aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java221
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java682
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java470
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java556
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java56
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java28
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java12
32 files changed, 1450 insertions, 898 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index c936c4e15..aae4dd8c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -34,6 +34,65 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
*/
public interface MOAIDEventConstants extends EventConstants {
+ //move to EventConstants
+ public static final int TRANSACTION_ERROR = 1103;
+ public static final int SESSION_ERROR = 1003;
+ //auth protocol specific information
+ public static final int AUTHPROTOCOL_TYPE = 3000;
+
+ public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
+ public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
+
+ public static final int AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST = 3200;
+ public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
+
+
+ //authentication process information
+ public static final int AUTHPROCESS_START = 4000;
+ public static final int AUTHPROCESS_FINISHED = 4001;
+ public static final int AUTHPROCESS_MANDATES_REQUESTED = 4002;
+ public static final int AUTHPROCESS_STORK_REQUESTED = 4003;
+ public static final int AUTHPROCESS_SSO = 4004;
+ public static final int AUTHPROCESS_SSO_INVALID = 4005;
+ public static final int AUTHPROCESS_SSO_ASK_USER_START = 4006;
+ public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007;
+ public static final int AUTHPROCESS_INTERFEDERATION = 4008;
+ public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009;
+
+ public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110;
+ public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111;
+ public static final int AUTHPROCESS_BKU_URL = 4112;
+ public static final int AUTHPROCESS_BKU_DATAURL_IP = 4113;
+
+ public static final int AUTHPROCESS_IDL_VALIDATED = 4220;
+ public static final int AUTHPROCESS_CERTIFICATE_VALIDATED = 4221;
+ public static final int AUTHPROCESS_AUTHBLOCK_VALIDATED = 4222;
+ public static final int AUTHPROCESS_FOREIGN_FOUND = 4223;
+ public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224;
+ public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225;
+
+ public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330;
+ public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
+ public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
+
+ public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
+ public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
+
+ //person information
+ public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
+ public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001;
+ public static final int PERSONAL_INFORMATION_USERNAME_HASH = 5002;
+
+ public static final int PERSONAL_INFORMATION_MANDATE_TYPE = 5100;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE = 5101;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH = 5102;
+ public static final int PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID = 5103;
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
index 6bc6b3f81..6e09ea439 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventLog.java
@@ -22,7 +22,10 @@
*/
package at.gv.egovernment.moa.id.advancedlogging;
+import at.gv.egiz.components.eventlog.api.Event;
import at.gv.egiz.components.eventlog.api.EventLogFactory;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -30,6 +33,15 @@ import at.gv.egiz.components.eventlog.api.EventLogFactory;
*/
public class MOAIDEventLog extends EventLogFactory {
-
+ public static void logEvent(Event event) {
+ try {
+ getEventLog().logEvent(event);
+
+ } catch (EventLoggingException e) {
+ Logger.warn("Event logging FAILED!", e);
+
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index db8449fa2..1228a95a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -22,10 +22,231 @@
*/
package at.gv.egovernment.moa.id.advancedlogging;
+import java.security.MessageDigest;
+import java.util.Date;
+import java.util.List;
+
+import com.google.common.primitives.Ints;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
/**
* @author tlenz
*
*/
public class MOAReversionLogger {
+ private static MOAReversionLogger instance = null;
+
+ private static final List<Integer> defaultEventCodes = Ints.asList(
+ MOAIDEventConstants.SESSION_CREATED,
+ MOAIDEventConstants.SESSION_DESTROYED,
+ MOAIDEventConstants.SESSION_ERROR,
+ MOAIDEventConstants.SESSION_IP,
+ MOAIDEventConstants.TRANSACTION_CREATED,
+ MOAIDEventConstants.TRANSACTION_DESTROYED,
+ MOAIDEventConstants.TRANSACTION_ERROR,
+ MOAIDEventConstants.TRANSACTION_IP,
+ MOAIDEventConstants.AUTHPROTOCOL_TYPE,
+ MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+
+ MOAIDEventConstants.AUTHPROCESS_START,
+ MOAIDEventConstants.AUTHPROCESS_FINISHED,
+ MOAIDEventConstants.AUTHPROCESS_BKU_URL,
+ MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP,
+ MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
+ MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
+ MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
+ MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH
+
+ );
+
+ public static synchronized MOAReversionLogger getInstance() {
+ if (instance == null) {
+ instance = new MOAReversionLogger();
+ MOAIDEventLog.reload();
+
+ }
+
+ return instance;
+ }
+
+
+ public void logEvent(IOAAuthParameters oaConfig,
+ int eventCode, String message) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
+ }
+
+ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest,
+ int eventCode) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()));
+
+ }
+
+ public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest,
+ int eventCode, String message) {
+ List<Integer> OASpecificEventCodes = null;
+ if (oaConfig == null)
+ OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
+ else
+ OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+
+ if (OASpecificEventCodes.contains(eventCode))
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ message,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()
+ ));
+
+ }
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ public void logEvent(int eventCode, String message) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
+
+ }
+
+ /**
+ * @param sessionCreated
+ * @param uniqueSessionIdentifier
+ */
+ public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID));
+
+ }
+
+ /**
+ * @param errorRequest
+ * @param transactionError
+ */
+ public void logEvent(IRequest pendingRequest, int eventCode) {
+ MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
+ pendingRequest.getSessionIdentifier(),
+ pendingRequest.getRequestID()));
+
+ }
+
+ public void logEvent(IRequest pendingRequest, int eventCode, String message) {
+ logEvent(pendingRequest.getOnlineApplicationConfiguration(),
+ pendingRequest, eventCode, message);
+
+ }
+
+ public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) {
+ if (MiscUtil.isNotEmpty(mandate.getOWbPK()))
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK,
+ mandate.getOWbPK());
+
+ if (MiscUtil.isNotEmpty(mandate.getProfRep()))
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE,
+ mandate.getProfRep());
+
+ Mandate jaxBMandate = mandate.getMandateJaxB();
+ if (jaxBMandate != null) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE,
+ jaxBMandate.getAnnotation());
+
+ if (jaxBMandate.getMandator().getCorporateBody() != null) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ "jur");
+ try {
+ String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType()
+ + "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId();
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_BASEID,
+ jurBaseID);
+
+ } catch (Throwable e) {
+ Logger.warn("ReversionsLogger: mandator baseID logging FAILED.", e);
+
+ }
+
+ } else {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE,
+ "nat");
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH,
+ buildPersonInformationHash(
+ jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0),
+ jaxBMandate.getMandator().getPhysicalPerson().getName().getFamilyName().get(0).getValue(),
+ jaxBMandate.getMandator().getPhysicalPerson().getDateOfBirth()));
+ }
+ }
+ }
+
+ /**
+ * @param pendingReq
+ * @param identityLink
+ */
+ public void logPersonalInformationEvent(IRequest pendingReq,
+ IdentityLink identityLink) {
+ logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH,
+ buildPersonInformationHash(
+ identityLink.getGivenName(),
+ identityLink.getFamilyName(),
+ identityLink.getDateOfBirth()
+ ));
+
+ }
+
+ private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) {
+
+ // {"hash":"hashvalue","salt":"testSalt"}
+ // {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"}
+
+ String salt = "default";
+ String inputData = "{\"person\":{\"givenname\":\""
+ + givenName
+ + "\",\"familyname\":\""
+ + familyName
+ + "\",\"dateofbirth\":\""
+ + dateofBirth
+ +"\"},\"salt\":\""
+ + salt
+ +"\"}";
+
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance("SHA-256");
+ byte[] hash = md.digest(inputData.getBytes("UTF-8"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return "{\"hash\":\"" + hashBase64 + "\",\"salt\":\"" + salt + "\"}";
+
+ } catch (Throwable e) {
+ Logger.warn("ReversionsLogger: mandator personalInformationHash logging FAILED.", e);
+ return null;
+
+ }
+
+ }
+
+ public List<Integer> getDefaulttReversionsLoggingEventCodes() {
+ return defaultEventCodes;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index eab7c511e..3e40ca246 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -46,6 +46,8 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
@@ -89,6 +91,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -297,8 +300,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
-
-
+
//TODO: cleanup before MOA-ID 2.1 release
try {
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
@@ -338,7 +340,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* link results in an Exception being thrown.
* @throws BKUException
*/
- public String verifyIdentityLink(AuthenticationSession session,
+ public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session,
Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
@@ -408,10 +410,13 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
-
+
//Removed in MOA-ID 2.0
//verifyInfoboxes(session, infoboxReadResponseParameters, false);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+
return "found!";
}
@@ -484,6 +489,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -684,13 +690,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Verifies signature by calling the MOA SP component</li>
* <li>Returns the signer certificate</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param readInfoboxResponseParameters The parameters from the response returned from the BKU
* including the <code>&lt;ReadInfoboxResponse&gt;</code>
* @throws BKUException
*/
- public X509Certificate getCertificate(String sessionID,
+ public X509Certificate getCertificate(IRequest pendingReq, String sessionID,
Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, BKUException {
@@ -711,6 +718,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
xmlReadInfoboxResponse);
X509Certificate cert = p.parseCertificate();
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
+
return cert;
}
@@ -1102,6 +1112,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <li>Deletes authentication session</li>
* <li><strike>Returns the SAML artifact, encoded BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID session ID of the running authentication session
* @param xmlCreateXMLSignatureReadResponse String representation of the
@@ -1110,7 +1121,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* BASE64</strike><br/>New id of the authenticated MOA session or {@code null} in case of mandate mode (???)
* @throws BKUException
*/
- public String verifyAuthenticationBlock(AuthenticationSession session,
+ public String verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException, BKUException {
@@ -1273,6 +1284,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
vsresp.setX509certificate(null);
session.setForeigner(false);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+
+ MOAReversionLogger.getInstance().logPersonalInformationEvent(pendingReq, session.getIdentityLink()
+ );
+
if (session.getUseMandate()) {
// mandate mode
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index 77f2cabc4..183467d87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -8,8 +8,11 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -20,6 +23,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -75,6 +80,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
try {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
AuthenticationSessionStoreage.changeSessionID(moasession);
executionContext.remove(PARAM_SESSIONID);
@@ -90,6 +96,15 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
String getIdentityLinkForm = startauth.build(moasession, req, resp);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
+ if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
+
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 6bf68e2eb..8f1cd8cfe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -15,6 +15,8 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -29,7 +31,9 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -99,6 +103,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
// change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -118,7 +127,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
}
-
+
Element signature = csresp.getDsigSignature();
try {
@@ -128,6 +137,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
throw new MOAIDException("auth.14", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+
// make SZR request to the identity link
CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
@@ -159,6 +171,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
// TODO[branch]: Final step back to /dispatcher
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+
try {
AuthenticationSessionStoreage.storeSession(session);
} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 4ff5672bd..f4c09dbab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -14,6 +14,8 @@ import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringEscapeUtils;
import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -25,7 +27,9 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -84,6 +88,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
@@ -105,6 +112,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
throw new AuthenticationException("auth.15", null);
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
+
+
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
@@ -130,6 +141,9 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
session.setAuthenticatedUsed(false);
session.setAuthenticated(true);
+ //log mandate specific set of events
+ MOAReversionLogger.getInstance().logMandateEventSet(pendingReq, mandate);
+
//set QAA Level four in case of card authentifcation
session.setQAALevel(PVPConstants.STORK_QAA_1_4);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 64dcb0f41..6f538cd90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -17,6 +17,8 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -31,7 +33,9 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -114,10 +118,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+ String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(pendingReq, session, createXMLSignatureResponse);
if (authenticatedMOASessionId == null) {
//mandate Mode
@@ -173,6 +182,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
}
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
+
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
connectionParameters.getUrl(),
idl,
@@ -201,6 +213,9 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
+
resp.setStatus(302);
resp.addHeader("Location", redirectMISGUI);
Logger.debug("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 607641532..26c10399d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -12,6 +12,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -22,6 +24,8 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -86,10 +90,15 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
session = AuthenticationServer.getSession(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
//change MOASessionID
sessionID = AuthenticationSessionStoreage.changeSessionID(session);
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+ X509Certificate cert = AuthenticationServer.getInstance().getCertificate(pendingReq, sessionID, parameters);
if (cert == null) {
Logger.error("Certificate could not be read.");
throw new AuthenticationException("auth.14", null);
@@ -113,8 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
else {
-
-
+
String countrycode = CertificateUtils.getIssuerCountry(cert);
if (countrycode != null) {
if (countrycode.compareToIgnoreCase("AT") == 0) {
@@ -124,6 +132,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
// Foreign Identities Modus
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
+
String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 44557453a..821bb572a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -10,6 +10,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -18,6 +20,8 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -77,7 +81,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
}
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+
+ boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(pendingReq, session, parameters) != null;
AuthenticationSessionStoreage.storeSession(session);
executionContext.put("identityLinkAvailable", identityLinkAvailable);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index ad4776a45..bf56acfe1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -105,16 +107,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
else {
-
+
//get Target from config or from request in case of SAML 1
String target = null;
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
+
if (MiscUtil.isNotEmpty(pendingReq.getTarget()) &&
pendingReq.requestedModule().equals(SAML1Protocol.PATH))
target = pendingReq.getTarget();
else
target = oaParam.getTarget();
-
+
String bkuURL = oaParam.getBKUURL(bkuid);
if (MiscUtil.isEmpty(bkuURL)) {
Logger.info("No OA specific BKU defined. Use BKU from default configuration");
@@ -161,6 +167,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
ec.put("ccc", moasession.getCcc());
ec.put("useMandate", moasession.getUseMandate());
ec.put("bkuURL", moasession.getBkuURL());
+ ec.put("pendingRequestID", pendingRequestID);
// select and create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index a8fe71485..fa44296fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -1,342 +1,342 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import iaik.pki.PKIException;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.List;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-/**
- * Servlet requested for verifying the signed authentication block
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @deprecated Use {@link VerifyAuthenticationBlockTask} instead.
- */
-public class VerifyAuthenticationBlockServlet extends AuthServlet {
-
-
- /**
- *
- */
- private static final long serialVersionUID = -2409629495345900542L;
-
-/**
- * Constructor for VerifyAuthenticationBlockServlet.
- */
- public VerifyAuthenticationBlockServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- //doPost(req, resp);
-
- Logger.debug("GET VerifyAuthenticationBlock");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- }
-
- /**
- * Verifies the signed authentication block and redirects the browser
- * to the online application requested, adding a parameter needed for
- * retrieving the authentication data.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * </ul>
- * Response:
- * <ul>
- * <li>Status: <code>302</code></li>
- * <li>Header <code>"Location"</code>: URL of the online application requested, with
- * parameters <code>"Target"</code>(only if the online application is
- * a public service) and <code>"SAMLArtifact"</code> added</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see AuthenticationServer#verifyAuthenticationBlock
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyAuthenticationBlock");
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String pendingRequestID = null;
-
- Map<String, String> parameters;
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
-
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
- String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- String redirectURL = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
- if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
- throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
-
-
-
- if (samlArtifactBase64 == null) {
- //mandate Mode
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- // get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
- String s = DOMUtils.serializeNode(elem);
-
- //System.out.println("IDL: " + s);
-
- byte[] idl = s.getBytes("UTF-8");
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
-
- //change MOASessionID before MIS request
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- redirectURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- GET_MIS_SESSIONID,
- newMOASessionID);
-
- String oaURL = session.getOAURLRequested();
- OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
- List<String> profiles = oaParam.getMandateProfiles();
-
- if (profiles == null) {
- Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
- }
-
-// String profilesArray[] = profiles.split(",");
-// for(int i = 0; i < profilesArray.length; i++) {
-// profilesArray[i] = profilesArray[i].trim();
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import iaik.pki.PKIException;
+//
+//import java.io.IOException;
+//import java.security.GeneralSecurityException;
+//import java.util.List;
+//import java.util.Map;
+//
+//import javax.net.ssl.SSLSocketFactory;
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//import javax.xml.transform.TransformerException;
+//
+//import org.apache.commons.fileupload.FileUploadException;
+//import org.apache.commons.lang.StringEscapeUtils;
+//import org.w3c.dom.Element;
+//
+//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask;
+//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.config.ConnectionParameter;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+//import at.gv.egovernment.moa.id.moduls.ModulUtils;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+//import at.gv.egovernment.moa.id.util.SSLUtils;
+//import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+//import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.DOMUtils;
+//
+///**
+// * Servlet requested for verifying the signed authentication block
+// * provided by the security layer implementation.
+// * Utilizes the {@link AuthenticationServer}.
+// *
+// * @author Paul Ivancsics
+// * @version $Id$
+// * @deprecated Use {@link VerifyAuthenticationBlockTask} instead.
+// */
+//public class VerifyAuthenticationBlockServlet extends AuthServlet {
+//
+//
+// /**
+// *
+// */
+// private static final long serialVersionUID = -2409629495345900542L;
+//
+///**
+// * Constructor for VerifyAuthenticationBlockServlet.
+// */
+// public VerifyAuthenticationBlockServlet() {
+// super();
+// }
+//
+// /**
+// * GET requested by security layer implementation to verify
+// * that data URL resource is available.
+// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// //doPost(req, resp);
+//
+// Logger.debug("GET VerifyAuthenticationBlock");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// }
+//
+// /**
+// * Verifies the signed authentication block and redirects the browser
+// * to the online application requested, adding a parameter needed for
+// * retrieving the authentication data.
+// * <br>
+// * Request parameters:
+// * <ul>
+// * <li>MOASessionID: ID of associated authentication session</li>
+// * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+// * </ul>
+// * Response:
+// * <ul>
+// * <li>Status: <code>302</code></li>
+// * <li>Header <code>"Location"</code>: URL of the online application requested, with
+// * parameters <code>"Target"</code>(only if the online application is
+// * a public service) and <code>"SAMLArtifact"</code> added</li>
+// * <li>Error status: <code>500</code>
+// * </ul>
+// * @see AuthenticationServer#verifyAuthenticationBlock
+// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// Logger.debug("POST VerifyAuthenticationBlock");
+//
+// Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// String pendingRequestID = null;
+//
+// Map<String, String> parameters;
+// try
+// {
+// parameters = getParameters(req);
+// } catch (FileUploadException e)
+// {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+//
+// }
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+// String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+//
+// String redirectURL = null;
+// try {
+// // check parameter
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+// if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
+//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+//
+// //change MOASessionID
+// sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+//
+// String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+//
+//
+//
+// if (samlArtifactBase64 == null) {
+// //mandate Mode
+//
+// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+//
+// // get identitity link as byte[]
+// Element elem = session.getIdentityLink().getSamlAssertion();
+// String s = DOMUtils.serializeNode(elem);
+//
+// //System.out.println("IDL: " + s);
+//
+// byte[] idl = s.getBytes("UTF-8");
+//
+// // redirect url
+// // build redirect(to the GetMISSessionIdSerlvet)
+//
+// //change MOASessionID before MIS request
+// String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+//
+// redirectURL =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// GET_MIS_SESSIONID,
+// newMOASessionID);
+//
+// String oaURL = session.getOAURLRequested();
+// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+// List<String> profiles = oaParam.getMandateProfiles();
+//
+// if (profiles == null) {
+// Logger.error("No Mandate/Profile for OA configured.");
+// throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
// }
-
- String oaFriendlyName = oaParam.getFriendlyName();
- String mandateReferenceValue = session.getMandateReferenceValue();
- byte[] cert = session.getEncodedSignerCertificate();
- byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
-
- //TODO: check in case of SSO!!!
- String targetType = null;
- if(oaParam.getBusinessService()) {
- String id = oaParam.getIdentityLinkDomainIdentifier();
- if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
- targetType = id;
- else
- targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
-
- } else {
- targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
- }
-
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
- connectionParameters.getUrl(),
- idl,
- cert,
- oaFriendlyName,
- redirectURL,
- mandateReferenceValue,
- profiles,
- targetType,
- authBlock,
- sslFactory);
-
- if (misSessionID == null) {
- Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
- throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
- }
-
- String redirectMISGUI = misSessionID.getRedirectURL();
- session.setMISSessionID(misSessionID.getSessiondId());
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
-
- resp.setStatus(302);
- resp.addHeader("Location", redirectMISGUI);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
- else {
-
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
-
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);*/
-
-
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
-
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- }
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- }
-
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (GeneralSecurityException e) {
- handleError(null, e, req, resp, pendingRequestID);
-
- } catch (PKIException e) {
- handleError(null, e, req, resp, pendingRequestID);
-
- } catch (TransformerException e) {
- handleError(null, e, req, resp, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("AuthBlockValidation has an interal Error.", e);
- }
-
-
- finally {
- ConfigurationDBUtils.closeSession();
- }
-
- }
-
-}
+//
+//// String profilesArray[] = profiles.split(",");
+//// for(int i = 0; i < profilesArray.length; i++) {
+//// profilesArray[i] = profilesArray[i].trim();
+//// }
+//
+// String oaFriendlyName = oaParam.getFriendlyName();
+// String mandateReferenceValue = session.getMandateReferenceValue();
+// byte[] cert = session.getEncodedSignerCertificate();
+// byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
+//
+// //TODO: check in case of SSO!!!
+// String targetType = null;
+// if(oaParam.getBusinessService()) {
+// String id = oaParam.getIdentityLinkDomainIdentifier();
+// if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+// targetType = id;
+// else
+// targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+//
+// } else {
+// targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+// }
+//
+// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+// connectionParameters.getUrl(),
+// idl,
+// cert,
+// oaFriendlyName,
+// redirectURL,
+// mandateReferenceValue,
+// profiles,
+// targetType,
+// authBlock,
+// sslFactory);
+//
+// if (misSessionID == null) {
+// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+// }
+//
+// String redirectMISGUI = misSessionID.getRedirectURL();
+// session.setMISSessionID(misSessionID.getSessiondId());
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+// } catch (MOADatabaseException e) {
+// throw new MOAIDException("Session store error", null);
+// }
+//
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectMISGUI);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// }
+// else {
+//
+// if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+// /*redirectURL = session.getOAURLRequested();
+// if (!session.getBusinessService()) {
+// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+//
+// }
+// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+// redirectURL = resp.encodeRedirectURL(redirectURL);*/
+//
+//
+// redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+// ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
+//
+// } else {
+// redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// }
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// }
+//
+// }
+//
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp, pendingRequestID);
+//
+// } catch (GeneralSecurityException e) {
+// handleError(null, e, req, resp, pendingRequestID);
+//
+// } catch (PKIException e) {
+// handleError(null, e, req, resp, pendingRequestID);
+//
+// } catch (TransformerException e) {
+// handleError(null, e, req, resp, pendingRequestID);
+//
+// } catch (Exception e) {
+// Logger.error("AuthBlockValidation has an interal Error.", e);
+// }
+//
+//
+// finally {
+// ConfigurationDBUtils.closeSession();
+// }
+//
+// }
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 2aa717a65..574452163 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -1,235 +1,235 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.util.CertificateUtils;
-
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- * @deprecated Use {@link VerifyCertificateTask} instead.
- *
- */
-public class VerifyCertificateServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -4110159749768152538L;
-
-/**
- * Constructor for VerifyCertificateServlet.
- */
- public VerifyCertificateServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET VerifyCertificateServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyCertificateServlet");
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- String pendingRequestID = null;
-
- Map<String, String> parameters;
- try
- {
- parameters = getParameters(req);
- } catch (FileUploadException e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
- if (cert == null) {
- Logger.error("Certificate could not be read.");
- throw new AuthenticationException("auth.14", null);
- }
-
- boolean useMandate = session.getUseMandate();
-
-
- if (useMandate) {
-
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
-
- }
- else {
-
-
- String countrycode = CertificateUtils.getIssuerCountry(cert);
- if (countrycode != null) {
- if (countrycode.compareToIgnoreCase("AT") == 0) {
- Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
- throw new AuthenticationException("auth.22", null);
- }
- }
-
- // Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
- // build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_GET_FOREIGN_ID,
- session.getSessionID());
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
-
- ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-
- Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("CertificateValidation has an interal Error.", e);
- }
-
-
- finally {
- ConfigurationDBUtils.closeSession();
- }
- }
-
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import iaik.x509.X509Certificate;
+//
+//import java.io.IOException;
+//import java.util.Map;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.fileupload.FileUploadException;
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
+//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+//import at.gv.egovernment.moa.id.util.ServletUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.spss.util.CertificateUtils;
+//
+///**
+// * Servlet requested for getting the foreign eID
+// * provided by the security layer implementation.
+// * Utilizes the {@link AuthenticationServer}.
+// * @deprecated Use {@link VerifyCertificateTask} instead.
+// *
+// */
+//public class VerifyCertificateServlet extends AuthServlet {
+//
+// /**
+// *
+// */
+// private static final long serialVersionUID = -4110159749768152538L;
+//
+///**
+// * Constructor for VerifyCertificateServlet.
+// */
+// public VerifyCertificateServlet() {
+// super();
+// }
+//
+// /**
+// * GET requested by security layer implementation to verify
+// * that data URL resource is available.
+// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// Logger.debug("GET VerifyCertificateServlet");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+// }
+//
+// /**
+// * Gets the signer certificate from the InfoboxReadRequest and
+// * responds with a new
+// * <code>CreateXMLSignatureRequest</code>.
+// * <br>
+// * Request parameters:
+// * <ul>
+// * <li>MOASessionID: ID of associated authentication session</li>
+// * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+// * </ul>
+// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// Logger.debug("POST VerifyCertificateServlet");
+//
+// Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// String pendingRequestID = null;
+//
+// Map<String, String> parameters;
+// try
+// {
+// parameters = getParameters(req);
+// } catch (FileUploadException e)
+// {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+//
+// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+//
+// AuthenticationSession session = null;
+// try {
+// // check parameter
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+//
+// session = AuthenticationServer.getSession(sessionID);
+//
+// //change MOASessionID
+// sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+//
+// X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+// if (cert == null) {
+// Logger.error("Certificate could not be read.");
+// throw new AuthenticationException("auth.14", null);
+// }
+//
+// boolean useMandate = session.getUseMandate();
+//
+//
+// if (useMandate) {
+//
+// // verify certificate for OrganWalter
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+// } catch (MOADatabaseException e) {
+// throw new MOAIDException("session store error", null);
+// }
+//
+// ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+//
+// }
+// else {
+//
+//
+// String countrycode = CertificateUtils.getIssuerCountry(cert);
+// if (countrycode != null) {
+// if (countrycode.compareToIgnoreCase("AT") == 0) {
+// Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+// throw new AuthenticationException("auth.22", null);
+// }
+// }
+//
+// // Foreign Identities Modus
+// String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
+// // build dataurl (to the GetForeignIDSerlvet)
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_GET_FOREIGN_ID,
+// session.getSessionID());
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+// } catch (MOADatabaseException e) {
+// throw new MOAIDException("session store error", null);
+// }
+//
+// ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+//
+// Logger.debug("Send CreateXMLSignatureRequest to BKU");
+// }
+// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp, pendingRequestID);
+//
+// } catch (Exception e) {
+// Logger.error("CertificateValidation has an interal Error.", e);
+// }
+//
+//
+// finally {
+// ConfigurationDBUtils.closeSession();
+// }
+// }
+//
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index b8e57ed43..75559534b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -1,278 +1,278 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for verifying the identity link
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @deprecated Use {@link VerifyIdentityLinkTask} instead.
- */
-public class VerifyIdentityLinkServlet extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -7074476974026049958L;
-
-/**
- * Constructor for VerifyIdentityLinkServlet.
- */
- public VerifyIdentityLinkServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("GET VerifyIdentityLink");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Verifies the identity link and responds with a new
- * <code>CreateXMLSignatureRequest</code> or a new <code>
- * InfoboxReadRequest</code> (in case of a foreign eID card).
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
- * </ul>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/xml"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST VerifyIdentityLink");
-
- Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
-
- Map<String, String> parameters;
- String pendingRequestID = null;
-
- try
- {
- parameters = getParameters(req);
-
- } catch (Exception e)
- {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
-
-
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
- //change MOASessionID
- sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
-
- Logger.debug(createXMLSignatureRequestOrRedirect);
-
-
- if (createXMLSignatureRequestOrRedirect == null) {
- // no identity link found
-
- boolean useMandate = session.getUseMandate();
- if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
- }
-
- try {
-
- Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-
- // create the InfoboxReadRequest to get the certificate
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
- // build dataurl (to the VerifyCertificateSerlvet)
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
-
-
- ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-
-
- }
- catch(Exception e) {
- handleError(null, e, req, resp, pendingRequestID);
- }
-
- }
- else {
- boolean useMandate = session.getUseMandate();
-
- if (useMandate) { // Mandate modus
- // read certificate and set dataurl to
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-
-
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
- // build dataurl (to the GetForeignIDSerlvet)
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
-
- //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
- //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-
- }
- else {
- Logger.info("Normal");
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
-
- createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam);
-
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
- }
- }
-
- try {
- AuthenticationSessionStoreage.storeSession(session);
-
- } catch (MOADatabaseException e) {
- Logger.info("No valid MOA session found. Authentification process is abourted.");
- throw new AuthenticationException("auth.20", null);
- }
- }
- catch (ParseException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (Exception e) {
- Logger.error("IdentityLinkValidation has an interal Error.", e);
- }
-
- finally {
- ConfigurationDBUtils.closeSession();
- }
- }
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//import java.util.Map;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+//import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.ParseException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask;
+//import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+//import at.gv.egovernment.moa.id.util.ServletUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//
+///**
+// * Servlet requested for verifying the identity link
+// * provided by the security layer implementation.
+// * Utilizes the {@link AuthenticationServer}.
+// *
+// * @author Paul Ivancsics
+// * @version $Id$
+// * @deprecated Use {@link VerifyIdentityLinkTask} instead.
+// */
+//public class VerifyIdentityLinkServlet extends AuthServlet {
+//
+// /**
+// *
+// */
+// private static final long serialVersionUID = -7074476974026049958L;
+//
+///**
+// * Constructor for VerifyIdentityLinkServlet.
+// */
+// public VerifyIdentityLinkServlet() {
+// super();
+// }
+//
+// /**
+// * GET requested by security layer implementation to verify
+// * that data URL resource is available.
+// * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// Logger.debug("GET VerifyIdentityLink");
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+// }
+//
+// /**
+// * Verifies the identity link and responds with a new
+// * <code>CreateXMLSignatureRequest</code> or a new <code>
+// * InfoboxReadRequest</code> (in case of a foreign eID card).
+// * <br>
+// * Request parameters:
+// * <ul>
+// * <li>MOASessionID: ID of associated authentication session</li>
+// * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+// * </ul>
+// * Response:
+// * <ul>
+// * <li>Content type: <code>"text/xml"</code></li>
+// * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+// * <li>Error status: <code>500</code>
+// * </ul>
+// * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+// */
+// protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// Logger.debug("POST VerifyIdentityLink");
+//
+// Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+//
+// Map<String, String> parameters;
+// String pendingRequestID = null;
+//
+// try
+// {
+// parameters = getParameters(req);
+//
+// } catch (Exception e)
+// {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// }
+// String sessionID = req.getParameter(PARAM_SESSIONID);
+//
+// // escape parameter strings
+// sessionID = StringEscapeUtils.escapeHtml(sessionID);
+//
+// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+//
+// try {
+// // check parameter
+// if (!ParamValidatorUtils.isValidSessionID(sessionID))
+// throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+//
+//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+//
+// //change MOASessionID
+// sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+//
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
+//
+// Logger.debug(createXMLSignatureRequestOrRedirect);
+//
+//
+// if (createXMLSignatureRequestOrRedirect == null) {
+// // no identity link found
+//
+// boolean useMandate = session.getUseMandate();
+// if (useMandate) {
+// Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+// throw new AuthenticationException("auth.13", null);
+// }
+//
+// try {
+//
+// Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+//
+// // create the InfoboxReadRequest to get the certificate
+// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+//
+// // build dataurl (to the VerifyCertificateSerlvet)
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
+//
+//
+// ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//
+//
+// }
+// catch(Exception e) {
+// handleError(null, e, req, resp, pendingRequestID);
+// }
+//
+// }
+// else {
+// boolean useMandate = session.getUseMandate();
+//
+// if (useMandate) { // Mandate modus
+// // read certificate and set dataurl to
+// Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+//
+//
+// String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+//
+// // build dataurl (to the GetForeignIDSerlvet)
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
+//
+// //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+// //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//
+// Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+// ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//
+// }
+// else {
+// Logger.info("Normal");
+//
+// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+// AuthConfigurationProvider authConf = AuthConfigurationProvider
+// .getInstance();
+//
+// createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
+// .getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+// authConf, oaParam);
+//
+// ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+// }
+// }
+//
+// try {
+// AuthenticationSessionStoreage.storeSession(session);
+//
+// } catch (MOADatabaseException e) {
+// Logger.info("No valid MOA session found. Authentification process is abourted.");
+// throw new AuthenticationException("auth.20", null);
+// }
+// }
+// catch (ParseException ex) {
+// handleError(null, ex, req, resp, pendingRequestID);
+//
+// } catch (MOAIDException ex) {
+// handleError(null, ex, req, resp, pendingRequestID);
+//
+// } catch (Exception e) {
+// Logger.error("IdentityLinkValidation has an interal Error.", e);
+// }
+//
+// finally {
+// ConfigurationDBUtils.closeSession();
+// }
+// }
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index a2e8bab9b..e9019ded4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -36,6 +36,8 @@
package at.gv.egovernment.moa.id.config;
+import java.io.Serializable;
+
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
@@ -45,8 +47,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
*
* @author Harald Bratko
*/
-public class OAParameter {
+public class OAParameter implements Serializable {
+ private static final long serialVersionUID = 1L;
+
public OAParameter() { }
public OAParameter(OnlineApplication oa) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index c336eb316..56cd36dcd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -165,4 +165,6 @@ public interface IOAAuthParameters {
*/
boolean isPerformLocalAuthenticationOnInterfederationError();
+ public List<Integer> getReversionsLoggingEventCodes();
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 933dddb31..451dedc31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -55,6 +55,7 @@ import java.util.Map;
import org.apache.commons.lang.SerializationUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
@@ -630,4 +631,14 @@ public PrivateKey getBPKDecBpkDecryptionKey() {
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+@Override
+public List<Integer> getReversionsLoggingEventCodes() {
+ // TODO !!!!!
+ return MOAReversionLogger.getInstance().getDefaulttReversionsLoggingEventCodes();
+}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index e576522bf..928515758 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -398,4 +398,13 @@ public class DynamicOAAuthParameters extends OAParameter implements IOAAuthParam
// TODO Auto-generated method stub
return false;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+ @Override
+ public List<Integer> getReversionsLoggingEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index fa564d046..6893a794a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -30,6 +30,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
@@ -130,7 +132,8 @@ public class DispatcherServlet extends AuthServlet{
}
if (errorRequest != null) {
- RequestStorage.removePendingRequest(pendingRequestID);
+ RequestStorage.removePendingRequest(pendingRequestID);
+ MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR);
try {
IModulInfo handlingModule = ModulStorage
@@ -271,18 +274,22 @@ public class DispatcherServlet extends AuthServlet{
return;
}
} else {
- try {
- //set transactionID to Logger
- protocolRequestID = Random.nextRandom();
-
+ try {
//load unique session identifier with SSO-sessionID
uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
if (MiscUtil.isEmpty(uniqueSessionIdentifier))
uniqueSessionIdentifier = Random.nextRandom();
-
- TransactionIDUtils.setTransactionId(protocolRequestID);
TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
-
+
+ //set transactionID to Logger
+ protocolRequestID = Random.nextRandom();
+ TransactionIDUtils.setTransactionId(protocolRequestID);
+
+ //log information for security and process reversion
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier);
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);
+ MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.SESSION_IP, req.getRemoteAddr());
+
protocolRequest = info.preProcess(req, resp, action);
//request is a valid interfederation response
@@ -396,8 +403,7 @@ public class DispatcherServlet extends AuthServlet{
boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
- if (needAuthentication) {
-
+ if (needAuthentication) {
//check if interfederation IDP is requested
ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
@@ -409,6 +415,9 @@ public class DispatcherServlet extends AuthServlet{
Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+ MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+ protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
+
AuthenticationSessionStoreage.destroySession(correspondingMOASession);
ssomanager.deleteSSOSessionID(req, resp);
}
@@ -439,6 +448,10 @@ public class DispatcherServlet extends AuthServlet{
boolean tryperform = authmanager.tryPerformAuthentication(
req, resp);
+ if (tryperform)
+ MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+ protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+
if (protocolRequest.forceAuth()) {
if (!tryperform) {
authmanager.doAuthentication(req, resp,
@@ -448,12 +461,15 @@ public class DispatcherServlet extends AuthServlet{
} else if (protocolRequest.isPassiv()) {
if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
// Passive authentication ok!
+ // Is authenticated .. proceed
+
} else {
throw new NoPassivAuthenticationException();
}
} else {
if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
- // Is authenticated .. proceed
+ // Is authenticated .. proceed
+
} else {
// Start authentication!
authmanager.doAuthentication(req, resp,
@@ -463,10 +479,12 @@ public class DispatcherServlet extends AuthServlet{
}
if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
- {
-
+ {
if (useSSOOA && isValidSSOSession) {
-
+
+ MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+ protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO);
+
moasessionID = ssomanager.getMOASession(ssoId);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
@@ -531,6 +549,7 @@ public class DispatcherServlet extends AuthServlet{
} else {
authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
+
}
//Advanced statistic logging
@@ -550,6 +569,10 @@ public class DispatcherServlet extends AuthServlet{
}
+ //log transaction_destroy to reversionslog
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID);
+
+
} catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
@@ -560,13 +583,14 @@ public class DispatcherServlet extends AuthServlet{
handleErrorNoRedirect(e.getMessage(), e, req,
resp);
}
-
+
finally {
ConfigurationDBUtils.closeSession();
Logger.trace("Clossing Dispatcher processing loop");
TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
+ TransactionIDUtils.removeSessionId();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index cbfdfc36b..d3e9b5120 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -148,7 +151,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticatedUsed(true);
AuthenticationSessionStoreage.storeSession(authSession);
-
+
return true; // got authenticated
}
}
@@ -335,6 +338,10 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticated(false);
//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
AuthenticationSessionStoreage.destroySession(moaSessionID);
@@ -351,13 +358,17 @@ public class AuthenticationManager implements MOAIDAuthConstants {
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
- Logger.info("Starting authentication ...");
+ Logger.info("Starting authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_START);
if (MiscUtil.isEmpty(target.getRequestedIDP())) {
perfomLocalAuthentication(request, response, target);
} else {
Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
buildPVP21AuthenticationRequest(request, response, target);
}
@@ -370,7 +381,10 @@ public class AuthenticationManager implements MOAIDAuthConstants {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
target.requestedAction(), target.getRequestID(), oaParam,
AuthConfigurationProvider.getInstance().getPublicURLPrefix());
-
+
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
out.print(form);
@@ -592,6 +606,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
executionContext.put("useMandate", moasession.getUseMandate());
executionContext.put("bkuURL", moasession.getBkuURL());
executionContext.put(PARAM_SESSIONID, moasession.getSessionID());
+ executionContext.put("pendingRequestID", target.getRequestID());
// create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
@@ -620,6 +635,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {
processEngine.start(processInstanceId);
} else {
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+
//load Parameters from OnlineApplicationConfiguration
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(target.getOAURL());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 7fe933695..8f3ed9fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
public interface IRequest {
@@ -45,6 +46,7 @@ public interface IRequest {
public String getRequestedIDP();
public MOAResponse getInterfederationResponse();
public List<Attribute> getRequestedAttributes();
+ public IOAAuthParameters getOnlineApplicationConfiguration();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 77256c897..26fb7bd29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -27,6 +27,7 @@ import java.util.List;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
public abstract class RequestImpl implements IRequest, Serializable{
@@ -42,6 +43,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String target = null;
private String requestID;
private String sessionIdentifier;
+ private IOAAuthParameters OAConfiguration = null;
//MOA-ID interfederation
private String requestedIDP = null;
@@ -158,4 +160,13 @@ public abstract class RequestImpl implements IRequest, Serializable{
}
+ public IOAAuthParameters getOnlineApplicationConfiguration() {
+ return this.OAConfiguration;
+
+ }
+
+ public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) {
+ this.OAConfiguration = oaConfig;
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 4c70ce995..562113920 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,6 +30,8 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -61,8 +63,10 @@ class OAuth20AuthAction implements IAction {
OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
String responseType = oAuthRequest.getResponseType();
- String code = Random.nextRandom();
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
+ String code = Random.nextRandom();
+
try {
String accessToken = UUID.randomUUID().toString();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index c47e366a1..5a4655b42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -152,13 +152,15 @@ class OAuth20AuthRequest extends OAuth20BaseRequest {
// check if client id and redirect uri are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL())
- .getoAuth20Config();
+ OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL());
+ OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config();
if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())
|| !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) {
throw new OAuth20AccessDeniedException();
}
+
+ this.setOnlineApplicationConfiguration(oaConfig);
}
catch (ConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 944da38d0..2238a25e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -51,6 +53,8 @@ class OAuth20TokenAction implements IAction {
try {
OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+
try {
Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 3c90a5773..50240b37b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -31,6 +31,7 @@ import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -121,8 +122,8 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
// check if client id and secret are ok
try {
// OAOAUTH20 cannot be null at this point. check was done in base request
- OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL())
- .getoAuth20Config();
+ OAAuthParameter oaConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL());
+ OAOAUTH20 oAuthConfig = oaConfig.getoAuth20Config();
if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) {
throw new OAuth20AccessDeniedException();
@@ -132,6 +133,8 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
throw new OAuth20AccessDeniedException();
}
+ this.setOnlineApplicationConfiguration(oaConfig);
+
}
catch (ConfigurationException e) {
throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 0a8a6a581..1b187d82e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -64,6 +64,8 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -85,6 +87,8 @@ public class MetadataAction implements IAction {
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
+ MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
+
EntitiesDescriptor idpEntitiesDescriptor =
SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 045db3f45..fbbc4b817 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,6 +57,8 @@ import org.opensaml.xml.signature.SignableXMLObject;
import java.util.Arrays;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
@@ -253,12 +255,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
if (obj instanceof RequestImpl) {
RequestImpl iReqSP = (RequestImpl) obj;
+
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
if ( processedMsg != null ) {
iReqSP.setInterfederationResponse(processedMsg);
+ MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+
Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
+ ". