aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/auth/pom.xml4
-rw-r--r--id/server/idserverlib/pom.xml8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java374
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java38
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java17
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java10
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java5
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java7
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java14
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java33
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java19
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java8
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java13
18 files changed, 388 insertions, 396 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index ed809aee9..3a84ca37d 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -147,10 +147,10 @@
</dependency> -->
<!-- Adding stork module dependency automatically adds stork capabilities. -->
- <dependency>
+<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-stork</artifactId>
- </dependency>
+ </dependency> -->
<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
<dependency>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index ee697926b..3aa5d9869 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -33,7 +33,7 @@
<version>6.1.1</version>
<scope>test</scope>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>eu.stork</groupId>
<artifactId>oasis-dss-api</artifactId>
<version>1.0.0-RELEASE</version>
@@ -43,7 +43,7 @@
<artifactId>commons-io</artifactId>
</exclusion>
</exclusions>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>at.gv.egiz.components</groupId>
@@ -90,11 +90,11 @@
<artifactId>Commons</artifactId>
<version>1.4.0</version>
</dependency> -->
- <dependency>
+<!-- <dependency>
<groupId>eu.stork</groupId>
<artifactId>SamlEngine</artifactId>
<version>1.5.1</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>MOA</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998fa495f..b79b99a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,7 +32,9 @@ import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
+import java.util.Iterator;
import java.util.List;
+import java.util.Map.Entry;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -788,16 +792,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//set STORK attributes
if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
- authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
- authData.setForeigner(true);
+ try {
+ authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+ authData.setForeigner(true);
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("STORK Response can not stored into generic authData.", e);
+
+ }
- }
-
- if (!extractor.getSTORKAttributes().isEmpty()) {
- authData.setStorkAttributes(extractor.getSTORKAttributes());
- authData.setForeigner(true);
}
+
+// if (!extractor.getSTORKAttributes().isEmpty()) {
+// authData.setStorkAttributes(extractor.getSTORKAttributes());
+// authData.setForeigner(true);
+//
+// }
authData.setSsoSession(true);
authData.setInterfederatedSSOSession(true);
@@ -887,10 +899,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
authData.setBkuURL(session.getBkuURL());
- authData.setStorkAttributes(session.getStorkAttributes());
- authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
- authData.setStorkRequest(session.getStorkAuthnRequest());
-
+ //copy all generic authentication information to authData
+ if (session.getGenericSessionDataStorage() != null &&
+ !session.getGenericSessionDataStorage().isEmpty()) {
+ Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+ while (copyInterator.hasNext()) {
+ Entry<String, Object> element = copyInterator.next();
+ try {
+ authData.setGenericData(element.getKey(), element.getValue());
+
+ } catch (SessionDataStorageException e) {
+ Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+
+ }
+ }
+ }
+
authData.setSignerCertificate(session.getEncodedSignerCertificate());
authData.setAuthBlock(session.getAuthBlock());
@@ -921,9 +945,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
if (MiscUtil.isEmpty(authData.getCcc())) {
- if (authData.getStorkAuthnRequest() != null) {
- authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
- Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+ String storkCCC = authData.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+
+ if (MiscUtil.isNotEmpty(storkCCC)) {
+ authData.setCcc(storkCCC);
+ Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 59482c4a8..ae3ec9a9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -44,13 +44,15 @@ import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
+import org.apache.commons.collections4.map.HashedMap;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -215,129 +217,28 @@ public class AuthenticationSession implements Serializable {
* accept. The infobox identifiers are comma separated.
*/
private String pushInfobox;
-
- /**
- * The STORK AuthRequest to be sent to the C-PEPS
- */
- private STORKAuthnRequest storkAuthnRequest;
-
- private String storkAuthnResponse;
-
+
// private AuthenticationData authData;
// protocol selection
private String action;
private String modul;
+ private String processInstanceId;
+
private boolean authenticated;
private boolean authenticatedUsed = false;
private boolean ssoRequested = false;
-
+
private String QAALevel = null;
-
-// private OAuth20SessionObject oAuth20SessionObject;
-
- // /**
- // * Indicates if target from configuration is used or not
- // */
- // private boolean useTargetFromConfig;
-
- // /**
- // * Authentication data for the assertion
- // */
- // private AuthenticationData assertionAuthData;
- //
- // /**
- // * Persondata for the assertion
- // */
- // private String assertionPrPerson;
- //
- // /**
- // * Authblock for the assertion
- // */
- // private String assertionAuthBlock;
- //
- // /**
- // * Identitylink assertion for the (MOA) assertion
- // */
- // private String assertionIlAssertion;
- //
- // /**
- // * Signer certificate (base64 encoded) for the assertion
- // */
- // private String assertionSignerCertificateBase64;
- //
- // /**
- // * bussiness service for the assertion
- // */
- // boolean assertionBusinessService;
- //
- // /**
- // * timestamp logging when authentication session has been created
- // */
- // private Date timestampStart;
- // private CreateXMLSignatureResponse XMLCreateSignatureResponse;
-
+
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
-
- private IPersonalAttributeList storkAttributes;
+ private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
- //Temporary store SignRequest for local processing
- private String signedDoc;
- //Temporary store SAMLResponse for processing after user signed signedDoc locally
- private String SAMLResponse;
- //
- private StringBuffer returnURL;
- private IPersonalAttributeList authnResponseGetPersonalAttributeList;
- private String authnContextClassRef;
- // private String requestedProtocolURL = null;
-
- private String processInstanceId;
-
- public String getAuthnContextClassRef() {
- return authnContextClassRef;
- }
-
- public void setAuthnContextClassRef(String authnContextClassRef) {
- this.authnContextClassRef = authnContextClassRef;
- }
-
- public IPersonalAttributeList getAuthnResponseGetPersonalAttributeList() {
- return authnResponseGetPersonalAttributeList;
- }
-
- public void setAuthnResponseGetPersonalAttributeList(IPersonalAttributeList authnResponseGetPersonalAttributeList) {
- this.authnResponseGetPersonalAttributeList = authnResponseGetPersonalAttributeList;
- }
-
- public String getSAMLResponse() {
- return SAMLResponse;
- }
-
- public void setSAMLResponse(String samlResponse) {
- SAMLResponse = samlResponse;
- }
-
- public StringBuffer getReturnURL() {
- return returnURL;
- }
-
- public void setReturnURL(StringBuffer returnURL) {
- this.returnURL = returnURL;
- }
-
- public String getSignedDoc() {
- return signedDoc;
- }
-
- public void setSignedDoc(String signedDoc) {
- this.signedDoc = signedDoc;
- }
-
public String getModul() {
return modul;
}
@@ -353,15 +254,7 @@ public class AuthenticationSession implements Serializable {
public void setAction(String action) {
this.action = action;
}
-
- // public AuthenticationData getAuthData() {
- // return authData;
- // }
- //
- // public void setAuthData(AuthenticationData authData) {
- // this.authData = authData;
- // }
-
+
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
}
@@ -378,14 +271,6 @@ public class AuthenticationSession implements Serializable {
this.authenticated = authenticated;
}
- // public String getRequestedProtocolURL() {
- // return requestedProtocolURL;
- // }
- //
- // public void setRequestedProtocolURL(String requestedProtocolURL) {
- // this.requestedProtocolURL = requestedProtocolURL;
- // }
-
/**
* Constructor for AuthenticationSession.
*
@@ -395,8 +280,7 @@ public class AuthenticationSession implements Serializable {
public AuthenticationSession(String id, Date created) {
sessionID = id;
sessionCreated = created;
- // setTimestampStart();
-// infoboxValidators = new ArrayList();
+
}
public X509Certificate getSignerCertificate() {
@@ -760,98 +644,7 @@ public class AuthenticationSession implements Serializable {
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
-
-// /**
-// * Returns the iterator to the stored infobox validators.
-// *
-// * @return Iterator
-// */
-// public Iterator getInfoboxValidatorIterator() {
-// if (infoboxValidators == null) return null;
-// return infoboxValidators.iterator();
-// }
-
- // /**
- // * Adds an infobox validator class to the stored infobox validators.
- // *
- // * @param infoboxIdentifier
- // * the identifier of the infobox the validator belongs to
- // * @param infoboxFriendlyName
- // * the friendly name of the infobox
- // * @param infoboxValidator
- // * the infobox validator to add
- // */
- // public Iterator addInfoboxValidator(String infoboxIdentifier,
- // String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
- // if (infoboxValidators == null)
- // infoboxValidators = new ArrayList();
- // Vector v = new Vector(3);
- // v.add(infoboxIdentifier);
- // v.add(infoboxFriendlyName);
- // v.add(infoboxValidator);
- // infoboxValidators.add(v);
- // return infoboxValidators.iterator();
- // }
-
-// /**
-// * Tests for pending input events of the infobox validators.
-// *
-// * @return true if a validator has a form to show
-// */
-// public boolean isValidatorInputPending() {
-// boolean result = false;
-// Iterator iter = getInfoboxValidatorIterator();
-// if (iter != null) {
-// while (!result && iter.hasNext()) {
-// Vector infoboxValidatorVector = (Vector) iter.next();
-// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
-// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
-// }
-// }
-// return result;
-// }
-
- // /**
- // * Returns the first pending infobox validator.
- // *
- // * @return the infobox validator class
- // */
- // public InfoboxValidator getFirstPendingValidator() {
- // Iterator iter = getInfoboxValidatorIterator();
- // if (iter != null) {
- // while (iter.hasNext()) {
- // Vector infoboxValidatorVector = (Vector) iter.next();
- // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- // .get(2);
- // String form = infoboxvalidator.getForm();
- // if (!ParepUtils.isEmpty(form))
- // return infoboxvalidator;
- // }
- // }
- // return null;
- // }
-
- // /**
- // * Returns the input form of the first pending infobox validator input
- // * processor.
- // *
- // * @return the form to show
- // */
- // public String getFirstValidatorInputForm() {
- // Iterator iter = getInfoboxValidatorIterator();
- // if (iter != null) {
- // while (iter.hasNext()) {
- // Vector infoboxValidatorVector = (Vector) iter.next();
- // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- // .get(2);
- // String form = infoboxvalidator.getForm();
- // if (!ParepUtils.isEmpty(form))
- // return form;
- // }
- // }
- // return null;
- // }
-
+
/**
* Returns domain identifier (the register and number in the register parameter).
* <code>null</code> in the case of not a business service.
@@ -954,26 +747,7 @@ public class AuthenticationSession implements Serializable {
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
-
- /**
- * Gets the STORK SAML AuthnRequest
- *
- * @return STORK SAML AuthnRequest
- */
- public STORKAuthnRequest getStorkAuthnRequest() {
- return storkAuthnRequest;
- }
-
- /**
- * Sets the STORK SAML AuthnRequest
- *
- * @param storkAuthnRequest
- * STORK SAML AuthnRequest
- */
- public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
- this.storkAuthnRequest = storkAuthnRequest;
- }
-
+
public String getCcc() {
return ccc;
}
@@ -1054,24 +828,8 @@ public class AuthenticationSession implements Serializable {
}
/**
- * Memorizes the stork attribute list.
- *
- * @param personalAttributeList the new stork attributes
- */
- public void setStorkAttributes(IPersonalAttributeList personalAttributeList) {
- this.storkAttributes = personalAttributeList;
- }
-
- /**
- * Recalls the stork attribute list.
- *
- * @return the stork attributes
- */
- public IPersonalAttributeList getStorkAttributes() {
- return this.storkAttributes;
- }
-
- /**
+ * eIDAS QAA level
+ *
* @return the qAALevel
*/
public String getQAALevel() {
@@ -1079,6 +837,8 @@ public class AuthenticationSession implements Serializable {
}
/**
+ * set QAA level in eIDAS form
+ *
* @param qAALevel the qAALevel to set
*/
public void setQAALevel(String qAALevel) {
@@ -1086,20 +846,6 @@ public class AuthenticationSession implements Serializable {
}
/**
- * @return the storkAuthnResponse
- */
- public String getStorkAuthnResponse() {
- return storkAuthnResponse;
- }
-
- /**
- * @param storkAuthnResponse the storkAuthnResponse to set
- */
- public void setStorkAuthnResponse(String storkAuthnResponse) {
- this.storkAuthnResponse = storkAuthnResponse;
- }
-
- /**
* @return the sessionCreated
*/
public Date getSessionCreated() {
@@ -1121,5 +867,89 @@ public class AuthenticationSession implements Serializable {
public void setProcessInstanceId(String processInstanceId) {
this.processInstanceId = processInstanceId;
}
+
+ public Map<String, Object> getGenericSessionDataStorage() {
+ return genericSessionDataStorate;
+ }
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @return The session-data object or null if no data is found with this key
+ */
+ public Object getGenericDataFromSession(String key) {
+ if (MiscUtil.isNotEmpty(key)) {
+ return genericSessionDataStorate.get(key);
+
+ }
+
+ Logger.warn("Can not load generic session-data with key='null'");
+ return null;
+
+ }
+
+ /**
+ * Returns a generic session-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the session-data object
+ * @param clazz The class type which is stored with this key
+ * @return The session-data object or null if no data is found with this key
+ */
+ public <T> T getGenericDataFromSession(String key, final Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object data = genericSessionDataStorate.get(key);
+
+ if (data == null)
+ return null;
+
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) data;
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+ return null;
+
+ }
+
+ }
+
+ Logger.warn("Can not load generic session-data with key='null'");
+ return null;
+
+ }
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+ if (MiscUtil.isEmpty(key)) {
+ Logger.warn("Generic session-data can not be stored with a 'null' key");
+ throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+
+ }
+
