 5px 0px; +} + +#savecommitdiv input, #formabortdiv input, +#errorabortdiv input, #loadcommitdiv input { + margin-right: 5px; + vertical-align: middle; + text-align: center; +} + +#formabortdiv h3, #savecommitdiv h3,#savecommitserverdiv h3, #loadcommitdiv h3 { + border: none; + font-size: 10pt; + background-color: transparent; + margin: 6px 0px 0px -2px; +} + +#formabortdiv ul, #savecommitdiv ul, #loadcommitdiv ul { + margin-top: 3px; +} + +#formabortdiv p, #savecommitdiv p, #loadcommitdiv p { + margin: 0 0 6px 6px; +} + +#statusimage { + width: 148px; + height: 57px; + /* special IE style propertie */ + behavior: url('bku-handling/css/pngbehavior.htc'); +} + +#validateallheader { + border-spacing: 2px; + border: thin solid #CCCCCC; +} + +#validateallsubheader { + background-color: transparent; + font-size: 10pt; + margin: 0px 0px 0px -10px; + padding: 0px; +} + + +/* bei repeats radio ausrücken */ +.repeat-item .radio { + float: left; + margin-top: 11px; +} + +.repeat-item .group { + margin-left: 20px; +} + +.repeat-without-radio .group { + margin-left: 0px; +} + +.area { + background-color: #EEEEEE; + padding-bottom: 5px; +} + +.area>p { + margin-left: 10px; + margin-bottom: 10px; +} + +#numberSearch { + margin-bottom: 15px; +}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css index 3dd974813..41f5bb2aa 100644 --- a/id/server/auth/src/main/webapp/css/index.css +++ b/id/server/auth/src/main/webapp/css/index.css @@ -76,13 +76,16 @@ p#skiplinks a:active { #main {
clear:both;
position:relative;
+ margin-left: 50%;
}
/* left */
#leftcontent {
float:left;
- width:220px;
+ width:220px;
+ margin-bottom: 25px;
+
}
h2#tabheader, h2#contentheader {
@@ -92,6 +95,12 @@ h2#tabheader, h2#contentheader { border-bottom:2px solid #fff;
}
+
+#stork {
+ margin-bottom: 10px;
+ margin-top: 5px;
+}
+
#bkulogin {
overflow:hidden;
width:220px;
@@ -251,7 +260,24 @@ p { /* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */
#leftcontent a, #content a {
- color: blue;
+ color: white;
+}
+
+.OA_header {
+ background-color: white;
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-left: 25%;
+ margin-top: 25px;
+}
+
+.main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
}
@media print {
diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_footer.png b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png Binary files differnew file mode 100644 index 000000000..d8a430e0f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_header.png b/id/server/auth/src/main/webapp/img/2.0/bg_header.png Binary files differnew file mode 100644 index 000000000..190cf97ea --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_header.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png Binary files differnew file mode 100644 index 000000000..efaf93582 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png Binary files differnew file mode 100644 index 000000000..1dd281826 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png Binary files differnew file mode 100644 index 000000000..f598be094 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_local.gif b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif Binary files differnew file mode 100644 index 000000000..9bbf631c0 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif Binary files differnew file mode 100644 index 000000000..97c8cee35 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_online.gif b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif Binary files differnew file mode 100644 index 000000000..03a54765a --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png Binary files differnew file mode 100644 index 000000000..562fbc66f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif Binary files differnew file mode 100644 index 000000000..c93a6ea06 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/dsk.ico b/id/server/auth/src/main/webapp/img/2.0/dsk.ico Binary files differnew file mode 100644 index 000000000..df7e8d31e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/dsk.ico diff --git a/id/server/auth/src/main/webapp/img/2.0/logo.png b/id/server/auth/src/main/webapp/img/2.0/logo.png Binary files differnew file mode 100644 index 000000000..dfb4351d0 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo.png diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif Binary files differnew file mode 100644 index 000000000..ff83cd82b --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png Binary files differnew file mode 100644 index 000000000..9b3e7055a --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png Binary files differnew file mode 100644 index 000000000..b4f8be6d8 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png diff --git a/id/server/auth/src/main/webapp/img/2.0/std_handy.gif b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif Binary files differnew file mode 100644 index 000000000..088ec0957 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/std_karte.gif b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif Binary files differnew file mode 100644 index 000000000..1ec7afc2e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 9fcdedb7d..d66159744 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -147,6 +147,11 @@ <artifactId>stork-saml-engine</artifactId>
<version>1.5.2</version>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <version>1.5.2</version>
+ </dependency>
</dependencies>
<build>
@@ -179,8 +184,10 @@ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.2</version>
+ <version>2.5</version>
<configuration>
+ <charset>UTF-8</charset>
+ <docencoding>UTF-8</docencoding>
<quiet>true</quiet>
<author>false</author>
<version>false</version>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 45f269f0a..41b383f01 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; -import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; @@ -33,16 +32,12 @@ import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Vector; import javax.servlet.http.HttpServletRequest; @@ -73,7 +68,6 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; -import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -88,7 +82,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; @@ -104,6 +97,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -114,7 +108,8 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.AuthenticationSessionStore; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -122,7 +117,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -138,6 +132,7 @@ import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; import eu.stork.vidp.messages.util.XMLUtil; +//import java.security.cert.CertificateFactory; /** * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -152,9 +147,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); + //private static Map sessionStore = new HashMap(); + /** * time out in milliseconds used by {@link cleanup} for session store */ @@ -270,6 +264,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthURL(authURL); session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } + String returnURL = new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID()); String bkuSelectionType = AuthConfigurationProvider.getInstance() @@ -380,96 +382,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID, String modul, String action) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; - } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; - } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - session.setModul(modul); - session.setForeignMode(false); - session.setAction(action); - if (sourceID != null) - session.setSourceID(sourceID); - } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); + + //build ReadInfobox request String infoboxReadRequest = new InfoboxReadRequestBuilder().build( oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); @@ -477,22 +414,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + String pushInfobox = ""; VerifyInfoboxParameters verifyInfoboxParameters = oaParam .getVerifyInfoboxParameters(); @@ -500,14 +422,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { pushInfobox = verifyInfoboxParameters.getPushInfobox(); session.setPushInfobox(pushInfobox); } + + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() .build(oaParam.getSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -536,12 +462,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyIdentityLink(String sessionID, + public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); @@ -554,10 +480,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); +// AuthenticationSession session = getSession(sessionID); +// if (session.getTimestampIdentityLink() != null) +// throw new AuthenticationException("auth.01", +// new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -643,8 +570,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam .getProvideStammzahl()); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + + //TODO: make it better!! + return "found!"; } /** @@ -672,12 +600,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyCertificate(String sessionID, + public String verifyCertificate(AuthenticationSession session, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); @@ -688,15 +616,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { // if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) // isOW = true; // - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, authConf, oaParam, isOW); + + return returnvalue; } /** @@ -718,11 +649,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); @@ -733,7 +664,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -760,6 +691,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // set extended SAML attributes if provideMandatorData is true setExtendedSAMLAttributeForMandates(session, mandate, oaParam .getBusinessService(), oaParam.getProvideStammzahl()); + + //AuthenticationSessionStoreage.storeSession(session); + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -803,17 +737,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); + //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink // if (!fromMandate) { // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +// .getIdentificationValue(), session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +// } // ..BZ // } @@ -874,6 +810,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String bpkBase64 = new BPKBuilder().buildBPK(identityLink .getIdentificationValue(), session.getTarget()); identityLink.setIdentificationValue(bpkBase64); + + //TODO: insert correct Type!!!! + identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); } } // ..BZ @@ -987,7 +926,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1078,12 +1017,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); + String identificationValue = null; + String identificationType = null; + + if (identityLink.getIdentificationType().equals( + Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we + // have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + } + String issueInstant = DateTimeUtils.buildDateTime(Calendar .getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); @@ -1101,6 +1060,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { identificationType, oaURL, gebDat, extendedSAMLAttributes, session); + + return authBlock; } @@ -1808,18 +1769,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1921,35 +1884,41 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, false); + + //TL: moved to Authentification Data generation +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, false); +// +// //set Authblock +// session.setAuthData(authData); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + if (session.getUseMandate()) { // mandate mode - // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; + } else { - - session.setAuthData(authData); + session.setAuthenticatedUsed(false); session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); - session.setXMLVerifySignatureResponse(vsresp); + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2017,15 +1986,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, + public String verifyAuthenticationBlockMandate(AuthenticationSession session, Element mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2092,7 +2062,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds authentication data and stores it together with a SAML // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, + + // TODO: Check, if this element is in use!!!! + //AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, // vsresp, // replacementIdentityLink); @@ -2116,25 +2088,57 @@ public class AuthenticationServer implements MOAIDAuthConstants { useCondition = oaParam.getUseCondition(); conditionLength = oaParam.getConditionLength(); - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); + String oatargetType; + + if(session.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, session.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); } + mandateData = DOMUtils.serializeNode(mandatePerson); @@ -2146,13 +2150,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { new Object[] { GET_MIS_SESSIONID }); } - session.setAuthData(authData); + //TODO: Check, if this element is in use!!! + //session.setAuthData(authData); + session.setMandateData(mandateData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); - Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; @@ -2254,6 +2264,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { + //TODO: CHECK if STORK parts works correct!!!! + if (isEmpty(sessionID)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); @@ -2305,23 +2317,35 @@ public class AuthenticationServer implements MOAIDAuthConstants { X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, true); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + + //TL: moved to Assertion generation. +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, true); +// +// session.setAuthData(authData); - session.setAuthData(authData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); - String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; + //TODO: regenerate MOASession ID! /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( @@ -2375,16 +2399,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + boolean useUTC = oaParam.getUseUTC(); + boolean isForeigner = session.isForeigner(); boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); @@ -2402,52 +2431,55 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); + boolean provideStammzahl = oaParam.getProvideStammzahl(); if (provideStammzahl) { authData.setIdentificationValue(identityLink .getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); + +// String prPerson = new PersonDataBuilder().build(identityLink, +// provideStammzahl); try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); +// String signerCertificateBase64 = ""; +// if (oaParam.getProvideCertifcate()) { +// X509Certificate signerCertificate = verifyXMLSigResp +// .getX509certificate(); +// if (signerCertificate != null) { +// signerCertificateBase64 = Base64Utils +// .encode(signerCertificate.getEncoded()); +// } else { +// Logger +// .info("\"provideCertificate\" is \"true\", but no signer certificate available"); +// } +// } +// authData.setSignerCertificate(signerCertificateBase64); + if(!isForeigner) { //we have Austrian citizen if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); + } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - + + // OLD! BZ.., calculation of bPK already before sending AUTHBlock + //TL: identitylLink holds the BASEID, bPK is only calculated for AUTHBlock + //authData.setBPK(identityLink.getIdentificationValue()); + + // only compute bPK if online application is a public service and we have the Stammzahl + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + } } } else { //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW if (businessService) { //since we have foreigner, wbPK is not calculated in BKU if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier()); authData.setWBPK(wbpkBase64); } @@ -2455,7 +2487,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); authData.setBPK(bpkBase64); } @@ -2463,22 +2495,24 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; +// String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink +// .getSerializedSamlAssertion() +// : ""; +// if (!oaParam.getProvideStammzahl()) { +// ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink +// .getIdentificationValue(), ""); +// } +// String authBlock = oaParam.getProvideAuthBlock() ? session +// .getAuthBlock() : ""; - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); + + //TODO: check, if this elements are in use!!!! +// session.setAssertionAuthBlock(authBlock); +// session.setAssertionAuthData(authData); +// session.setAssertionBusinessService(businessService); +// session.setAssertionIlAssertion(ilAssertion); +// session.setAssertionPrPerson(prPerson); +// session.setAssertionSignerCertificateBase64(signerCertificateBase64); return authData; @@ -2489,92 +2523,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of - * this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - - /** - * Stores authentication data indexed by the assertion handle contained in - * the given saml artifact. - * - * @param samlArtifact - * SAML artifact - * @param authData - * authentication data - * @throws AuthenticationException - * when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " - + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - } - } - - /** * Creates a new session and puts it into the session store. * * @param id @@ -2587,20 +2535,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { private static AuthenticationSession newSession() throws AuthenticationException { - return AuthenticationSessionStore.createSession(); - - /* - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); + try { + return AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); } - return newSession;*/ } /** @@ -2614,12 +2554,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = AuthenticationSessionStore.getSession(id); + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + /*(AuthenticationSession) sessionStore .get(id);*/ - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2627,33 +2574,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlAssertionHandle = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore - .get(samlAssertionHandle); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { authData.getAssertionID() })); - authenticationDataStore.remove(samlAssertionHandle); - } - } - } + + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOut); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); } /** @@ -2818,47 +2747,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID, - String modul, - String action) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - moaSession.setAction(action); - moaSession.setModul(modul); - moaSession.setForeignMode(true); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); + //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2874,7 +2778,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); Logger.debug("QAALevel: " + qaaLevel.getValue()); - + RequestedAttributes requestedAttributes = null; requestedAttributes = oaParam.getRequestedAttributes(); @@ -2885,7 +2789,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2923,13 +2827,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2979,9 +2883,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); @@ -3020,13 +2924,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509", IAIK.getInstance()); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 01c875533..47bf61db4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -118,5 +121,12 @@ public interface MOAIDAuthConstants { public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; /** the number of the certifcate extension for party organ representatives */ public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..fb45e517d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,6 +54,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -79,6 +85,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + "{7}" + + "{8}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -97,6 +104,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " </saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -107,7 +119,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -172,8 +184,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion Logger.error("Error on building AUTH-Block: " + e.getMessage()); throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); } - - + if (target == null) { // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { @@ -252,6 +263,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + //TODO: load special text from OAconfig + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +424,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +435,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 0742261a7..7137ce414 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes, boolean useCondition, int conditionLength) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fa9789530..de86a4f05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -89,6 +91,16 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; try { MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5191a2f81..83b7ae592 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -10,11 +10,12 @@ import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { + private static String SERVLET = "GenerateIframeTemplate"; + private static String AUTH_URL = "#AUTH_URL#"; - private static String OA_URL = "#OA_URL#"; - private static String RED_URL = "#RED_URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; private static String template; @@ -29,7 +30,7 @@ public class LoginFormBuilder { StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); template = writer.toString(); - template = template.replace(AUTH_URL, "StartBKUAuthentication"); + template = template.replace(AUTH_URL, SERVLET); } catch (Exception e) { Logger.error("Failed to read template", e); } @@ -38,11 +39,10 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String oaURL, String modul, String action) { + public static String buildLoginForm(String modul, String action, String oaname) { String value = getTemplate(); if(value != null) { - value = value.replace(OA_URL, oaURL); if(modul == null) { modul = SAML1Protocol.PATH; } @@ -51,6 +51,7 @@ public class LoginFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e7bd5f511..4001fdd1a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; +import java.io.Serializable; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; @@ -47,10 +50,15 @@ import eu.stork.mw.messages.saml.STORKAuthnRequest; * @author Paul Ivancsics * @version $Id$ */ -public class AuthenticationSession { +public class AuthenticationSession implements Serializable { - private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; - private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** @@ -72,10 +80,7 @@ public class AuthenticationSession { * SourceID */ private String sourceID; - /** - * Indicates if target from configuration is used or not - */ - private boolean useTargetFromConfig; + /** * public online application URL requested */ @@ -99,80 +104,72 @@ public class AuthenticationSession { private String bkuURL; /** - * Use mandate - */ - private boolean useMandate; - - /** - * Reference value for mandate - */ - private String mandateReferenceValue; - - /** - * Authentication data for the assertion - */ - private AuthenticationData assertionAuthData; - - /** - * Persondata for the assertion - */ - private String assertionPrPerson; - - /** - * Authblock for the assertion + * Indicates whether the corresponding online application is a business + * service or not */ - private String assertionAuthBlock; - + private boolean businessService; + + //Store Mandate /** - * Identitylink assertion for the (MOA) assertion + * Use mandate */ - private String assertionIlAssertion; + private boolean useMandate; + /** - * Signer certificate (base64 encoded) for the assertion + * STORK */ - private String assertionSignerCertificateBase64; - + private String ccc; + /** + * * Mandate element */ private Element mandate; /** + * Reference value for mandate * bussiness service for the assertion */ - boolean assertionBusinessService; + private String mandateReferenceValue; /** * SessionID for MIS */ private String misSessionID; + + private String mandateData; + + //store Identitylink /** * identity link read from smartcard */ private IdentityLink identityLink; - /** - * authentication block to be signed by the user - */ - private String authBlock; - /** - * timestamp logging when authentication session has been created - */ - private Date timestampStart; + /** * timestamp logging when identity link has been received */ private Date timestampIdentityLink; + + //store Authblock /** - * Indicates whether the corresponding online application is a business - * service or not + * authentication block to be signed by the user */ - private boolean businessService; + private String authBlock; + + /** + * The issuing time of the AUTH-Block SAML assertion. + */ + private String issueInstant; + //Signer certificate /** * Signer certificate of the foreign citizen or for mandate mode */ - private X509Certificate signerCertificate; + //private X509Certificate signerCertificate; + private byte[] signerCertificate; + + /** * SAML attributes from an extended infobox validation to be appended to the * SAML assertion delivered to the final online application. @@ -191,11 +188,8 @@ public class AuthenticationSession { */ private List extendedSAMLAttributesAUTH; - /** - * The issuing time of the AUTH-Block SAML assertion. - */ - private String issueInstant; - + + //TODO: check if it is in use! /** * If infobox validators are needed after signing, they can be stored in * this list. @@ -219,11 +213,65 @@ public class AuthenticationSession { */ private STORKAuthnRequest storkAuthnRequest; - private AuthenticationData authData; - private String mandateData; + //private AuthenticationData authData; + + //protocol selection + private String action; private String modul; + + private boolean authenticated; + private boolean authenticatedUsed = false; + + +// /** +// * Indicates if target from configuration is used or not +// */ +// private boolean useTargetFromConfig; + +// /** +// * Authentication data for the assertion +// */ +// private AuthenticationData assertionAuthData; +// +// /** +// * Persondata for the assertion +// */ +// private String assertionPrPerson; +// +// /** +// * Authblock for the assertion +// */ +// private String assertionAuthBlock; +// +// /** +// * Identitylink assertion for the (MOA) assertion +// */ +// private String assertionIlAssertion; +// +// /** +// * Signer certificate (base64 encoded) for the assertion +// */ +// private String assertionSignerCertificateBase64; +// +// /** +// * bussiness service for the assertion +// */ +// boolean assertionBusinessService; +// +// /** +// * timestamp logging when authentication session has been created +// */ +// private Date timestampStart; +// private CreateXMLSignatureResponse XMLCreateSignatureResponse; + + private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + + private boolean isForeigner; + +// private String requestedProtocolURL = null; + public String getModul() { return modul; } @@ -239,8 +287,6 @@ public class AuthenticationSession { public void setAction(String action) { this.action = action; } - - private String action; public String getMandateData() { return mandateData; @@ -250,25 +296,15 @@ public class AuthenticationSession { this.mandateData = mandateData; } - public AuthenticationData getAuthData() { - return authData; - } - - public void setAuthData(AuthenticationData authData) { - this.authData = authData; - } - private CreateXMLSignatureResponse XMLCreateSignatureResponse; - - private VerifyXMLSignatureResponse XMLVerifySignatureResponse; - - private String requestedProtocolURL = null; - - private boolean authenticated; +// public AuthenticationData getAuthData() { +// return authData; +// } +// +// public void setAuthData(AuthenticationData authData) { +// this.authData = authData; +// } - private boolean authenticatedUsed = false; - - private boolean foreignMode = false; public boolean isAuthenticatedUsed() { return authenticatedUsed; @@ -287,13 +323,13 @@ public class AuthenticationSession { } - public String getRequestedProtocolURL() { - return requestedProtocolURL; - } - - public void setRequestedProtocolURL(String requestedProtocolURL) { - this.requestedProtocolURL = requestedProtocolURL; - } +// public String getRequestedProtocolURL() { +// return requestedProtocolURL; +// } +// +// public void setRequestedProtocolURL(String requestedProtocolURL) { +// this.requestedProtocolURL = requestedProtocolURL; +// } /** * Constructor for AuthenticationSession. @@ -303,16 +339,29 @@ public class AuthenticationSession { */ public AuthenticationSession(String id) { sessionID = id; - setTimestampStart(); +// setTimestampStart(); infoboxValidators = new ArrayList(); } - public X509Certificate getSignerCertificate() { - return signerCertificate; + public X509Certificate getSignerCertificate(){ + try { + return new X509Certificate(signerCertificate); + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + } + } + + public byte[] getEncodedSignerCertificate() { + return this.signerCertificate; } public void setSignerCertificate(X509Certificate signerCertificate) { - this.signerCertificate = signerCertificate; + try { + this.signerCertificate = signerCertificate.getEncoded(); + } catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } } /** @@ -544,14 +593,14 @@ public class AuthenticationSession { this.businessService = businessService; } - /** - * Returns the timestampStart. - * - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } +// /** +// * Returns the timestampStart. +// * +// * @return Date +// */ +// public Date getTimestampStart() { +// return timestampStart; +// } /** * Sets the current date as timestampIdentityLink. @@ -560,12 +609,12 @@ public class AuthenticationSession { timestampIdentityLink = new Date(); } - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } +// /** +// * Sets the current date as timestampStart. +// */ +// public void setTimestampStart() { +// timestampStart = new Date(); +// } /** * @return template URL @@ -836,24 +885,24 @@ public class AuthenticationSession { return this.useMandate; } - /** - * - * @param useTargetFromConfig - * indicates if target from config is used or not - */ - public void setUseTargetFromConfig(boolean useTargetFromConfig) { - this.useTargetFromConfig = useTargetFromConfig; - - } - - /** - * Returns if target is used from mandate or not - * - * @return - */ - public boolean getUseTargetFromConfig() { - return this.useTargetFromConfig; - } +// /** +// * +// * @param useTargetFromConfig +// * indicates if target from config is used or not +// */ +// public void setUseTargetFromConfig(boolean useTargetFromConfig) { +// this.useTargetFromConfig = useTargetFromConfig; +// +// } +// +// /** +// * Returns if target is used from mandate or not +// * +// * @return +// */ +// public boolean getUseTargetFromConfig() { +// return this.useTargetFromConfig; +// } /** * @@ -873,96 +922,96 @@ public class AuthenticationSession { return this.misSessionID; } - /** - * @return the assertionAuthData - */ - public AuthenticationData getAssertionAuthData() { - return assertionAuthData; - } - - /** - * @param assertionAuthData - * the assertionAuthData to set - */ - public void setAssertionAuthData(AuthenticationData assertionAuthData) { - this.assertionAuthData = assertionAuthData; - } - - /** - * @return the assertionPrPerson - */ - public String getAssertionPrPerson() { - return assertionPrPerson; - } - - /** - * @param assertionPrPerson - * the assertionPrPerson to set - */ - public void setAssertionPrPerson(String assertionPrPerson) { - this.assertionPrPerson = assertionPrPerson; - } - - /** - * @return the assertionAuthBlock - */ - public String getAssertionAuthBlock() { - return assertionAuthBlock; - } - - /** - * @param assertionAuthBlock - * the assertionAuthBlock to set - */ - public void setAssertionAuthBlock(String assertionAuthBlock) { - this.assertionAuthBlock = assertionAuthBlock; - } - - /** - * @return the assertionIlAssertion - */ - public String getAssertionIlAssertion() { - return assertionIlAssertion; - } - - /** - * @param assertionIlAssertion - * the assertionIlAssertion to set - */ - public void setAssertionIlAssertion(String assertionIlAssertion) { - this.assertionIlAssertion = assertionIlAssertion; - } - - /** - * @return the assertionSignerCertificateBase64 - */ - public String getAssertionSignerCertificateBase64() { - return assertionSignerCertificateBase64; - } - - /** - * @param assertionSignerCertificateBase64 - * the assertionSignerCertificateBase64 to set - */ - public void setAssertionSignerCertificateBase64( - String assertionSignerCertificateBase64) { - this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; - } - - /** - * @return the assertionBusinessService - */ - public boolean getAssertionBusinessService() { - return assertionBusinessService; - } - - /** - * @param assertionBusinessService - * the assertionBusinessService to set - */ - public void setAssertionBusinessService(boolean assertionBusinessService) { - this.assertionBusinessService = assertionBusinessService; - } +// /** +// * @return the assertionAuthData +// */ +// public AuthenticationData getAssertionAuthData() { +// return assertionAuthData; +// } +// +// /** +// * @param assertionAuthData +// * the assertionAuthData to set +// */ +// public void setAssertionAuthData(AuthenticationData assertionAuthData) { +// this.assertionAuthData = assertionAuthData; +// } +// +// /** +// * @return the assertionPrPerson +// */ +// public String getAssertionPrPerson() { +// return assertionPrPerson; +// } +// +// /** +// * @param assertionPrPerson +// * the assertionPrPerson to set +// */ +// public void setAssertionPrPerson(String assertionPrPerson) { +// this.assertionPrPerson = assertionPrPerson; +// } +// +// /** +// * @return the assertionAuthBlock +// */ +// public String getAssertionAuthBlock() { +// return assertionAuthBlock; +// } +// +// /** +// * @param assertionAuthBlock +// * the assertionAuthBlock to set +// */ +// public void setAssertionAuthBlock(String assertionAuthBlock) { +// this.assertionAuthBlock = assertionAuthBlock; +// } +// +// /** +// * @return the assertionIlAssertion +// */ +// public String getAssertionIlAssertion() { +// return assertionIlAssertion; +// } +// +// /** +// * @param assertionIlAssertion +// * the assertionIlAssertion to set +// */ +// public void setAssertionIlAssertion(String assertionIlAssertion) { +// this.assertionIlAssertion = assertionIlAssertion; +// } +// +// /** +// * @return the assertionSignerCertificateBase64 +// */ +// public String getAssertionSignerCertificateBase64() { +// return assertionSignerCertificateBase64; +// } +// +// /** +// * @param assertionSignerCertificateBase64 +// * the assertionSignerCertificateBase64 to set +// */ +// public void setAssertionSignerCertificateBase64( +// String assertionSignerCertificateBase64) { +// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; +// } +// +// /** +// * @return the assertionBusinessService +// */ +// public boolean getAssertionBusinessService() { +// return assertionBusinessService; +// } +// +// /** +// * @param assertionBusinessService +// * the assertionBusinessService to set +// */ +// public void setAssertionBusinessService(boolean assertionBusinessService) { +// this.assertionBusinessService = assertionBusinessService; +// } /** * @return the mandateReferenceValue @@ -997,13 +1046,31 @@ public class AuthenticationSession { public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } + + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } - public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { - return XMLCreateSignatureResponse; + + +// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { +// return XMLCreateSignatureResponse; +// } +// +// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { +// XMLCreateSignatureResponse = xMLCreateSignatureResponse; +// } + + public boolean isForeigner() { + return isForeigner; } - public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { - XMLCreateSignatureResponse = xMLCreateSignatureResponse; + public void setForeigner(boolean isForeigner) { + this.isForeigner = isForeigner; } public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { @@ -1021,13 +1088,4 @@ public class AuthenticationSession { public void setMandate(Element mandate) { this.mandate = mandate; } - - public boolean isForeignMode() { - return foreignMode; - } - - public void setForeignMode(boolean foreignMode) { - this.foreignMode = foreignMode; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 276e6414c..7523d7eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -24,15 +24,22 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. * * @author Harald Bratko */ -public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{ /** + * + */ + private static final long serialVersionUID = 1L; + +/** * The value of this SAML attribute. Must be either of type <code>java.lang.String</code> * or <code>org.w3c.Element</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0d11dc4f0..b03f23ce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; +import java.io.Serializable; import java.security.PublicKey; import javax.xml.transform.TransformerException; @@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink { +public class IdentityLink implements Serializable{ + + private static final long serialVersionUID = 1L; + /** * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index ce418de01..c41de1904 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + import iaik.x509.X509Certificate; /** @@ -34,8 +36,11 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ +public class VerifyXMLSignatureResponse implements Serializable{ + + private static final long serialVersionUID = 1L; + +/** The xmlDsigSubjectName to be stored */ private String xmlDsigSubjectName; /** The signatureCheckCode to be stored */ private int signatureCheckCode; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..63ad62662 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,240 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String sourceID, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + + // escape parameter strings + //TODO: use URLEncoder.encode!! + target = StringEscapeUtils.escapeHtml(target); + sourceID = StringEscapeUtils.escapeHtml(sourceID); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidSourceID(sourceID)) + throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + moasession.setTarget(target); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + String boolStr = AuthConfigurationProvider + .getInstance() + .getGenericConfigurationParameter( + AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + && (false == BoolUtils.valueOf(boolStr))) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (sourceID != null) + moasession.setSourceID(sourceID); + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + // override template url by url from configuration file + if (oaParam.getTemplateURL() != null) { + templateURL = oaParam.getTemplateURL(); + } + moasession.setTemplateURL(templateURL); + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + + //check Module and Action + HttpSession httpSession = req.getSession(); + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String sourceID = req.getParameter(PARAM_SOURCEID); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..29d407dc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,178 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + String moasessionid = null; + AuthenticationSession moasession = null; + + try { + moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + String sourceID = ""; //TODO: load from Config + String bkuURL = getBKUURIFromConfig(Integer.valueOf(bkuid), oaParam); + String templateURL = getTemplateURIFromConfig(Integer.valueOf(bkuid), oaParam);; + + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + sourceID, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } + + + } + + private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List<String> bkuURIs = Arrays.asList( + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_onlineBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_handyBKU.html", + "http://labda.iaik.tugraz.at:8080/moa-id-auth/template_localBKU.html"); + +// List<String> bkuURIs = Arrays.asList( +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", +// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, + "auth.12"); + } + + private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { + //TODO: CHANGE to real OA config + + List<String> bkuURIs = Arrays.asList( + "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", + "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", + "https://127.0.0.1:3496/https-security-layer-request"); + +// List<String> bkuURIs = Arrays.asList( +// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", +// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", +// "https://127.0.0.1:3496/https-security-layer-request"); + + if (bkuID < bkuURIs.size()) + return bkuURIs.get(bkuID); + else + throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, + "auth.12"); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java deleted file mode 100644 index b5c72ef9f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.util.Calendar; - -import org.apache.axis.AxisFault; -import org.w3c.dom.Element; - -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * Web service for picking up authentication data created in the MOA-ID Auth component. - * - * @author Paul Ivancsics - * @version $Id$ - * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData - */ -public class GetAuthenticationDataService implements Constants { - - /** - * Constructor for GetAuthenticationDataService. - */ - public GetAuthenticationDataService() { - super(); - } - - /** - * Takes a <code>lt;samlp:Request></code> containing a - * <code>SAML artifact</code> and returns the corresponding - * authentication data <code>lt;saml:Assertion></code> - * (obtained from the <code>AuthenticationServer</code>), - * enclosed in a <code>lt;samlp:Response></code>. - * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode></code>s, - * possibly containing enclosed sub-<code>lt;samlp:StatusCode></code>s. - * The status codes are defined in the SAML specification. - * - * @param requests request elements of type <code>lt;samlp:Request></code>; - * only 1 request element is allowed - * @return response element of type <code>lt;samlp:Response></code>, - * packed into an <code>Element[]</code> - * @throws AxisFault thrown when an error occurs in assembling the - * <code>lt;samlp:Response></code> - */ - public Element[] Request(Element[] requests) - throws AxisFault { - - Element request = requests[0]; - Element[] responses = new Element[1]; - String requestID = ""; - String statusCode = ""; - String subStatusCode = null; - String statusMessageCode = null; - String statusMessage = null; - String samlAssertion = ""; - boolean useUTC = false; - if (requests.length > 1) { - // more than 1 request given as parameter - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1201"; - } - else { - try { - DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null); - NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact"); - if (samlArtifactList.getLength() == 0) { - // no SAML artifact given in request - statusCode = "samlp:Requester"; - statusMessageCode = "1202"; - } - else if (samlArtifactList.getLength() > 1) { - // too many SAML artifacts given in request - statusCode = "samlp:Requester"; - subStatusCode = "samlp:TooManyResponses"; - statusMessageCode = "1203"; - } - else { - Element samlArtifactElem = (Element)samlArtifactList.item(0); - requestID = request.getAttribute("RequestID"); - String samlArtifact = DOMUtils.getText(samlArtifactElem); - try { - - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); - - useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact - statusCode = "samlp:Requester"; - subStatusCode = "samlp:ResourceNotRecognized"; - statusMessage = ex.toString(); - } - } - } - catch (Throwable t) { - // invalid request format - statusCode = "samlp:Requester"; - statusMessageCode = "1204"; - } - } - try { - String responseID = Random.nextRandom(); - String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); - if (statusMessage == null) - statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); - responses[0] = new SAMLResponseBuilder().build( - responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); - - } - catch (MOAIDException e) { - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - catch (Throwable t) { - MOAIDException e = new MOAIDException("1299", null, t); - AxisFault fault = AxisFault.makeFault(e); - fault.setFaultDetail(new Element[] { e.toErrorResponse()}); - throw fault; - } - return responses; - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 3f775f38e..935edb557 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -49,11 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.URLEncoder; /**
* Servlet requested for getting the foreign eID
@@ -193,6 +194,13 @@ public class GetForeignIDServlet extends AuthServlet { } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); }
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index fa4deddb6..d41d20def 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -21,9 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ +package at.gv.egovernment.moa.id.auth.servlet; -package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException; import java.io.IOException; @@ -59,162 +58,182 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /** + +/** + * Servlet requested for getting the foreign eID provided by the security layer + * implementation. Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** * */ private static final long serialVersionUID = 4666952867085392597L; -/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0); -
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
- - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" ) - System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); - // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - - String redirectURL = null; - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); - - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - //redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - //redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify that data URL + * resource is available. + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, + * HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + + // Logger.debug("GET GetMISSessionIDServlet"); + // + // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and responds with + * a new <code>CreateXMLSignatureRequest</code>. <br> + * Request parameters: + * <ul> + * <li>MOASessionID: ID of associated authentication session</li> + * <li>XMLResponse: <code><InfoboxReadResponse></code></li> + * </ul> + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, + * HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + // Map parameters; + // try + // { + // parameters = getParameters(req); + // } catch (FileUploadException e) + // { + // Logger.error("Parsing mulitpart/form-data request parameters failed: " + // + e.getMessage()); + // throw new IOException(e.getMessage()); + // } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", + PARAM_SESSIONID, "auth.12"); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + ConnectionParameter connectionParameters = authConf + .getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + AuthConfigurationProvider.getInstance(), + connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest( + connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate) list.get(0); + + // verify mandate signature + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // TODO OW bPK (Offen: was bei saml:NameIdentifier + // NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute + // AttributeName="bPK" ) + System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); + // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! + + String redirectURL = null; + String samlArtifactBase64 = AuthenticationServer.getInstance() + .verifyAuthenticationBlockMandate(session, mandateDoc); + + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + // URLEncoder.encode(session.getTarget(), "UTF-8")); } - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); -
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ // redirectURL = addURLParameter(redirectURL, + // PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, + // "UTF-8")); + redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction()), samlArtifactBase64); + redirectURL = resp.encodeRedirectURL(redirectURL); + + } else { + redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, + session.getSessionID()); + + } + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp); + } catch (PKIException e) { + handleError(null, e, req, resp); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp); } catch (SAXException e) { handleError(null, e, req, resp); } catch (ParserConfigurationException e) { handleError(null, e, req, resp); - }
- } - -
-
- }
+ } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 731c7581c..3c8892e33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -23,12 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -213,6 +214,13 @@ public class PEPSConnectorServlet extends AuthServlet { } else {
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..f89460a83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -245,7 +247,15 @@ public class ProcessValidatorInputServlet extends AuthServlet { resp.setStatus(302);
resp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
- }
+ } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } +
} catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 5f59b6f9a..16ff65477 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; @@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -94,129 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); + Logger.debug("GET StartAuthentication"); + + String sessionID = req.getParameter(PARAM_SESSIONID); + sessionID = (String) req.getAttribute(PARAM_SESSIONID); + + + + try { + + if (StringUtils.isEmpty(sessionID)) + throw new MOAIDException("auth.18", null); + + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); + + setNoCachingHeadersInHttpRespone(req, resp); - HttpSession httpSession = req.getSession(); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - IRequest request = RequestStorage.getPendingRequest(httpSession); - - String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); - String action = request.requestedAction();//req.getParameter(PARAM_ACTION); - request.getOAURL(); - // escape parameter strings - //TODO: use URLEncoder.encode!! - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - modul = StringEscapeUtils.escapeHtml(modul); - action = StringEscapeUtils.escapeHtml(action); - - oaURL = request.getOAURL(); - target = request.getTarget(); - - setNoCachingHeadersInHttpRespone(req, resp); - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - if(modul == null) { - modul = SAML1Protocol.PATH; - } - - if(action == null) { - action = SAML1Protocol.GETARTIFACT; - } - - Logger.info("Start Authentication Module: " + modul + " Action: " + action); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action); + //TODO: Load MOASession + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + //TODO: insert sessionID to STORK!! + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + } + Logger.debug("Finished GET StartAuthentication"); - } + } + catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp); + + } catch (MOADatabaseException e) { + handleError(null, e, req, resp); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f62428ea5..f8a828f6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -48,10 +48,12 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -158,11 +160,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode @@ -203,8 +205,19 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + byte[] cert = session.getEncodedSignerCertificate(); + + String targetType = null; + + if(session.getBusinessService()) { + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + targetType = AuthenticationSession.TARGET_PREFIX_ + session.getTarget(); + } + + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -214,6 +227,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { session.setMISSessionID(misSessionID.getSessiondId()); + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); @@ -228,12 +247,14 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); + } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index d5198a862..4c4671084 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -43,6 +43,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -140,7 +142,7 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) {
