diff options
Diffstat (limited to 'id')
54 files changed, 411 insertions, 341 deletions
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp index 76c8d069b..129b32508 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp @@ -22,7 +22,7 @@ labelposition="left" cssClass="textfield_long"/> - + <!-- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> @@ -39,6 +39,7 @@ </tr> </s:iterator> </table> + --> </div> </div> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css index c8de82c50..f95106c5a 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css @@ -87,7 +87,7 @@ } #leftcontent { - width: 300px; + width: 400px; /*margin-top: 30px;*/ margin: auto; } @@ -99,9 +99,9 @@ } #bkulogin { - overflow:hidden; - min-width: 190px; - min-height: 180px; + overflow:hidden; + min-width: 190px; + min-height: 180px; /*height: 260px;*/ } @@ -130,11 +130,16 @@ float:left; margin-left: 40px; } + #centerbutton { + width: 30% + float: middle; + } + #rightbutton { width: 30%; float:right; - margin-right: 45px; + margin-right: 40px; text-align: right; } @@ -266,7 +271,7 @@ } } - @media screen and (max-width: 399px) and (min-width: 300px) { + @media screen and (max-width: 399px) and (min-width: 400px) { #localBKU p { font-size: 0.9em; } @@ -381,15 +386,14 @@ visibility: hidden; } - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + vertical-align: middle; + min-height: 173px; + min-width: 204px; } #bku_header { @@ -452,13 +456,14 @@ } #leftbutton { - width: 35%; + width: 30%; float:left; margin-left: 15px; } + #rightbutton { - width: 35%; + width: 30%; float:right; margin-right: 25px; text-align: right; @@ -479,12 +484,17 @@ padding-top: 4%; height: 10%; position: relative; - text-align: center; + text-align: left; } .verticalcenter { vertical-align: middle; } + + .mandate{ + float: left; + margin-left: 4%; + } #mandateLogin div { clear: both; @@ -509,29 +519,37 @@ #bkukarte { float:left; text-align:center; - width:40%; - min-height: 70px; - padding-left: 5%; - padding-top: 2%; + width:33%; + min-height: 90px; + + padding-top: 2%; } #bkuhandy { - float:right; + float:left; text-align:center; - width:40%; - min-height: 90px; - padding-right: 5%; - padding-top: 2%; + width:33%; + min-height: 90px; + + padding-top: 2%; } + #bkueulogin { + float:left; + text-align:center; + width:33%; + min-height: 90px; + padding-top: 2%; + + } - .bkuimage { - width: 60%; - height: auto; - margin-bottom: 10%; - } + .bkuimage { + width: 55%; + height: auto; + margin-bottom: 10%; + } #mandate{ - text-align:center; + text-align:left; padding : 5px 5px 5px 5px; } diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index fe9bc2166..01249537f 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -4,7 +4,7 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" /> + <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/> <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script> @@ -26,8 +26,8 @@ <div id="mandateLogin" class="$MANDATEVISIBLE"> <div> <input tabindex="1" type="checkbox" name="Mandate" - id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED> - <label for="mandateCheckBox" class="verticalcenter">in + id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED> + <label for="mandateCheckBox" class="mandate">in Vertretung anmelden</label> <!--a href="info_mandates.html" target="_blank" @@ -37,31 +37,41 @@ </div> <div id="bkuselectionarea"> <div id="bkukarte"> - <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> + <img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> - <!-- Remove support for Online BKU and swith the card button to local BKU--> - <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> + <!-- Remove support for Online BKU and swith the card button to local BKU--> + <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /--> - <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="$bkuLocal" /> - <input type="hidden" name="useMandate" id="useMandate" /> - <input type="hidden" name="SSO" id="useSSO" /> - <input type="hidden" name="ccc" id="ccc" /> - <input type="hidden" name="pendingid" value="$pendingReqID" /> - <input type="submit" value=" Karte " tabindex="4" role="button"> - </form> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="$bkuLocal" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="SSO" id="useSSO" /> + <input type="hidden" name="ccc" id="ccc" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" /> + </form> - <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> + <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe> - <!-- BKU detection with static template--> - <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> - - </div> - <div id="bkuhandy"> - <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> - <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> - </div> - </div> + <!-- BKU detection with static template--> + <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe--> + </div> + + <div id="bkuhandy"> + <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" /> + <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" /> + </div> + + + <div id="bkueulogin" style="$STORKVISIBLE"> + <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" /> + <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> + <input type="hidden" name="useeIDAS" value="true" /> + <input type="hidden" name="useMandate" id="useMandate" /> + <input type="hidden" name="pendingid" value="$pendingReqID" /> + <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" /> + </form> + </div> <!--div id="localBKU"> <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent"> @@ -80,7 +90,11 @@ <!--div id="ssoSessionTransferBlock"> <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a> </div--> - + + + + + <!-- <div id="stork" align="center" class="$STORKVISIBLE"> <h2 id="tabheader" class="dunkel">Home Country Selection</h2> <p> @@ -88,9 +102,9 @@ $countryList </select> <button id="eIDASButton" name="bkuButton" type="button">Proceed</button> - <!--a href="info_stork.html" target="_blank" class="infobutton">i</a--> + a href="info_stork.html" target="_blank" class="infobutton">i</a </p> - </div> + </div>--> <div id="metroDetected" class="unvisible"> <p>Anscheinend verwenden Sie Internet Explorer im diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 9b9b13d8b..0e8b996ba 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -319,8 +319,8 @@ <artifactId>eaaf-core</artifactId>
<type>test-jar</type>
<classifier>tests</classifier>
- <version>1.0.0-snapshot</version>
- <scope>test</scope>
+ <version>1.0.0</version>
+ <scope>test</scope>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index e92c3377a..f642cddc7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator; import at.gv.egovernment.moa.id.data.IMOAAuthData; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{ IMOAAuthData moaAuthData = (IMOAAuthData) authData; dblog.setOatarget(moaAuthData.getBPKType()); - boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; + boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null; dblog.setInterfederatedSSOSession(isFederatedAuthentication); if (isFederatedAuthentication) { dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); - dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); + dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class)); + + } else if (moaAuthData.isForeigner()) { + dblog.setBkutype(IOAAuthParameters.EIDAS); } else { dblog.setBkuurl(moaAuthData.getBkuURL()); @@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{ } else { Logger.debug("Use MOA session information from pending-req for ErrorLogging"); - moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); + moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class); + } @@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{ private String findBKUType(String bkuURL, IOAAuthParameters dbOA) { - if (dbOA != null) { - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU))) - return IOAAuthParameters.HANDYBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU))) - return IOAAuthParameters.LOCALBKU; - - if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; - } - - Logger.trace("Staticic Log search BKUType from DefaultBKUs"); - - try { - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) - return IOAAuthParameters.THIRDBKU; + if (bkuURL != null) { + if (dbOA != null) { + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + } + + Logger.trace("Staticic Log search BKUType from DefaultBKUs"); - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + try { + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU))) + return IOAAuthParameters.THIRDBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; + + if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; + + } catch (ConfigurationException e) { + Logger.info("Advanced Logging: Default BKUs read failed"); + } + + Logger.debug("Staticic Log search BKUType from generneric Parameters"); + + if (bkuURL.endsWith(GENERIC_LOCALBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); return IOAAuthParameters.LOCALBKU; + } - if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + if (bkuURL.startsWith(GENERIC_HANDYBKU)) { + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); return IOAAuthParameters.HANDYBKU; - - } catch (ConfigurationException e) { - Logger.info("Advanced Logging: Default BKUs read failed"); - } - - Logger.debug("Staticic Log search BKUType from generneric Parameters"); - - if (bkuURL.endsWith(GENERIC_LOCALBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); - return IOAAuthParameters.LOCALBKU; + } } - if (bkuURL.startsWith(GENERIC_HANDYBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); - return IOAAuthParameters.HANDYBKU; - } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS); return IOAAuthParameters.AUTHTYPE_OTHERS; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index a13455972..2c14af463 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { try { return buildAuthenticationData(pendingReq, - new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()), + pendingReq.getSessionData(AuthenticationSessionWrapper.class), pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class)); } catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) { Logger.warn("Can not build authentication data from session information"); - throw new EAAFAuthenticationException("TODO", new Object[]{}, e); + throw new EAAFAuthenticationException("builder.11", new Object[]{}, e); } @@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder if (oaParam.isSTORKPVPGateway()) oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq); - Boolean isMinimalFrontChannelResp = pendingReq.getGenericData( + Boolean isMinimalFrontChannelResp = pendingReq.getRawData( MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class); if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) { //only set minimal response attributes authdata.setQAALevel( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class)); authdata.setBPK( - pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); + pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class)); } else { //build AuthenticationData from MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index a43e6a7fb..399ecc022 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { String sectorName = null; - String saml1Target = pendingReq.getGenericData( + String saml1Target = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); if (MiscUtil.isNotEmpty(saml1Target)) { target = saml1Target; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 926bfe242..cadaec2a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -45,6 +45,7 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import org.apache.commons.collections4.map.HashedMap; @@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi */ @Override public X509Certificate getSignerCertificate() { - try { - return new X509Certificate(signerCertificate); - } - catch (CertificateException e) { - Logger.warn("Signer certificate can not be loaded from session database!", e); - return null; + if (signerCertificate != null && signerCertificate.length > 0) { + try { + return new X509Certificate(signerCertificate); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } } + + return null; } /* (non-Javadoc) @@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(VALUE_SIGNER_CERT, getSignerCertificate()); result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse()); - result.putAll(genericSessionDataStorate); - + for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) + result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); + return Collections.unmodifiableMap(result); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index b976cba9e..375b144d7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object - String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - - //load MOA SSO-session from database - AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); - - if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { + String ssoId = ssoManager.getSSOSessionID(request); + if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //user allow single sign-on authentication if (ssoConsents) { - + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + //Populate this pending request with SSO session information - pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; + pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request pendingReq.setAuthenticated(true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java index 7d9a2c28c..acaf21682 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask { List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST)); if (restrictedSPs.contains(spEntityId)) { Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... "); - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //check if user idl is already loaded if (moasession.getIdentityLink() == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 0e1e1bf12..ead80b117 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ resultTargetFriendlyName = targetFriendlyNameConfig; //set info's into request-context. (It's required to support SAML1 requested target parameters) - protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget); + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName); } else { @@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - protocolReq.setGenericDataToSession( + protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, templateURL); @@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ oaURL = pendingReq.getSPEntityId(); //only needed for SAML1 - String target = pendingReq.getGenericData("saml1_target", String.class); + String target = pendingReq.getRawData("saml1_target", String.class); parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 6544766b2..77abe07af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_AuthenticationManager") public class AuthenticationManager extends AbstractAuthenticationManager { - public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; - public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; - public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; - public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA"; - + public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager { //set interfederation authentication flag executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, MiscUtil.isNotEmpty( - pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); //set legacy mode or BKU-selection flags boolean leagacyMode = (legacyallowed && legacyparamavail); executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode); executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode - && MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class))); + && MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class))); //add additional http request parameter to context if (leagacyMode) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 97c4f40cd..b5005d0c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.moduls; import java.util.Date; +import java.util.Map; +import java.util.Map.Entry; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; @@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec - public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL"; - public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE"; - public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID"; + public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; + public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; + public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID"; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; @Autowired private AuthConfiguration authConfig; @@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager { Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID); - Logger.trace("Populatint pending request with SSO session information .... "); - pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession()); + Logger.trace("Populatint pending request with SSO session information .... "); + Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession(); + if (Logger.isTraceEnabled()) { + Logger.trace("Full SSO DataSet: "); + for (Entry<String, Object> el : fullSSOData.entrySet()) { + Logger.trace(" Key: " + el.getKey() + " Value: " + el.getValue()); + + } + + } + pendingReq.setRawDataToTransaction(fullSSOData); pendingReq.setAuthenticated(true); } @@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); String interfederationIDP = - protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isNotEmpty(interfederationIDP)) { Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP); return; @@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf RequestImpl moaReq = (RequestImpl) protocolRequest; if (MiscUtil.isNotEmpty(interIDP)) { Logger.info("Receive SSO request for interfederation IDP " + interIDP); - moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP); } else { //check if IDP cookie is set String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); - moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie); + moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie); deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } @@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf //in case of federated SSO session, jump to federated IDP for authentication String interfederationIDP = - protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(interfederationIDP)) { InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); @@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf if (selectedIDP != null) { //no local SSO session exist -> request interfederated IDP Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix()); - protocolRequest.setGenericDataToSession( + protocolRequest.setRawDataToTransaction( DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 0f75cf63b..405e44112 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8")); AuthenticationSession session = new AuthenticationSession(id, now, - new AuthenticationSessionWrapper(target.genericFullDataStorage())); + (IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class)); encryptSession(session, dbsession); //store AssertionStore element to Database @@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setSSOSession(true); dbsession.setSSOsessionid(externalSSOSessionID); + dbsession.setAuthenticated(true); //Store MOASession entityManager.merge(dbsession); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 7d6730925..66b9be341 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template. builder.08=Authentication process could NOT completed. Reason: {0}
builder.09=Can not build GUI component. Reason: {0}
builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten ##add status codes!!!!
sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.
sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.
sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 5d7588dd5..b878eadf3 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -92,6 +92,7 @@ builder.07=9002 builder.08=1008 builder.09=9103 builder.10=1009 +builder.11=9102 service.00=4300 service.03=4300 @@ -122,6 +123,7 @@ sp.pvp2.09=4503 sp.pvp2.10=4502 sp.pvp2.11=4502 sp.pvp2.12=4502 +sp.pvp2.13=4501 validator.00=1102 validator.01=1102 diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java index 16cdc9c12..1ea057186 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest { IAuthenticationSession session = new DummyAuthSession(); session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink()); - pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession()); + pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession()); IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq); diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java index 2fcec92c5..c9dcd291a 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -63,6 +63,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration public static final String PARAM_OANAME = "OAName"; public static final String PARAM_COUNTRYLIST = "countryList"; + public static final String PARAM_EIDAS_VISIBLE = "eIDASVisible"; protected IRequest pendingReq = null; protected String templateClasspahtDir = null; @@ -141,10 +142,15 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration params.put(PARAM_BKU_URL_THIRD, oaParam.getBKUURL(IOAAuthParameters.THIRDBKU)); //set eIDAS login information if requird - if (oaParam.isShowStorkLogin()) + if (oaParam.isShowStorkLogin()) { addCountrySelection(params, oaParam); - else - params.put(PARAM_COUNTRYLIST, ""); + params.put(PARAM_EIDAS_VISIBLE, ""); + + } else { + params.put(PARAM_COUNTRYLIST, ""); + params.put(PARAM_EIDAS_VISIBLE, FormBuildUtils.TEMPLATEVISIBLE); + + } FormBuildUtils.customiceLayoutBKUSelection(params, oaParam); diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java index 53ec222dc..248bde700 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java @@ -50,12 +50,10 @@ public class FormBuildUtils { private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE"; private static String PARAM_MANDATECHECKED = "MANDATECHECKED"; - private static String PARAM_STORKVISIBLE = "STORKVISIBLE"; - - private static final String TEMPLATEVISIBLE = " unvisible"; - private static final String TEMPLATEDISABLED = "disabled=\"true\""; - private static final String TEMPLATECHECKED = "checked=\"true\""; - private static final String TEMPLATE_ARIACHECKED = "aria-checked="; + public static final String TEMPLATEVISIBLE = " unvisible"; + public static final String TEMPLATEDISABLED = "disabled=\"true\""; + public static final String TEMPLATECHECKED = "checked=\"true\""; + public static final String TEMPLATE_ARIACHECKED = "aria-checked="; static { @@ -91,12 +89,7 @@ public class FormBuildUtils { } else params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); - - if (oaParam.isShowStorkLogin()) - params.put(PARAM_STORKVISIBLE, ""); - else - params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); - + //add more SP specific infos setFormCustomizatenFromSP(params, oaParam); @@ -126,7 +119,6 @@ public class FormBuildUtils { public static void defaultLayoutBKUSelection(Map<String, Object> params) { params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE); params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\""); - params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE); params.putAll(getDefaultMap()); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 34567131b..a77ba45a5 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -151,7 +151,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()}); //load Template - String templateURL = pendingReq.getGenericData( + String templateURL = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; if (MiscUtil.isNotEmpty(templateURL)) { @@ -450,8 +450,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); - SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); - SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); + SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); + SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); return createXMLSignatureRequest; } @@ -547,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { String authURL = pendingReq.getAuthURL(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index a46c81d06..a2e03bc4e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -162,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime())); //set other values from pendingReq if exists - Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); + Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); if (processSpecificElements != null && !processSpecificElements.isEmpty()) { Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ..."); Iterator<?> mapIterator = processSpecificElements.entrySet().iterator(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index f53dfae45..3eb7225a8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -51,8 +51,8 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); try { - //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //execute default task initialization + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index af8f780ec..50add6beb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -64,7 +64,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { throws TaskExecutionException { try { //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index af4abe813..e4966a53b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -71,7 +71,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { try { //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //get MIS sessionID String misSessionID = moasession.getMISSessionID(); @@ -120,7 +120,6 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { //revisionsLogger.logMandateEventSet(pendingReq, mandate); //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index ab53671f2..65ae9cf91 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -87,7 +88,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { HttpServletRequest request, HttpServletResponse response) throws EAAFException { Logger.info("BKU is selected -> Start BKU communication ..."); - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + + AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -122,9 +125,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { //get Target from config or from request in case of SAML 1 String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && + if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) - target = pendingReq.getGenericData("saml1_target", String.class); + target = pendingReq.getRawData("saml1_target", String.class); String bkuURL = oaParam.getBKUURL(bkuid); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index d1d0ef086..a02032e74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -50,14 +50,13 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { try { //initialize task - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //build authBlock String createXMLSignatureRequest = authServer .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //write response diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 7c9702b8b..dd7890b7e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -71,7 +71,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { //perform default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ConnectionParameterInterface connectionParameters = moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); @@ -131,7 +131,6 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { moasession.setMISSessionID(misSessionID.getSessiondId()); //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 3b70c55e9..c8b562282 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -87,7 +87,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); @@ -95,7 +95,6 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 5b207d33e..9f1f23344 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -77,7 +77,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { try { //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); @@ -98,7 +98,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 99eba56c1..b7c45a032 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -66,7 +66,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { //execute default task initialization - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); @@ -74,7 +74,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; //store pending request with new MOASession data information - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //set 'identityLink exists' flag to context diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 01ef4ee26..ab9be7163 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -144,10 +144,10 @@ public class CreateXMLSignatureResponseValidator { IIdentityLink identityLink = session.getIdentityLink(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); try { diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java index c3c3331e1..c1229e3ff 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -29,7 +29,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.lang3.StringUtils; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.metadata.EntityDescriptor; @@ -40,21 +39,20 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; -import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.logging.Logger; @@ -92,7 +90,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } // get entityID for central ms-specific eIDAS node - String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration()); + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); if (MiscUtil.isEmpty(msNodeEntityID)) { @@ -149,48 +147,24 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (MetadataProviderException e) { - throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e); + + throw new TaskExecutionException(pendingReq, + "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", + new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e )); } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { - Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); + throw new TaskExecutionException(pendingReq, + e.getMessage(), + new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e )); } catch (Exception e) { - Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e); + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); } } - private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) { - //load from service-provider configuration - String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); - - if (StringUtils.isEmpty(msNodeEntityID)) { - Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... "); - if (authConfig instanceof AuthConfiguration) { - AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; - List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( - moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); - - if (configuratedEntityIDs.size() > 0) - msNodeEntityID = configuratedEntityIDs.get(0); - else - Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... "); - - } else - Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() - + "' Switch to generic Type ... "); - - - if (StringUtils.isEmpty(msNodeEntityID)) - msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); - - } - - return msNodeEntityID; - } - private List<EAAFRequestedAttribute> buildRequestedAttributes() { List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>(); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java index c034dc95e..f3eaff11a 100644 --- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; +import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusCode; import org.opensaml.ws.message.decoder.MessageDecodingException; @@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; @@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //validate entityId of response - String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); String respEntityId = msg.getEntityID(); if (!msNodeEntityID.equals(respEntityId)) { Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); @@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (MessageDecodingException | SecurityException e) { String samlRequest = request.getParameter("SAMLRequest"); Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e); - throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", + new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e)); } catch (IOException | MarshallingException | TransformerException e) { Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); - throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); } catch (CredentialsNotAvailableException e) { Logger.error("PVP response decrytion FAILED. No credential found.", e); - throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); - throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); } catch (Exception e) { Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); - throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); } @@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //check if all attributes are include if (!extractor.containsAllRequiredAttributes() && !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { - Logger.warn("PVP Response from federated IDP contains not all requested attributes."); + Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); } //copy attributes into MOASession + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); for (String el : includedAttrNames) { String value = extractor.getSingleAttributeValue(el); - pendingReq.setGenericDataToSession(el, value); + session.