+ if (object != null) {
+ if (!Serializable.class.isInstance(object)) {
+ Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
+ throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+
+ }
+ }
+
+ if (genericSessionDataStorate.containsKey(key))
+ Logger.debug("Overwrite generic session-data with key:" + key);
+ else
+ Logger.trace("Add generic session-data with key:" + key + " to session.");
+
+ genericSessionDataStorate.put(key, object);
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
new file mode 100644
index 000000000..f67f41dd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionStorageConstants.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionStorageConstants {
+
+ public static final String PREFIX_STORK = "stork_";
+ public static final String PREFIX_eIDAS = "eIDAS_";
+
+ public static final String STORK_ATTRIBUTELIST = PREFIX_STORK + "attributelist";
+ public static final String STORK_REQUEST = PREFIX_STORK + "request";
+ public static final String STORK_RESPONSE = PREFIX_STORK + "response";
+ public static final String STORK_CCC = PREFIX_STORK + "ccc";
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
new file mode 100644
index 000000000..203be784e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SessionDataStorageException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 5743057708136365929L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SessionDataStorageException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index e2892e70a..a5dfe7524 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -29,13 +29,13 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
+import org.apache.commons.collections4.map.HashedMap;
import org.w3c.dom.Element;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -122,9 +122,8 @@ public class AuthenticationData implements IAuthData, Serializable {
* STORK attributes from response
*/
private String ccc = null;
- private IPersonalAttributeList storkAttributes = null;
- private String storkAuthnResponse;
- private STORKAuthnRequest storkRequest = null;
+
+ private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
private byte[] signerCertificate = null;
@@ -397,23 +396,6 @@ public class AuthenticationData implements IAuthData, Serializable {
this.identityLink = identityLink;
}
-
- /**
- * @return the storkAttributes
- */
- public IPersonalAttributeList getStorkAttributes() {
- return storkAttributes;
- }
-
-
- /**
- * @param storkAttributes the storkAttributes to set
- */
- public void setStorkAttributes(IPersonalAttributeList storkAttributes) {
- this.storkAttributes = storkAttributes;
- }
-
-
/**
* @return the signerCertificate
*/
@@ -539,35 +521,6 @@ public class AuthenticationData implements IAuthData, Serializable {
}
/**
- * @param storkRequest the storkRequest to set
- */
- public void setStorkRequest(STORKAuthnRequest storkRequest) {
- this.storkRequest = storkRequest;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest()
- */
- @Override
- public STORKAuthnRequest getStorkAuthnRequest() {
- return this.storkRequest;
- }
-
- /**
- * @return the storkAuthnResponse
- */
- public String getStorkAuthnResponse() {
- return storkAuthnResponse;
- }
-
- /**
- * @param storkAuthnResponse the storkAuthnResponse to set
- */
- public void setStorkAuthnResponse(String storkAuthnResponse) {
- this.storkAuthnResponse = storkAuthnResponse;
- }
-
- /**
* @return the mandateReferenceValue
*/
public String getMandateReferenceValue() {
@@ -743,5 +696,68 @@ public class AuthenticationData implements IAuthData, Serializable {
public void setIsBusinessService(boolean flag) {
this.businessService = flag;
- }
+ }
+
+ /**
+ * Returns a generic data-object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the data object
+ * @param clazz The class type which is stored with this key
+ * @return The data object or null if no data is found with this key
+ */
+ public <T> T getGenericData(String key, final Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object data = genericDataStorate.get(key);
+
+ if (data == null)
+ return null;
+
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) data;
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+ return null;
+
+ }
+
+ }
+
+ Logger.warn("Can not load generic session-data with key='null'");
+ return null;
+
+ }
+
+ /**
+ * Store a generic data-object to session with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+ */
+ public void setGenericData(String key, Object object) throws SessionDataStorageException {
+ if (MiscUtil.isEmpty(key)) {
+ Logger.warn("Generic session-data can not be stored with a 'null' key");
+ throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+
+ }
+
+ if (object != null) {
+ if (!Serializable.class.isInstance(object)) {
+ Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+ throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+
+ }
+ }
+
+ if (genericDataStorate.containsKey(key))
+ Logger.debug("Overwrite generic data with key:" + key);
+ else
+ Logger.trace("Add generic data with key:" + key + " to session.");
+
+ genericDataStorate.put(key, object);
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 09b0d7971..915242787 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -27,9 +27,6 @@ import java.util.List;
import org.w3c.dom.Element;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
/**
@@ -89,8 +86,7 @@ public interface IAuthData {
boolean isForeigner();
String getCcc();
- STORKAuthnRequest getStorkAuthnRequest();
- String getStorkAuthnResponse();
- IPersonalAttributeList getStorkAttributes();
+
+ public <T> T getGenericData(String key, final Class<T> clazz);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index 84b791708..43a0458cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
import java.io.IOException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -47,7 +48,8 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
} else {
- String storkResponse = authData.getStorkAuthnResponse();
+ String storkResponse = authData.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_RESPONSE, String.class);
if ( MiscUtil.isEmpty(storkResponse) ) {
throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 26b3bfbd1..9c294245f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -38,9 +38,6 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.Subject;
import org.opensaml.xml.XMLObject;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.logging.Logger;
@@ -50,7 +47,7 @@ public class AssertionAttributeExtractor {
private Assertion assertion = null;
private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
- private PersonalAttributeList storkAttributes = new PersonalAttributeList();
+ //private PersonalAttributeList storkAttributes = new PersonalAttributeList();
private final List<String> minimalAttributeNameList = Arrays.asList(
PVPConstants.PRINCIPAL_NAME_NAME,
@@ -77,9 +74,9 @@ public class AssertionAttributeExtractor {
for (XMLObject el : attr.getAttributeValues())
storkAttrValues.add(el.getDOM().getTextContent());
- PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
- false, storkAttrValues , "Available");
- storkAttributes.put(attr.getName(), storkAttr );
+// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+// false, storkAttrValues , "Available");
+// storkAttributes.put(attr.getName(), storkAttr );
} else {
List<String> attrList = new ArrayList<String>();
@@ -155,9 +152,9 @@ public class AssertionAttributeExtractor {
}
- public PersonalAttributeList getSTORKAttributes() {
- return storkAttributes;
- }
+// public PersonalAttributeList getSTORKAttributes() {
+// return storkAttributes;
+// }
public String getNameID() throws AssertionAttributeExtractorExeption {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b94348856..5bdf51e7d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,7 +27,10 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -71,8 +74,11 @@ public class GetArtifactAction implements IAction {
SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
// add other stork attributes to MOA assertion if available
- if(null != authData.getStorkAttributes()) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+ IPersonalAttributeList storkAttributes = authData.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ IPersonalAttributeList.class);
+ if(null != storkAttributes) {
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes);
authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
index 939390847..ee4961d5e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
@@ -21,6 +21,7 @@ import org.apache.commons.io.IOUtils;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
@@ -113,7 +114,9 @@ public abstract class AbstractPepsConnectorWithLocalSigningTask extends Abstract
moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(personalAttributeList);
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ personalAttributeList);
// We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index e19947313..7c178d97e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -47,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -268,7 +269,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
//attributeList.add(newAttribute);
//store SignRequest for later...
- moasession.setSignedDoc(signedDoc);
+ moasession.setGenericDataToSession("STORK_signDoc", signedDoc);
acsURL = issuerValue + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
// TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"
@@ -343,7 +344,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
Logger.debug("STORK AuthnRequest successfully internally validated.");
//send
- moasession.setStorkAuthnRequest(authnRequest);
+ moasession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_REQUEST,
+ authnRequest);
// do PEPS-conform logging for easier evaluation
try {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 7b9fa3f12..f872241ae 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -142,7 +143,10 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
moaSession.setXMLVerifySignatureResponse(tmp);
executionContext.put("identityLinkAvailable", false);
try {
- IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+ IPersonalAttributeList personalAttributeList =
+ moaSession.getGenericDataFromSession(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ IPersonalAttributeList.class);
// Add SignResponse TODO Add signature (extracted from signResponse)?
List<String> values = new ArrayList<String>();
values.add(signResponseString);
@@ -151,7 +155,8 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
personalAttributeList.add(signedDocAttribute);
- String authnContextClassRef = moaSession.getAuthnContextClassRef();
+ String authnContextClassRef = moaSession.getGenericDataFromSession(
+ "STORK_authContextClass", String.class);
SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
executionContext.put("identityLinkAvailable", true);
} catch (STORKException e) {
@@ -187,8 +192,9 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
}
Logger.debug("Add full STORK AuthnResponse to MOA session");
- moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
- // authnResponse?
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ request.getParameter("SAMLResponse"));
MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 304e5f495..8240f6d00 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -2,18 +2,15 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
import iaik.x509.X509Certificate;
-import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
-import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.velocity.Template;
@@ -24,6 +21,7 @@ import org.opensaml.saml2.core.StatusCode;
import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -204,7 +202,10 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.debug("MOA session is still valid");
- STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+ STORKAuthnRequest storkAuthnRequest =
+ moaSession.getGenericDataFromSession(
+ AuthenticationSessionStorageConstants.STORK_REQUEST,
+ STORKAuthnRequest.class);
if (storkAuthnRequest == null) {
Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
@@ -263,11 +264,15 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
} else {
// store SAMLResponse
- moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ request.getParameter("SAMLResponse"));
// store authnResponse
// moaSession.setAuthnResponse(authnResponse);//not serializable
- moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ attributeList);
String authnContextClassRef = null;
try {
@@ -277,12 +282,12 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
}
- moaSession.setAuthnContextClassRef(authnContextClassRef);
- moaSession.setReturnURL(request.getRequestURL());
+ moaSession.setGenericDataToSession("STORK_authContextClass", authnContextClassRef);
+ moaSession.setGenericDataToSession("STORK_returnURL", request.getRequestURL());
// load signedDoc
- String signRequest = moaSession.getSignedDoc();
-
+ String signRequest = moaSession.getGenericDataFromSession("STORK_signDoc", String.class);
+
// session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
@@ -380,9 +385,11 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
}
Logger.debug("Add full STORK AuthnResponse to MOA session");
- moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
- // authnResponse?
-
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ request.getParameter("SAMLResponse"));
+
+
// session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index b505605ab..8322d1a02 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
import iaik.x509.X509Certificate;
-import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URL;
@@ -11,7 +10,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
-import java.util.Properties;
import javax.activation.DataSource;
import javax.servlet.http.HttpServletRequest;
@@ -39,6 +37,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -243,7 +242,10 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("MOA session is still valid");
- STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+ STORKAuthnRequest storkAuthnRequest =
+ moaSession.getGenericDataFromSession(
+ AuthenticationSessionStorageConstants.STORK_REQUEST,
+ STORKAuthnRequest.class);
if (storkAuthnRequest == null) {
Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
@@ -575,10 +577,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(attributeList);
-
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ attributeList);
+
Logger.debug("Add full STORK AuthnResponse to MOA session");
- moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+ moaSession.setGenericDataToSession(
+ AuthenticationSessionStorageConstants.STORK_RESPONSE,
+ request.getParameter("SAMLResponse"));
+
// We don't have BKUURL, setting from null to "Not applicable"
moaSession.setBkuURL("Not applicable (STORK Authentication)");
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
index 9a0598cf6..fb9172f6e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
@@ -24,8 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
@@ -43,7 +42,10 @@ public class STORKAttributHelper {
throw new UnavailableAttributeException(attributName);
} else {
- IPersonalAttributeList storkAttributes = authSession.getStorkAttributes();
+ IPersonalAttributeList storkAttributes =
+ authSession.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ IPersonalAttributeList.class);
if ( storkAttributes == null ) {
throw new UnavailableAttributeException(attributName);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 2c7e5b539..f9f38e2d5 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.data.AuthenticationRole;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -30,6 +31,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
import eu.stork.peps.auth.commons.PersonalAttributeList;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
@@ -83,12 +85,17 @@ public class MOAAttributeProvider {
public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
String storkAttribute = requestedAttribute.getName();
-
+
+ IPersonalAttributeList storkAttributes =
+ authData.getGenericData(
+ AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
+ IPersonalAttributeList.class);
+
// TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not
- if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+ if (null != authData && null != storkAttributes && storkAttributes.containsKey(requestedAttribute.getName())) {
Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
try {
- PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+ PersonalAttribute tmp = storkAttributes.get(requestedAttribute.getName());
attributeList.add((PersonalAttribute) tmp.clone());
} catch(Exception e) {
Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);