// verify certificate for OrganWalter - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(sessionID, cert); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
}
@@ -159,9 +161,14 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ } + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + }
+
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index f2c41a051..8eaa8341c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -43,6 +43,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -134,11 +138,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); + if (createXMLSignatureRequestOrRedirect == null) { // no identity link found @@ -176,36 +183,54 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID), // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen) - boolean useMandate = session.getUseMandate(); - if (useMandate) { // Mandate modus - // read certificate and set dataurl to - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + + //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! +// boolean useMandate = session.getUseMandate(); +// if (useMandate) { // Mandate modus +// // read certificate and set dataurl to +// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +// +// +// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +// +// // build dataurl (to the GetForeignIDSerlvet) +// String dataurl = +// new DataURLBuilder().buildDataURL( +// session.getAuthURL(), +// REQ_VERIFY_CERTIFICATE, +// session.getSessionID()); +// +// +// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); +// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +// ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +// +// } +// else { + Logger.info("Normal"); - - String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); - - // build dataurl (to the GetForeignIDSerlvet) - String dataurl = - new DataURLBuilder().buildDataURL( - session.getAuthURL(), - REQ_VERIFY_CERTIFICATE, - session.getSessionID()); - - - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); - //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); - } - else { - Logger.info("Normal"); ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } - } - +// } + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + throw new AuthenticationException("", null); + } } catch (ParseException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8d2f95cce..e77dd30d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -231,7 +231,29 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + //TODO:load Text from OA config + //String text = "Hiermit bestätige ich, #NAME#, die Übernahme sämtlicher eingelangter Zustellstücke zum #DATE# um #TIME#."; + String text = ""; + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 82acd0897..d798ce9d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -27,16 +27,26 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import java.util.List; +import java.util.Properties; +import org.hibernate.cfg.Configuration; import org.w3c.dom.Element; import org.w3c.dom.Node; +import test.tlenz.simpletest; + import eu.stork.vidp.messages.common.STORKBootstrap; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -45,6 +55,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -277,12 +288,50 @@ public class AuthConfigurationProvider extends ConfigurationProvider { } catch (MalformedURLException t) { throw new ConfigurationException("config.03", null, t); } - + + //Initial Hibernate Framework + //TODO: Full update to new MOA-ID configuration!!! + Logger.trace("Initializing Hibernate framework."); + + String propertiesFileLocation = System.getProperty("moa.id.config"); + MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); + File propertiesFile = new File(propertiesFileLocation); + FileInputStream fis; + Properties props = new Properties(); + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + // initialize hibernate + synchronized (AuthConfigurationProvider.class) { + Configuration hibernateConfig = new Configuration(); + hibernateConfig.addAnnotatedClass(AssertionStore.class); + hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); + hibernateConfig.addAnnotatedClass(OASessionStore.class); + hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class); + hibernateConfig.addProperties(props); + HibernateUtil.initHibernate(hibernateConfig, props); + } + Logger.trace("Hibernate initialization finished."); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + } + + //Initialize OpenSAML for STORK Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 79f3b4e30..c1de93fae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; import java.util.Date; /** @@ -33,8 +34,12 @@ import java.util.Date; * @version $Id$ */ -public class AuthenticationData { +public class AuthenticationData implements Serializable { /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** * major version number of the SAML assertion */ private int majorVersion; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e1c46f295..244197379 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -163,7 +163,8 @@ public class DispatcherServlet extends AuthServlet { // check if pending request is same protocol and action if (!protocolRequest.requestedModule().equals(module) || !protocolRequest.requestedAction() - .equals(action)) { + .equals(action) + || !info.validate(req, resp, protocolRequest)) { resp.sendError(HttpServletResponse.SC_CONFLICT); Logger.error("Different Request is pending in this session!"); return; @@ -185,7 +186,9 @@ public class DispatcherServlet extends AuthServlet { } RequestStorage.setPendingRequest(httpSession, protocolRequest); - + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -194,30 +197,30 @@ public class DispatcherServlet extends AuthServlet { } if (protocolRequest.forceAuth()) { - if (!AuthenticationManager.tryPerformAuthentication( + if (!authmanager.tryPerformAuthentication( req, resp)) { - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Is authenticated .. proceed } else { // Start authentication! - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } @@ -227,8 +230,7 @@ public class DispatcherServlet extends AuthServlet { moduleAction.processRequest(protocolRequest, req, resp); RequestStorage.removePendingRequest(httpSession); - - AuthenticationManager.logout(req, resp); + authmanager.logout(req, resp); } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 3254927ed..5e792ab78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,31 +1,67 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends AuthServlet { + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static AuthenticationSession getAuthenticationSession( + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + + public AuthenticationSession getAuthenticationSession( HttpSession session) { String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); if (sessionID != null) { - return AuthenticationSessionStore.getSession(sessionID); + try { + return AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return null; + } } return null; } @@ -37,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, + public boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { Logger.info("Checking authentication"); @@ -50,15 +86,24 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); +// AuthenticationSession authSession; +// try { +// authSession = AuthenticationSessionStoreage +// .getSession(moaSessionID); +// +// } catch (MOADatabaseException e) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// if(authSession == null) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// return authSession.isAuthenticated(); - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); - return false; - } - - return authSession.isAuthenticated(); + return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); } /** @@ -68,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean tryPerformAuthentication(HttpServletRequest request, + public boolean tryPerformAuthentication(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); @@ -76,8 +121,14 @@ public class AuthenticationManager implements MOAIDAuthConstants { String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return false; + } + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -94,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - public static void logout(HttpServletRequest request, + public void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -111,24 +162,33 @@ public class AuthenticationManager implements MOAIDAuthConstants { return; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); - if(authSession == null) { + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + AuthenticationSessionStoreage.destroySession(moaSessionID); + + session.invalidate(); + + } catch (MOADatabaseException e) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); return; } - - authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - AuthenticationSessionStore.destroySession(moaSessionID); - session.invalidate(); + } - public static void doAuthentication(HttpServletRequest request, + public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) @@ -140,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants { "auth.12"); } - // TODO: Build authentication form + setNoCachingHeadersInHttpRespone(request, response); + + //TODO:move this to config!!! + final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); - /* - * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), - * modul, protocol); - * - * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = - * new PrintWriter(response.getOutputStream()); out.print(loginForm); - * out.flush(); return; - */ + //is legacy allowed + boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); - session.getServletContext().getNamedDispatcher("StartAuthentication") - .forward(request, response); + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + + if (legacyallowed && legacyparamavail) { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //parse request parameter into MOASession + try{ + StartAuthentificationParameterParser.parse(request, response, moasession); + + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, request, response); + } + + catch (MOAIDException ex) { + handleError(null, ex, request, response); + } + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + //TODO: Find a better place for this!! + request.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + + else { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } } + + private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { + + //String sessionID = request.getParameter(PARAM_SESSIONID); + String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); + AuthenticationSession moasession; + + try { + moasession = AuthenticationSessionStoreage.getSession(sessionID); + Logger.info("Found existing MOASession with sessionID=" + sessionID + + ". This session is used for reauthentification."); + + } catch (MOADatabaseException e) { + try { + moasession = AuthenticationSessionStoreage.createSession(); + Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession are not created."); + throw new MOAIDException("init.04", new Object[] { + "0"}); + } + } + + return moasession; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java deleted file mode 100644 index c149d1ce1..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java +++ /dev/null @@ -1,83 +0,0 @@ -package at.gv.egovernment.moa.id.moduls; - -import java.util.HashMap; -import java.util.Iterator; -import java.util.Set; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; - -public class AuthenticationSessionStore { - - private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); - - public static boolean isAuthenticated(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - return sessionStore.get(moaSessionID).isAuthenticated(); - } - } - return false; - } - - public static AuthenticationSession createSession() { - String id = Random.nextRandom(); - AuthenticationSession session = new AuthenticationSession(id); - synchronized (sessionStore) { - sessionStore.put(id, session); - } - return session; - } - - public static void destroySession(String moaSessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(moaSessionID)) { - sessionStore.remove(moaSessionID); - } - } - } - - public static void dumpSessionStore() { - synchronized (sessionStore) { - Set<String> keys = sessionStore.keySet(); - Iterator<String> keyIterator = keys.iterator(); - while(keyIterator.hasNext()) { - String key = keyIterator.next(); - AuthenticationSession session = sessionStore.get(key); - Logger.info("Key: " + key + " -> " + session.toString()); - } - } - } - - public static String changeSessionID(AuthenticationSession session) - throws AuthenticationException { - synchronized (sessionStore) { - if (sessionStore.containsKey(session.getSessionID())) { - AuthenticationSession theSession = sessionStore.get(session - .getSessionID()); - if (theSession != session) { - throw new AuthenticationException("TODO!", null); - } - - sessionStore.remove(session.getSessionID()); - String id = Random.nextRandom(); - session.setSessionID(id); - sessionStore.put(id, session); - return id; - } - } - throw new AuthenticationException("TODO!", null); - } - - public static AuthenticationSession getSession(String sessionID) { - synchronized (sessionStore) { - if (sessionStore.containsKey(sessionID)) { - return sessionStore.get(sessionID); - } - } - Logger.info("No MOA Session with id: " + sessionID); - return null; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 5a2bb1efc..679ccb000 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -22,4 +22,7 @@ public interface IModulInfo { public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable; + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 91b88acb9..f63b0049f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -10,4 +10,6 @@ public interface IRequest { public void setModule(String module); public void setAction(String action); public String getTarget(); + + //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e752857dd..41aa459ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -282,4 +282,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + // TODO implement validation! + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index c188914df..2e2f75b94 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -1,13 +1,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.HashMap; -import java.util.Map; - import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.artifact.SAMLArtifactMap; import org.opensaml.xml.io.MarshallingException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; +import at.gv.egovernment.moa.id.storage.AssertionStorage; public class PVPAssertionStorage implements SAMLArtifactMap { @@ -20,7 +19,8 @@ public class PVPAssertionStorage implements SAMLArtifactMap { return instance; } - private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + private AssertionStorage assertions = AssertionStorage.getInstance(); public boolean contains(String artifact) { return assertions.containsKey(artifact); @@ -33,11 +33,24 @@ public class PVPAssertionStorage implements SAMLArtifactMap { issuerId, samlMessage); - assertions.put(artifact, assertion); + try { + assertions.put(artifact, assertion); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be stored + throw new MarshallingException("Assertion are not stored in Database.",e); + } } public SAMLArtifactMapEntry get(String artifact) { - return assertions.get(artifact); + try { + return assertions.get(artifact, SAMLArtifactMapEntry.class); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be read + e.printStackTrace(); + return null; + } } public void remove(String artifact) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java index 0b280fe48..a2f46694f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -10,7 +10,13 @@ import org.opensaml.xml.schema.XSString; import org.opensaml.xml.schema.impl.XSIntegerBuilder; import org.opensaml.xml.schema.impl.XSStringBuilder; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -100,27 +106,57 @@ public class CitizenTokenBuilder { AuthenticationSession authSession) { AttributeStatement statement = SAML2Utils.createSAMLObject(AttributeStatement.class); + + //TL: AuthData generation is moved out from VerifyAuthBlockServlet + try { + + //TODO: LOAD oaParam from request and not from MOASession in case of SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); - Attribute pvpVersion = buildPVPVersion("2.1"); - Attribute secClass = buildSecClass(3); - Attribute principalName = buildPrincipalName(authSession.getAuthData().getFamilyName()); - Attribute givenName = buildGivenName(authSession.getAuthData().getGivenName()); - Attribute birthdate = buildBirthday(authSession.getAuthData().getDateOfBirth()); - Attribute bpk = buildBPK(authSession.getAuthData().getIdentificationValue()); - Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); - Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); - Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authSession.getAuthData().getIdentificationType()); - - statement.getAttributes().add(pvpVersion); - statement.getAttributes().add(secClass); - statement.getAttributes().add(principalName); - statement.getAttributes().add(givenName); - statement.getAttributes().add(birthdate); - statement.getAttributes().add(bpk); - statement.getAttributes().add(eid_citizen_qaa); - statement.getAttributes().add(eid_issuing_nation); - statement.getAttributes().add(eid_sector_for_id); + AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, + oaParam, + authSession.getTarget()); + + Attribute pvpVersion = buildPVPVersion("2.1"); + Attribute secClass = buildSecClass(3); + Attribute principalName = buildPrincipalName(authData.getFamilyName()); + Attribute givenName = buildGivenName(authData.getGivenName()); + Attribute birthdate = buildBirthday(authData.getDateOfBirth()); + + //TL: getIdentificationValue holds the baseID --> change to pBK + Attribute bpk; + if (authSession.getBusinessService()) + bpk = buildBPK(authData.getWBPK()); + else + bpk = buildBPK(authData.getBPK()); + + Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); + Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); + Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); + + statement.getAttributes().add(pvpVersion); + statement.getAttributes().add(secClass); + statement.getAttributes().add(principalName); + statement.getAttributes().add(givenName); + statement.getAttributes().add(birthdate); + statement.getAttributes().add(bpk); + statement.getAttributes().add(eid_citizen_qaa); + statement.getAttributes().add(eid_issuing_nation); + statement.getAttributes().add(eid_sector_for_id); + + return statement; + + } catch (ConfigurationException e) { + + // TODO: check Exception Handling + return null; + } catch (BuildException e) { + + // TODO: check Exception Handling + return null; + } - return statement; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 94189714e..db41bf389 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -47,15 +47,16 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { EntityDescriptor peerEntity = obj.getEntityMetadata(); - AuthenticationSession authSession = AuthenticationManager - .getAuthenticationSession(req.getSession()); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); + // authSession.getM Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); - + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); nissuer.setFormat(NameID.ENTITY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 5649e5260..3634c9983 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -13,6 +13,9 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -26,30 +29,51 @@ public class GetArtifactAction implements IAction { HttpServletResponse httpResp) { HttpSession httpSession = httpReq.getSession(); - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - String oaURL = (String) httpReq.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String oaURL = (String) httpReq.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); + String oaURL = (String) req.getOAURL(); + String target = (String) req.getTarget(); + try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) + + + if (oaURL == null) { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); } - - if (oaURL == null) { + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - } - + + + // if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } + + + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + // builds authentication data and stores it together with a SAML + // artifact + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, + oaParam, + target); + String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); + .BuildSAMLArtifact(session, oaParam, authData); String redirectURL = oaURL; session.getOAURLRequested(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 47050bf28..3a2f4ee9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; +import iaik.util.logging.Log; + import java.io.IOException; import javax.servlet.ServletException; @@ -37,90 +39,95 @@ public class GetArtifactServlet extends AuthServlet { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - HttpSession httpSession = req.getSession(); - - AuthenticationSession session = AuthenticationManager - .getAuthenticationSession(httpSession); - - String oaURL = (String) req.getAttribute(PARAM_OA); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - String target = (String) req.getAttribute(PARAM_TARGET); - target = StringEscapeUtils.escapeHtml(target); - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - if (oaURL == null) { - oaURL = session.getOAURLRequested(); - } - - if (oaURL == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } - - String samlArtifactBase64 = SAML1AuthenticationServer - .BuildSAMLArtifact(session); - - String redirectURL = oaURL; - session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, - URLEncoder.encode(session.getTarget(), "UTF-8")); - - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, - URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); - - // CONFIRMATION FOR SSO! - /* - * OAAuthParameter oaParam = - * AuthConfigurationProvider.getInstance(). - * getOnlineApplicationParameter(oaURL); - * - * String friendlyName = oaParam.getFriendlyName(); if(friendlyName - * == null) { friendlyName = oaURL; } - * - * - * LoginConfirmationBuilder builder = new - * LoginConfirmationBuilder(); - * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); - * String form = builder.finish(oaURL, session.getIdentityLink() - * .getName(), friendlyName); - */ - - /* - resp.setContentType("text/html"); - - OutputStream out = resp.getOutputStream(); - out.write(form.getBytes("UTF-8")); - out.flush(); - out.close();*/ - - } catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BuildException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (AuthenticationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } + Log.err("Sollte nicht mehr verwendet werden!!!!"); + throw new ServletException("The Servlet Class + " + GetArtifactServlet.class + + " is out of date!!!"); + +// HttpSession httpSession = req.getSession(); +// +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); +// +// String oaURL = (String) req.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// +// String target = (String) req.getAttribute(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// +// if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } +// +// if (oaURL == null) { +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// } +// +// String samlArtifactBase64 = SAML1AuthenticationServer +// .BuildSAMLArtifact(session); +// +// String redirectURL = oaURL; +// session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, +// URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// // CONFIRMATION FOR SSO! +// /* +// * OAAuthParameter oaParam = +// * AuthConfigurationProvider.getInstance(). +// * getOnlineApplicationParameter(oaURL); +// * +// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName +// * == null) { friendlyName = oaURL; } +// * +// * +// * LoginConfirmationBuilder builder = new +// * LoginConfirmationBuilder(); +// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); +// * String form = builder.finish(oaURL, session.getIdentityLink() +// * .getName(), friendlyName); +// */ +// +// /* +// resp.setContentType("text/html"); +// +// OutputStream out = resp.getOutputStream(); +// out.write(form.getBytes("UTF-8")); +// out.flush(); +// out.close();*/ +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (BuildException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (AuthenticationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 4399c556b..e79954daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -4,162 +4,43 @@ import iaik.x509.X509Certificate; import java.io.File; import java.io.IOException; -import java.util.Calendar; +import java.security.cert.CertificateEncodingException; import java.util.Date; -import java.util.HashMap; -import java.util.Map; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.StringUtils; public class SAML1AuthenticationServer extends AuthenticationServer { - - // TODO: for clustering we have to replicate this data to other servers - // We might need to introduce a openEJB to accomplish this - /** authentication data store (assertion handle -> AuthenticationData) */ - @SuppressWarnings("rawtypes") - private static Map authenticationDataStore = new HashMap(); + //private static Map authenticationDataStore = new HashMap(); + private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); + + + //TODO: make this time configurable /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes - - private static AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean businessService = oaParam.getBusinessService(); - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar - .getInstance(), useUTC)); - authData.setIdentificationType(identityLink.getIdentificationType()); - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); - - try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); - if(!isForeigner) { - //we have Austrian citizen - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); - } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - - } - } else { - //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); - authData.setWBPK(wbpkBase64); - } - - } else { - - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); - authData.setBPK(bpkBase64); - } - - - } - - } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); - } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; - - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", ex.toString() }, ex); - } - } - + /** * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. * The <code>AuthenticationData</code> is deleted from the store upon end of @@ -169,10 +50,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { */ public static AuthenticationData getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { - String assertionHandle; try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); } catch (ParseException ex) { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); @@ -180,83 +59,153 @@ public class SAML1AuthenticationServer extends AuthenticationServer { AuthenticationData authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; + try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } + authData = authenticationDataStore + .get(samlArtifact, AuthenticationData.class); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + } + + boolean keepAssertion = false; + try { + String boolStr = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.KeepAssertion"); + if (null != boolStr && boolStr.equalsIgnoreCase("true")) + keepAssertion = true;// Only allowed for debug purposes!!! + + } catch (ConfigurationException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + if (!keepAssertion) { + authenticationDataStore.remove(samlArtifact); } + long now = new Date().getTime(); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + return authData; } - public static String BuildSAMLArtifact(AuthenticationSession session) throws ConfigurationException, BuildException, AuthenticationException { - - // TODO: Support Mandate MODE! + public static String BuildSAMLArtifact(AuthenticationSession session, + OAAuthParameter oaParam, + AuthenticationData authData) + throws ConfigurationException, BuildException, AuthenticationException { + + //TODO: check, if this is correct!!!! +// String samlAssertion = new AuthenticationDataAssertionBuilder().build( +// authData, session.getAssertionPrPerson(), +// session.getAssertionAuthBlock(), +// session.getAssertionIlAssertion(), session.getBkuURL(), +// session.getAssertionSignerCertificateBase64(), +// session.getAssertionBusinessService(), +// session.getExtendedSAMLAttributesOA(), useCondition, +// conditionLength); + - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); boolean useCondition = oaParam.getUseCondition(); int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - useUTC, false); - - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, session.getAssertionPrPerson(), - session.getAssertionAuthBlock(), - session.getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), - session.getAssertionBusinessService(), - session.getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (oaParam.getProvideCertifcate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } } - - String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), session.getSessionID(), - session.getSourceID()); + + //set prPersion + boolean provideStammzahl = oaParam.getProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(session.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = oaParam.getProvideAuthBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = oaParam.getProvideIdentityLink() ? session.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!oaParam.getProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, session.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + session.getMandateData(), + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String assertionFile = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.WriteAssertionToFile"); + if (!ParepUtils.isEmpty(assertionFile)) + try { + ParepUtils.saveStringToFile(samlAssertion, new File( + assertionFile)); + } catch (IOException e) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", e.toString() }, e); + } + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + session.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; - storeAuthenticationData(samlArtifact, authData); - - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } } @@ -271,7 +220,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * @throws AuthenticationException * when SAML artifact is invalid */ - @SuppressWarnings("unchecked") private static void storeAuthenticationData(String samlArtifact, AuthenticationData authData) throws AuthenticationException { @@ -282,14 +230,17 @@ public class SAML1AuthenticationServer extends AuthenticationServer { if (typeCode[0] != 0 || typeCode[1] != 1) throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); + parser.parseAssertionHandle(); + synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); + authenticationDataStore.put(samlArtifact, authData); } + } catch (AuthenticationException ex) { throw ex; + } catch (Throwable ex) { throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 678d5f961..09314ba37 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -9,9 +9,12 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -67,14 +70,33 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { RequestImpl config = new RequestImpl(); String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); + String target = (String) request.getParameter(PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + config.setTarget(oaParam.getTarget()); + request.getSession().setAttribute(PARAM_OA, oaURL); - request.getSession().setAttribute(PARAM_TARGET, target); + request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; } @@ -95,4 +117,30 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return null; } + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + //TODO: funktioniert so nicht!!! + +// String oaURL = (String) request.getParameter(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String target = (String) request.getParameter(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// //the target parameter is used to define the OA in SAML1 standard +// if (target.startsWith("http")) { +// oaURL = target; +// target = null; +// } +// +// if (oaURL != null) { +// if (oaURL.equals(pending.getOAURL())) +// return true; +// else +// return false; +// } + + return true; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java new file mode 100644 index 000000000..b5de788af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionStorage { + + private static AssertionStorage instance = null; + + public static AssertionStorage getInstance() { + if(instance == null) { + instance = new AssertionStorage(); + } + return instance; + } + + public boolean containsKey(String artifact) { + try { + searchInDatabase(artifact); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String artifact, Object assertion) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(artifact); + element.setType(assertion.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) assertion); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(element); + Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Assertion could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + AssertionStore element = searchInDatabase(artifact); + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + @SuppressWarnings("unchecked") + T test = (T) Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Log.warn("Assertion Cast-Exception by using Artifact=" + artifact); + throw new MOADatabaseException("Assertion Cast-Exception"); + } + } + + public void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AssertionStore> results; + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + HibernateUtil.delete(result); + Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + + " after assertion timeout."); + + } catch (HibernateException e){ + Logger.warn("Assertion with Artifact=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + public void remove(String artifact) { + + try { + AssertionStore element = searchInDatabase(artifact); + HibernateUtil.delete(element); + + } catch (MOADatabaseException e) { + Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Assertion not removed! (Error during Database communication)", e); + } + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); + Session session = HibernateUtil.getCurrentSession(); + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No Assertion found with this Artifact"); + } + + return (AssertionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..70156deb7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,242 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + + + } + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID); + HibernateUtil.delete(dbsession); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be destroyed."); + throw new MOADatabaseException(e); + } + + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set<String> keys = sessionStore.keySet(); +// Iterator<String> keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + dbsession.setSession(SerializationUtils.serialize(session)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + HibernateUtil.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + + + + + +// synchronized (sessionStore) { +// if (sessionStore.containsKey(session.getSessionID())) { +// AuthenticationSession theSession = sessionStore.get(session +// .getSessionID()); +// if (theSession != session) { +// throw new AuthenticationException("TODO!", null); +// } +// +// sessionStore.remove(session.getSessionID()); +// String id = Random.nextRandom(); +// session.setSessionID(id); +// sessionStore.put(id, session); +// return id; +// } +// } +// throw new AuthenticationException("TODO!", null); + } + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession()); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + return null; + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AuthenticatedSessionStore> results; + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + HibernateUtil.delete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = HibernateUtil.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..6c8365e67 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,15 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.InputSource; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -212,10 +214,12 @@ public class ParamValidatorUtils { return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + Logger.debug("Parameter bkuURI from configuration is used."); + return true; + + } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -467,7 +471,39 @@ public class ParamValidatorUtils { return false;
}
- }
+ } + + public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { + + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + + // check parameter + try { + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + } catch (WrongParametersException e) { + return false; + } + + if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + return false; + else + return true; + }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index ad4e45a2b..7ee3b4e84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -143,7 +143,7 @@ public class MISSimpleClient { }
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +201,17 @@ public class MISSimpleClient { }
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + +
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index c757e7f8b..25f1fef9d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -8,16 +8,16 @@ # status messages included in <samlp:Response> of GetAuthenticationDataService
1200=Anfrage erfolgreich beantwortet
-1201=Fehlerhaftes Requestformat: mehr als 1 Request �bergeben
-1202=Fehlerhaftes Requestformat: kein SAML-Artifakt �bergeben
-1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt �bergeben
+1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben
+1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben
+1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben
1204=Fehlerhaftes Requestformat
1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
-1207=Zeit�berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1207=Zeit?berschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0})
1299=Interner Server-Fehler
-auth.00=Anmeldung an dieser Applikation wird nicht unterst�tzt (URL={0})
+auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0})
auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
auth.02=MOASessionID ist unbekannt (MOASessionID={0})
auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
@@ -25,54 +25,57 @@ auth.04=Fehler beim Auslesen der Resource "{0}": {1} auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
-auth.08=In der B�rgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
-auth.09=Zur Auswahlseite der B�rgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
+auth.08=In der B?rgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
+auth.09=Zur Auswahlseite der B?rgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
-auth.11=Die zentral gespeicherte Auswahlseite f�r B�rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.11=Die zentral gespeicherte Auswahlseite f?r B?rgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung\: {1}
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
-auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt.
+auth.13=Vollmachtenmodus f�r ausl�ndische B�rger wird nicht unterst�tzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
auth.15=Fehler bei Anfrage an Vollmachten Service.
-auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" auth.17=Vollmachtenmodus f�r nicht-�ffentlichen Bereich wird nicht unterst�tzt.
-auth.18=Die Authentifizierung kann nicht passiv durchgef�hrt werden.
+auth.18=Keine MOASessionID vorhanden
+auth.19=Die Authentifizierung kann nicht passiv durchgef�hrt werden. init.00=MOA ID Authentisierung wurde erfolgreich gestartet
-init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist m�glicherweise nicht verf�gbar
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m?glicherweise nicht verf?gbar
init.02=Fehler beim Starten des Service MOA ID Authentisierung
+init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
-config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei f�r Details)
-config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei f�r Details)
-config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die urspr�ngliche Konfiguration verwendet
-config.05=Fehlerhafter Wert f�r "{0}" in der MOA ID Konfiguration
-config.06=Doppelter Eintrag in der Konfiguration f�r die Online-Applikation gefunden: {0}
+config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
+config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
+config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
+config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
+config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
config.07=Klasse {0} kann nicht instanziert werden
-config.08=Fehlender Wert f�r "{0}" in der MOA ID Konfiguration
+config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})
config.10=Fehler in der MOA SPSS Konfiguration: {0}
config.11=LoginParameterResolver konnte nicht konfiguriert werden {0}
config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet
config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen
config.14=LoginParameterResolver-Fehler: {0}
-config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht f�r die Verifikation anderer Infoboxen verwendet werden.
+config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
-
+config.17=Fehler beim initialisieren von Hibernate
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
parser.02=Schwerer Fehler beim Parsen: {0}
-parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl�ssels: {0}
+parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schl?ssels\: {0}
parser.04=Fehler beim Serialisieren: {0}
parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
-parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollst�ndig ({1} im {2} fehlt)
-parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth�lt einen Schl�ssel ohne zugeh�rigen Wert ("Key"-Element statt "Pair"-Element).
+parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt)
+parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enth?lt einen Schl?ssel ohne zugeh?rigen Wert ("Key"-Element statt "Pair"-Element).
builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
builder.02=Fehler beim Ausblenden von Stammzahlen
-builder.03=Fehler beim Aufbau des HTML Codes f�r Vollmachten
+builder.03=Fehler beim Aufbau des HTML Codes f�r Vollmachten
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -86,104 +89,106 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe proxy.00=MOA ID Proxy wurde erfolgreich gestartet
proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
-proxy.02=Unbekannter URL {0}. <br>Es wurde keine �bereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
+proxy.02=Unbekannter URL {0}. <br>Es wurde keine �bereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
proxy.04=URL {0} : {1}
-proxy.05=Fehler beim Aufbauen der SSLSocketFactory f�r {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory f?r {0} \: {1}
proxy.06=Fehler beim Starten des Service MOA ID Proxy
proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
-proxy.08=Kein URL-Mapping in der HttpSession verf�gbar (URL {0})
+proxy.08=Kein URL-Mapping in der HttpSession verf�gbar (URL {0})
proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. <br>Prüfen Sie bitte ihre Berechtigung.
-proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr�fix: {0}
-proxy.14=<p> Folgende Ursachen k�nnen zu dem Fehler gef�hrt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr�nden bei l�ngerer Inaktivit�t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
-proxy.15=Auf die gew�nschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung.
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0}
+proxy.14=<p> Folgende Ursachen k?nnen zu dem Fehler gef?hrt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr?nden bei l?ngerer Inaktivit?t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
+proxy.15=Auf die gew�nschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung.
proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.<br>Prüfen Sie bitte ihre Berechtigung.
validator.00=Kein SAML:Assertion Objekt gefunden {0}
validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
-validator.02=Das verwendete Schl�sselformat eines �ffentlichen Schl�ssels ist unbekannt {0}
-validator.03=Der Namespace eines �ffentlichen Schl�ssels ist ung�ltig {0}
-validator.04=Es wurde ein SAML:Attribut ohne �ffentlichen Schl�ssel gefunden {0}
+validator.02=Das verwendete Schl�sselformat eines �ffentlichen Schl�ssels ist unbekannt {0}
+validator.03=Der Namespace eines �ffentlichen Schl�ssels ist ung�ltig {0}
+validator.04=Es wurde ein SAML\:Attribut ohne ?ffentlichen Schl?ssel gefunden {0}
validator.05=Es wurde {0} keine DSIG:Signature gefunden
-validator.06=Die Signatur ist ung�ltig
-validator.07=Das Zertifikat der Personenbindung ist ung�ltig.<br>{0}
-validator.08=Das Manifest ist ung�ltig
-validator.09=Die �ffentlichen Schl�ssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat �berein
+validator.06=Die Signatur ist ung�ltig
+validator.07=Das Zertifikat der Personenbindung ist ung�ltig.<br>{0}
+validator.08=Das Manifest ist ung�ltig
+validator.09=Die �ffentlichen Schl�ssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat �berein
-validator.10=Anzahl der URLs zur Authentisierungskomponente ung�ltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
-validator.12=Der Namespace des SAML-Attributs "Gesch�ftsbereich" ist ung�ltig {0}
-validator.13=Das Target des 'Gesch�ftsbereichs' ist ung�ltig {0}
+validator.10=Anzahl der URLs zur Authentisierungskomponente ung�ltig {0}
+validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.12=Der Namespace des SAML-Attributs "Gesch�ftsbereich" ist ung�ltig {0}
+validator.13=Das Target des 'Gesch�ftsbereichs' ist ung�ltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
-validator.15=Der Namespace des SAML-Attributs "OA" ist ung�ltig {0}
+validator.15=Der Namespace des SAML-Attributs "OA" ist ung�ltig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
-validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung�ltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
-validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul�ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth�lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
+validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung�ltig {0}
+#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
+validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul�ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth�lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
-validator.19=Das verwendete Zertifikat zum Signieren ist ung�ltig.<br>{0}
+validator.19=Das verwendete Zertifikat zum Signieren ist ung�ltig.<br>{0}
-validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konstruiert werden.
-validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r zumindest ein Zertifikat dieser Kette f�llt der Pr�fzeitpunkt nicht in das G�ltigkeitsintervall.
-validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. F�r zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
-validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. Zumindest ein Zertifikat ist zum Pr�fzeitpunkt widerrufen.
-validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. Kein Zertifikat dieser Kette ist zum Pr�fzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Pr�fzeitpunkt gesperrt.
+validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konstruiert werden.
+validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r zumindest ein Zertifikat dieser Kette f�llt der Pr�fzeitpunkt nicht in das G�ltigkeitsintervall.
+validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. F�r zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
+validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. Zumindest ein Zertifikat ist zum Pr�fzeitpunkt widerrufen.
+validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauensw�rdigen Wurzelzertifikat konnte konstruiert werden. F�r alle Zertifikate dieser Kette f�llt der Pr�fzeitpunkt in das jeweilige G�ltigkeitsintervall. Kein Zertifikat dieser Kette ist zum Pr�fzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Pr�fzeitpunkt gesperrt.
-validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Gesch�ftsbereich" enthalten
+validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Gesch�ftsbereich" enthalten
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
validator.32="Issuer" im AUTH-Block nicht vorhanden.
-validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") �berein.
-validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) �berein.
-validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ung�ltig.
-validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver�ndert: {0} statt der erwarteten {1}
-validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver�ndert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
-validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung�ltig: "{3}" anstelle von "{4}"
-validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver�ndert: {0} anstelle von {1}. M�glicherweise wurde Ihre B�rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B�rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
-
-
-validator.40=�berpr�fung der {0}-Infobox fehlgeschlagen: {1}
-validator.41=�berpr�fung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur �berpr�fung der {0}-Infobox vorhanden.
-validator.42=�berpr�fung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
-validator.43=�berpr�fung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse f�r die {0}-Infobox konnte nicht erfolgreich geparst werden.
-validator.44=�berpr�fung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Pr�fapplikation ist ein Fehler aufgetreten.
-validator.45=�berpr�fung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {2} ist {3}.
-validator.46=�berpr�fung der {0}-Infobox fehlgeschlagen: Der Wert des von der Pr�fapplikation zur�ckgegebenen SAML-Attributes Nummer {1} ist ung�ltig.
-validator.47=�berpr�fung der {0}-Infobox fehlgeschlagen: Das von der Pr�fapplikation zur�ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
-validator.48={0}-Infobox wurde nicht von der BKU �bermittelt: F�r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
+validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") �berein.
+validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) �berein.
+validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ung�ltig.
+validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde ver?ndert\: {0} statt der erwarteten {1}
+validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde ver?ndert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
+validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ung?ltig\: "{3}" anstelle von "{4}"
+validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde ver?ndert\: {0} anstelle von {1}. M?glicherweise wurde Ihre B?rgerkartenumgebung kompromittiert. Verwenden Sie Ihre B?rgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
+
+
+validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1}
+validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden.
+validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
+validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden.
+validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten.
+validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}.
+validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig.
+validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
+validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
-validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
+validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
-validator.60=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
-validator.61=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten f�r berufliche Parteienvertreter nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
-validator.62=Fehler in der �bermittlung: keine prim�re Vollmacht �bergeben.
-validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
+validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
validator.64=Fehler beim Austausch von Vollmachtsdaten
-validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
-validator.66=�berpr�fung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
+validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
+validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
+
+validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
-stork.01=STORK SAML AuthnRequest nicht g�ltig
+stork.01=STORK SAML AuthnRequest nicht g�ltig
stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
stork.04=STORK SAML Response konnte nicht decodiert werden
stork.05=STORK SAML Response Validierung fehlgeschlagen
-stork.06=STORK SAML Response enth�lt eine Fehlermeldung: {0}
-stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
+stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0}
+stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
stork.08=STORK SAML Assertion Validierung fehlgeschlagen
-stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
+stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
stork.10=Fehler in der Verbindung zum SZR-Gateway
pvp2.00={0} ist kein gueltiger consumer service index
@@ -201,4 +206,4 @@ pvp2.11=Binding {0} wird nicht unterstuetzt pvp2.12=NameID Format {0} wird nicht unterstuetzt
pvp2.13=Interner Server Fehler
pvp2.14=SAML Anfrage verweigert
-pvp2.15=Keine Metadateninformation gefunden
\ No newline at end of file +pvp2.15=Keine Metadateninformation gefunden diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html index 576683dc7..688732c15 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginForm.html @@ -1,59 +1,267 @@ <html> <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <meta content="text/css" http-equiv="Content-Style-Type"> + <link rel="stylesheet" type="text/css" href="css/index.css"> + <link type="text/css" rel="stylesheet" href="css/2.0/stammzahl.css"> + <link type="text/css" rel="stylesheet" href="css/2.0/stylesnew.css"> + <link type="text/css" rel="stylesheet" href="css/2.0/stylesinput.css"> + <script type="text/javascript"> + function isIE() { + return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); + } + + function isFullscreen() { + try { + return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); + } catch (e) { + return false; + } + } + + function isActivexEnabled() { + var supported = null; + try { + supported = !!new ActiveXObject("htmlfile"); + } catch (e) { + supported = false; + } + return supported; + } + + function isMetro() { + if (!isIE()) + return false; + return !isActivexEnabled() && isFullscreen(); + } + + window.onload=function() { + document.getElementById("localBKU").style.display="none"; + return; + } + + function bkuOnlineClicked() { + if (isMetro()) + document.getElementById("metroDetected").style.display="block"; + document.getElementById("localBKU").style.display="block"; + + setMandateSelection(); + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "0"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + + generateIFrame(iFrameURL); + } + + function bkuHandyClicked() { + document.getElementById("localBKU").style.display="none"; + + setMandateSelection(); + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "1"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + + generateIFrame(iFrameURL); + } + + function storkClicked() { + document.getElementById("localBKU").style.display="none"; + + setMandateSelection(); + + var ccc = "AT"; + var countrySelection = document.getElementById("cccSelection"); + + if (countrySelection != null) { + ccc = document.getElementById("cccSelection").value; + } + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "0"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&ccc=" + ccc; + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + + generateIFrame(iFrameURL); + } + + function generateIFrame(iFrameURL) { + var el = document.getElementById("bkulogin"); + var parent = el.parentNode; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", iFrameURL); + iframe.setAttribute("width", "220"); + iframe.setAttribute("height", "165"); + iframe.setAttribute("frameborder", "0"); + iframe.setAttribute("scrolling", "no"); + iframe.setAttribute("title", "Login"); + + parent.replaceChild(iframe, el); + } + + function setMandateSelection() { + document.getElementById("moaidform").action = "#AUTH_URL#"; + + document.getElementById("useMandate").value = "false"; + var checkbox = document.getElementById("mandateCheckBox"); + if (checkbox != null) { + if (document.getElementById("mandateCheckBox").checked) { + document.getElementById("useMandate").value = "true"; + } + } + } + </script> </head> + + <body> - <div style="width: 250px"> - <div id="bku_area"> - <form action="#AUTH_URL#" method="get" id="fcard"> - <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request"> - <input type="hidden" name="OA" value="#OA_URL#"> - <input type="hidden" name="MODUL" value="#MODUL#"> - <input type="hidden" name="ACTION" value="#ACTION#"> - <input type="checkbox" id="mandateCheckBox" name="useMandate" value="true"> - <label for="mandateCheckBox">in Vertretung anmelden</label> - <div - style="float: left; width: 48%; text-align: center; position: relative;"> - <div class="image"> - <img src="img/karte.gif" alt="Login mit Karte" width="76" - height="50" style="margin-top: 1.5em;"> + <div class="pageWidth"> + + <div id="pagebase"> + <div id="page"> + + <div id="header" class="header clearfix"> + <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1> + +<!-- <ul id="servicenav"> + <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li> + <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li> + <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li> + </ul> --> + + <div id="mainnavjump"></div> + <p id="homelink"><img src="img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p> + <ul id="mainnav" class="clearfix"> +<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> --> +<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li> + <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gewählt)</span><span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> --> + </ul> + + </div> + + + <br class="clearAll"> + + <div id="viewcontrol" class="switch"> + <div id="page1" class="case selected-case"> + <div style="margin-left: 0px;"> + + <h2 class="OA_header">Anmeldung an: #OAName#</h2> + + <div id="main"> + <div id="leftcontent"> + <h2 id="tabheader" class="dunkel"> + Login mit Bürgerkarte + </h2> + <div id="bkulogin" class="hell"> + + <div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px"> + <table style="margin-left: auto; margin-right: auto;"> + <tr> + <td><input tabindex="1" type="checkbox" name="Mandate" + style="vertical-align: middle; margin-right: 5px" + id="mandateCheckBox"></td> + <td><label for="mandateCheckBox">in Vertretung anmelden</label></td> + <td><a href="info_mandates.html" target="_blank" + class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td> + </tr> + </table> + </div> + + <div id="bkukarte" class="hell"> + <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button> + </div> + + <div id="bkuhandy" class="hell"> + <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button> + </div> + + <!-- <div id="mandate"> + <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"> + <label>in Vertretung anmelden</label> + <a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a> + </div> --> + + <div id="stork" class="hell" align="center"> + <div id="leftcontent" style="margin-bottom:10px"> + <h2 id="tabheader" class="dunkel"> + Home Country Selection + </h2> + </div> + <p> + <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > + <option value="BE">België/Belgique</option> + <option value="EE">Eesti</option> + <option value="ES">España</option> + <option value="IS">Ísland</option> + <option value="IT">Italia</option> + <option value="LI">Liechtenstein</option> + <option value="LT">Lithuania</option> + <option value="PT">Portugal</option> + <option value="SI">Slovenija</option> + <option value="FI">Suomi</option> + <option value="SE">Sverige</option> + </select> + <button name="bkuButton" type="button" onClick="storkClicked();">Send</button> + <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> + </p> + </div> + </div> + + <div id="metroDetected" style="display:none" class="hell"> + <p> + Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können. + </p> + </div> + + <div id="localBKU" style="display:none" class="hell"> + <hr> + <form method="get" id="moaidform"> + <input type="hidden" name="bkuURI" value="2"> + <input type="hidden" name="useMandate" id="useMandate"> + <input type="hidden" name="CCC" id="ccc"> + <input type="hidden" name="MODUL" value="#MODUL#"> + <input type="hidden" name="ACTION" value="#ACTION#"> + <input type="submit" size="400" value="lokale BKU" class="sendButton"> + </form> + <p> + <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> + </p> + </div> </div> - <input type="submit" id="startOnlineBku" name="startOnlineBku" - value="Karte" class="button"> - </div> - <div - style="float: left; width: 48%; text-align: center; position: relative;"> - <div class="image"> - <img src="img/handy.gif" alt="Login mit Handy" width="34" - height="57" style="margin-top: 1em;"> </div> - <input type="submit" id="startMobileBku" name="startMobileBku" - value="Handy" class="button"> </div> - </form> + </div> + </div> + + <br style="clear: both"> + <div id="footer" class="clearfix"> + +<!-- <h2 class="hidden">Über die Website der Stammzahlenregisterbehörde</h2> + <ul> + <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li> + + <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li> + </ul> --> + </div> + + + </div> </div> - <form name="storkForm" method="POST" - action="#AUTH_URL#"> - <input type="hidden" name="bkuURI" value="https://127.0.0.1:3496/https-security-layer-request"> - <input type="hidden" name="OA" value="#OA_URL#"> - <input type="hidden" name="MODULE" value="#MODULE#"> - <input type="hidden" name="ACTION" value="#ACTION#"> - <select name="CCC" size="1" style="width: 120px"> - <option value="BE">België/Belgique</option> - <option value="EE">Eesti</option> - <option value="ES">España</option> - <option value="IS">Ísland</option> - <option value="IT">Italia</option> - <option value="LI">Liechtenstein</option> - <option value="LT">Lithuania</option> - <option value="PT">Portugal</option> - <option value="SI">Slovenija</option> - <option value="FI">Suomi</option> - <option value="SE">Sverige</option> - </select> <input type="submit" name="storkButton" value="Send" alt="Send" - class="button" /> <a href="info_stork.html" target="_blank" - class="infobutton" style="color: #FFF">i</a> - </form> </div> </body> -</html>
\ No newline at end of file +</html> diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath new file mode 100644 index 000000000..3cb77b9e0 --- /dev/null +++ b/id/server/moa-id-commons/.classpath @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" output="target/classes" path="src/main/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="src" output="target/test-classes" path="src/test/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + <attribute name="org.eclipse.jst.component.nondependency" value=""/> + </attributes> + </classpathentry> + <classpathentry kind="output" path="target/classes"/> +</classpath> diff --git a/id/server/moa-id-commons/.project b/id/server/moa-id-commons/.project new file mode 100644 index 000000000..d109c42c5 --- /dev/null +++ b/id/server/moa-id-commons/.project @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>moa-id-commons</name> + <comment></comment> + <projects> + </projects> + <buildSpec> + <buildCommand> + <name>org.eclipse.wst.common.project.facet.core.builder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.wst.validation.validationbuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.m2e.core.maven2Builder</name> + <arguments> + </arguments> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jem.workbench.JavaEMFNature</nature> + <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature> + <nature>org.eclipse.jdt.core.javanature</nature> + <nature>org.eclipse.m2e.core.maven2Nature</nature> + <nature>org.eclipse.wst.common.project.facet.core.nature</nature> + </natures> +</projectDescription> diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml new file mode 100644 index 000000000..0abd80602 --- /dev/null +++ b/id/server/moa-id-commons/pom.xml @@ -0,0 +1,112 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id</groupId> + <artifactId>moa-id</artifactId> + <version>1.5.2</version> + </parent> + <artifactId>moa-id-commons</artifactId> + <name>moa-id-commons</name> + <groupId>MOA.id.server</groupId> + + <dependencies> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-core</artifactId> + <version>4.2.1.Final</version> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.1</version> + </dependency> + <dependency> + <groupId>MOA</groupId> + <artifactId>moa-common</artifactId> + <type>jar</type> + </dependency> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-c3p0</artifactId> + <version>4.2.1.Final</version> + </dependency> + + <dependency> + <groupId>mysql</groupId> + <artifactId>mysql-connector-java</artifactId> + <version>5.1.25</version> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.5</source> + <target>1.5</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jar-plugin</artifactId> + <configuration> + <skipTests>true</skipTests> + <archive> + <addMavenDescriptor>false</addMavenDescriptor> + </archive> + </configuration> + <executions> + <execution> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>2.5</version> + <configuration> + <charset>UTF-8</charset> + <docencoding>UTF-8</docencoding> + <quiet>true</quiet> + <author>false</author> + <version>false</version> + <use>true</use> + <excludePackageNames>at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*</excludePackageNames> + <tags> + <tag> + <name>pre</name> + <placement>a</placement> + <head>Preconditions:</head> + </tag> + <tag> + <name>post</name> + <placement>a</placement> + <head>Postconditions:</head> + </tag> + </tags> + <links> + <link>http://java.sun.com/j2se/1.4/docs/api/</link> + <link>http://java.sun.com/j2se/1.5.0/docs/api/</link> + <link>http://logging.apache.org/log4j/docs/api/</link> + </links> + <target>1.5</target> + </configuration> + <executions> + <execution> + <id>generate-javadoc</id> + <phase>package</phase> + <goals> + <goal>jar</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + <version>1.5.2</version> +</project>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java new file mode 100644 index 000000000..d60c5ef45 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/DBUtils.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.commons.db; + +import java.util.List; + +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class DBUtils { + +// @SuppressWarnings("rawtypes") +// public static AssertionStore getAssertion(String artifact) { +// MiscUtil.assertNotNull(artifact, "artifact"); +// Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); +// +// Session session = HibernateUtil.getCurrentSession(); +// session.beginTransaction(); +// Query query = session.getNamedQuery("getAssertionWithArtifact"); +// query.setString("artifact", artifact); +// List result = query.list(); +// Logger.trace("Found entries: " + result.size()); +// +// if (result.size() == 0) { +// Logger.trace("No entries found."); +// return null; +// } +// return (AssertionStore) result.get(0); +// } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java new file mode 100644 index 000000000..1fa5a20fd --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/HibernateUtil.java @@ -0,0 +1,166 @@ +package at.gv.egovernment.moa.id.commons.db; + +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; +import org.hibernate.HibernateException; +import org.hibernate.Session; +import org.hibernate.SessionFactory; +import org.hibernate.Transaction; +import org.hibernate.cfg.Configuration; +import org.hibernate.service.ServiceRegistry; +import org.hibernate.service.ServiceRegistryBuilder; + +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; + +public final class HibernateUtil { + + private static SessionFactory sessionFactory; + private static ServiceRegistry serviceRegistry; + + @SuppressWarnings("rawtypes") + private static final ThreadLocal THREAD_LOCAL = new ThreadLocal(); + private static boolean automaticSessionHandling = false; + + private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" }; + private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class"; + + private static Configuration configuration; + + protected HibernateUtil() { } + + public static void initHibernate(Configuration config, Properties hibernateProperties) { + + String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY)); + if (scm != null) { + automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1; + } + Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\"."); + if (automaticSessionHandling) { + Logger.info("Hibernate is automatically handling session context management."); + } else { + Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling."); + } + try { + //Create the SessionFactory + Logger.debug("Creating initial session factory..."); + + config.configure(); + serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + sessionFactory = config.buildSessionFactory(serviceRegistry); + Logger.debug("Initial session factory successfully created."); + + } catch (Throwable ex) { + Logger.error("Initial session factory creation failed: " + ex.getMessage()); + throw new ExceptionInInitializerError(ex); + } + } + + /** + * Checks if a session factory is currently available. If necessary a new + * session factory is created. + * + * @return current (or new) session factory + * @throws HibernateException + * thrown if a hibernate error occurs + */ + public static Session getCurrentSession() { + if (automaticSessionHandling) { + return sessionFactory.getCurrentSession(); + } + Session session = (Session) THREAD_LOCAL.get(); + // Open a new Session, if this Thread has none yet + if (session == null || !session.isConnected()) { + session = getNewSession(); + } + return session; + } + + @SuppressWarnings("unchecked") + public static Session getNewSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); + return sessionFactory.getCurrentSession(); + } + Session session = (Session) THREAD_LOCAL.get(); + if (session != null) { + Logger.warn("Previous session has not been closed; closing session now."); + closeSession(); + } + Logger.debug("Opening new hibernate session..."); + try { + session = sessionFactory.openSession(); + THREAD_LOCAL.set(session); + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + return session; + } + + /** + * Closes the current session. + * + * @throws HibernateException + * thrown if session is already closed or a hibernate error + * occurs. + */ + @SuppressWarnings("unchecked") + public static void closeSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); + return; + } + Logger.debug("Closing current hibernate session..."); + Session session = (Session) THREAD_LOCAL.get(); + THREAD_LOCAL.set(null); + if (session != null) { + try { + session.close(); + + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + } + } + + public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { + Transaction tx = null; + try { + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + tx = session.beginTransaction(); + session.saveOrUpdate(dbo); + tx.commit(); + } + return true; + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new MOADatabaseException(e); + } + } + + public static boolean delete(Object dbo) { + Transaction tx = null; + try { + Session session = HibernateUtil.getCurrentSession(); + + synchronized (session) { + tx = session.beginTransaction(); + session.delete(dbo); + tx.commit(); + } + + return true; + + } catch(HibernateException e) { + Logger.warn("Error during database delete. Rollback.", e); + tx.rollback(); + return false; + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java new file mode 100644 index 000000000..a0898efc1 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -0,0 +1,77 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import javax.persistence.Lob; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + + +@Entity +@DynamicUpdate(value=true) +@Table(name = "assertionstore") +@NamedQueries({ + @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"), + @NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout") +}) + +public class AssertionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @Column(name = "artifact", unique=true, nullable=false) + private String artifact; + + @Column(name = "type", nullable=false) + private String type; + + @Column(name = "assertion", nullable=false) + @Lob private byte [] assertion; + + @Column(name = "timestamp", nullable=false) + Date timestamp; + + + + public String getArtifact() { + return artifact; + } + + public void setArtifact(String artifact) { + this.artifact = artifact; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + public byte[] getAssertion() { + return assertion; + } + + public void setAssertion(byte[] assertion) { + this.assertion = assertion; + } + + public Date getDatatime() { + return timestamp; + } + + public void setDatatime(Date datatime) { + this.timestamp = datatime; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java new file mode 100644 index 000000000..01c18062c --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; +import java.util.Set; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Lob; +import javax.persistence.OneToMany; +import javax.persistence.PrePersist; +import javax.persistence.PreUpdate; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "authenticatedsessionstore") +@NamedQueries({ + @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), + @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeout") +}) + +public class AuthenticatedSessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy=GenerationType.AUTO) + @Column(name = "id", unique=true, nullable=false) + private int id = 0; + + @Column(name = "sessionid", unique=true, nullable=false) + private String sessionid; + + @Column(name = "session", nullable=false) + @Lob private byte [] session; + + @Column(name = "isAuthenticated", nullable=false) + private boolean isAuthenticated = false; + + @Column(name = "isSSOSession", nullable=false) + private boolean isSSOSession = false; + + @OneToMany(mappedBy="ssoidentifier") + private Set<OASessionStore> activeOAsessions; + + @OneToMany(mappedBy="ssoidentifier") + private Set<OldSSOSessionIDStore> oldssosessionids; + + @Column(name = "created", updatable=false, nullable=false) + @Temporal(TemporalType.TIMESTAMP) + private Date created; + + @Column(name = "updated") + @Temporal(TemporalType.TIMESTAMP) + private Date updated; + + @PrePersist + protected void created() { + this.updated = this.created = new Date(); + } + + @PreUpdate + protected void lastUpdate() { + this.updated = new Date(); + } + + + public int getId() { + return id; + } + + public void setId(int id) { + this.id = id; + } + + public String getSessionid() { + return sessionid; + } + + public void setSessionid(String sessionid) { + this.sessionid = sessionid; + } + + public byte[] getSession() { + return session; + } + + public void setSession(byte[] session) { + this.session = session; + } + + public boolean isAuthenticated() { + return isAuthenticated; + } + + public void setAuthenticated(boolean isAuthenticated) { + this.isAuthenticated = isAuthenticated; + } + + public Date getCreated() { + return created; + } + + public Date getUpdated() { + return updated; + } + + public void setCreated(Date created) { + this.created = created; + } + + public void setUpdated(Date updated) { + this.updated = updated; + } + + public boolean isSSOSession() { + return isSSOSession; + } + + public void setSSOSession(boolean isSSOSession) { + this.isSSOSession = isSSOSession; + } + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java new file mode 100644 index 000000000..597c275b7 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -0,0 +1,88 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.PrePersist; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "oasessionstore") + +@NamedQueries({ + @NamedQuery(name="getOAsWithSSOID", query = "select oasessionstore from OASessionStore oasessionstore where oasessionstore.ssoidentifier = :ssoidentifier") +}) + +public class OASessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy=GenerationType.AUTO) + @Column(name = "idOASession", unique=true, nullable=false) + private int idOASession = 0; + + @ManyToOne + @JoinColumn(name = "id") + private AuthenticatedSessionStore ssoidentifier; + + @Column(name = "oaurlprefix", unique=false, nullable=false) + private String oaurlprefix; + + @Column(name = "created", updatable=false, nullable=false) + @Temporal(TemporalType.TIMESTAMP) + private Date created; + + @PrePersist + protected void created() { + this.created = new Date(); + } + + public int getId() { + return idOASession; + } + + public void setId(int id) { + this.idOASession = id; + } + + public AuthenticatedSessionStore getSsoidentifier() { + return ssoidentifier; + } + + public void setSsoidentifier(AuthenticatedSessionStore ssoidentifier) { + this.ssoidentifier = ssoidentifier; + } + + public String getOaurlprefix() { + return oaurlprefix; + } + + public void setOaurlprefix(String oaurlprefix) { + this.oaurlprefix = oaurlprefix; + } + + public Date getCreated() { + return created; + } + + public void setCreated(Date created) { + this.created = created; + } + +} + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java new file mode 100644 index 000000000..571acd094 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "oldssosessionid") + +@NamedQueries({ + @NamedQuery(name="getSSOSessionWithOldSessionID", query = "select oldssosessionid from OldSSOSessionIDStore oldssosessionid where oldssosessionid.oldsessionid = :sessionid") +}) + +public class OldSSOSessionIDStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy=GenerationType.AUTO) + @Column(name = "idOldSSOSession", unique=true, nullable=false) + private int idOldSSOSession = 0; + + @ManyToOne + @JoinColumn(name = "id") + private AuthenticatedSessionStore ssoidentifier; + + @Column(name = "oldsessionid", unique=true, nullable=false) + private String oldsessionid; + + public int getId() { + return idOldSSOSession; + } + + public void setId(int id) { + this.idOldSSOSession = id; + } + + public AuthenticatedSessionStore getSsoidentifier() { + return ssoidentifier; + } + + public void setSsoidentifier(AuthenticatedSessionStore ssoidentifier) { + this.ssoidentifier = ssoidentifier; + } + + public String getOldsessionid() { + return oldsessionid; + } + + public void setOldsessionid(String oldsessionid) { + this.oldsessionid = oldsessionid; + } + + public String getSessionid() { + return oldsessionid; + } + + public void setSessionid(String oldsessionid) { + this.oldsessionid = oldsessionid; + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java new file mode 100644 index 000000000..169d31aac --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.commons.db.ex; + +public class MOADatabaseException extends Exception { + + private static final long serialVersionUID = 1L; + + public MOADatabaseException() { + super(); + } + + public MOADatabaseException(String message, Throwable cause) { + super(message, cause); + } + + public MOADatabaseException(String message) { + super(message); + } + + public MOADatabaseException(Throwable cause) { + super(cause); + } +} diff --git a/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml new file mode 100644 index 000000000..4841481b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/hibernate.cfg.xml @@ -0,0 +1,14 @@ +<?xml version='1.0' encoding='utf-8'?> +<!DOCTYPE hibernate-configuration PUBLIC +"-//Hibernate/Hibernate Configuration DTD 3.0//EN" +"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd"> + +<hibernate-configuration> + <session-factory> + <!-- MOA Session handling mapping files --> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore"/> + </session-factory> +</hibernate-configuration>
\ No newline at end of file diff --git a/id/server/pom.xml b/id/server/pom.xml index 386f38ed6..777715c3b 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -19,6 +19,7 @@ <module>proxy</module>
<module>auth</module>
<module>stork-saml-engine</module>
+ <module>moa-id-commons</module>
</modules>
<properties>
|