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } + + //set foreigner flag + session.setForeigner(true); + if (extractor.getFullAssertion().getIssuer() != null && + StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) + session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); + else + session.setBkuURL("eIDAS_Authentication"); + } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java new file mode 100644 index 000000000..642008726 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class Utils { + + public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } +} diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index ec43adccc..0cbf009ad 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -29,7 +29,6 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; -import java.util.Date; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -57,14 +56,12 @@ import com.google.gson.JsonParser; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -136,9 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { - IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); - + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -206,16 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.debug("Parse eID information into MOA-Session ..."); byte[] rawIDL = Base64Utils.decode(idlB64, false); IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink(); + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setIdentityLink(identityLink); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL); Logger.info("Session Restore completed"); - - - pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); - + } catch (MOAIDException e) { throw e; @@ -243,10 +236,6 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e); throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e); - } catch (EAAFStorageException e) { - Logger.error("Can not populate pending-request with eID data.", e); - throw new MOAIDException("Can not populate pending-request with eID data.", null, e); - } finally { } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 5e79aee8e..bb5700bd7 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks; import java.io.IOException; import java.io.InputStream; import java.net.URL; -import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -40,11 +39,10 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -87,9 +85,8 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { - IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date()); - + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setUseMandates(false); moaSession.setForeigner(false); @@ -108,9 +105,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("IdentityLink is not parseable.", null); } - - pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); - + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 103781470..3dea62ec4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import java.io.InputStream; import java.text.SimpleDateFormat; -import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -42,8 +41,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; @@ -73,7 +72,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData( + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -161,13 +161,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { } revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); - AuthenticationSession moasession = new AuthenticationSession("1234", new Date()); - moasession.setForeigner(true); - moasession.setIdentityLink(identityLink); - moasession.setBkuURL("Not applicable (eIDASAuthentication)"); - pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); - - + moaSession.setForeigner(true); + moaSession.setIdentityLink(identityLink); + moaSession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 55416e92b..1788facf0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -12,6 +12,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -89,21 +90,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** //update MOA-Session data with received information - Logger.debug("Store eIDAS response information into MOA-session."); - - pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); - - pendingReq.setGenericDataToSession( + Logger.debug("Store eIDAS response information into MOA-session."); + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - samlResp.getAttributes()); - - pendingReq.setGenericDataToSession( + samlResp.getAttributes()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); - + session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 42ca6e507..d268dd2f6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -350,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) && eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat())) - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); else - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); // - memorize requested attributes pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes()); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 25f303816..b1db1564e 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -55,6 +55,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; @@ -162,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Logger.debug("Validation of PVP Response from ELGA mandate-service is complete."); Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); for (String el : includedAttrNames) { - pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + //pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } @@ -243,7 +247,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Response samlResp = (Response) msg.getResponse(); //validate 'inResponseTo' attribute - String authnReqID = pendingReq.getGenericData( + String authnReqID = pendingReq.getRawData( MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class); String inResponseTo = samlResp.getInResponseTo(); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 658502d2c..50fb2cb4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -114,7 +114,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID); //load MOASession from database - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //setup AuthnRequestBuilder configuration @@ -192,7 +192,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set MandateReferenceValue as RequestID authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, authnReqConfig.getRequestID()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 40701d91d..0350a113c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -159,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 2ce5234ac..118de861c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; @@ -49,9 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set<String> allowedParameters = new HashSet<String>(); - - @Autowired(required=true) protected IConfiguration authConfig; - + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -65,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { return param; } - protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception { + protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { // moa id - load oa with client id! try { @@ -91,7 +88,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { } // oAuth - this.populateSpecialParameters(request); + this.populateSpecialParameters(request, authConfig); // cleanup parameters this.checkAllowedParameters(request); @@ -115,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 30e89d15a..9f4174bf0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -79,7 +79,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme try { pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); @@ -113,7 +113,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme try { pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index e14914512..89e4252b1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -124,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index fec78d88c..3408cf538 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -167,7 +167,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { command, signedCommand); //store pending request - pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, qualeIDReqId); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index a3175713a..fc386b796 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -25,7 +25,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; @@ -93,7 +92,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } //validate reqId with inResponseTo - String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); @@ -153,16 +152,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } //cache qualified eID data into pending request - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idlB64); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlockB64); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA); @@ -176,7 +175,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { Logger.warn("SL2.0 processing error:", e); if (sl20Result != null) Logger.debug("Received SL2.0 result: " + sl20Result); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); @@ -185,7 +184,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); if (sl20Result != null) Logger.debug("Received SL2.0 result: " + sl20Result); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, e.getMessage(), e)); @@ -246,7 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { Map<String, String> reqParameters = new HashMap<String, String>(); reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); @@ -260,7 +259,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //build second redirect command for IDP JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), redirectOneCommand, null, true); JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index 403423e46..6811d1016 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -40,7 +40,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { Logger.debug("Verify qualified eID data from SL20 response .... "); try { //check if there was an error - TaskExecutionException sl20Error = pendingReq.getGenericData( + TaskExecutionException sl20Error = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, TaskExecutionException.class); if (sl20Error != null) { @@ -50,19 +50,19 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { } //get data from pending request - String sl20ReqId = pendingReq.getGenericData( + String sl20ReqId = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - String idlB64 = pendingReq.getGenericData( + String idlB64 = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, String.class); - String authBlockB64 = pendingReq.getGenericData( + String authBlockB64 = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, String.class); - String ccsURL = pendingReq.getGenericData( + String ccsURL = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, String.class); - String LoA = pendingReq.getGenericData( + String LoA = pendingReq.getRawData( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, String.class); @@ -104,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //add into session - AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); //TODO: from AuthBlock diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index 95590b51a..921e3844b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -91,8 +91,8 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); container.setDhParams(dhKeyIDP); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce); //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index c7e42c8ab..90b74ebd7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -27,7 +27,6 @@ import java.io.IOException; import java.io.PrintWriter; import java.math.BigInteger; import java.security.MessageDigest; -import java.util.Date; import javax.crypto.Cipher; import javax.crypto.spec.DHPublicKeySpec; @@ -50,13 +49,11 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -102,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); - SSOTransferContainer container = pendingReq.getGenericData( + String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getRawData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", @@ -189,9 +186,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - AuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); - pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -249,8 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - - IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index 20fd5ebc4..d0d97e9e8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -73,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID - String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); + String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index f5af84405..6b6d1a196 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -168,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //check if SP is also a federated IDP if (spConfig.isInderfederationIDP()) { //SP is a federated IDP --> answer only with nameID and wait for attribute-Query - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); - pendingReq.setGenericDataToSession( + pendingReq.setRawDataToTransaction( MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. @@ -195,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //store valid assertion into pending-request - pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -297,6 +298,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //copy attributes into MOASession Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); for (String el : includedAttrNames) { String value = extractor.getSingleAttributeValue(el); @@ -310,13 +312,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } } - pendingReq.setGenericDataToSession(el, value); + session.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } //set validTo from this federated IDP response - pendingReq.setGenericDataToSession( + session.setGenericDataToSession( AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, extractor.getAssertionNotOnOrAfter()); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 92bcce24b..21dbb573a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class); + String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class); if (authData.isSsoSession()) { String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (MiscUtil.isNotEmpty(oaTargetArea)) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (MiscUtil.isNotEmpty(oaTargetArea)) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 398119a7f..30d740a2a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -193,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) { - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target); pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target); } else { @@ -201,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement pendingRequest.setTarget(targetArea); if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length())); |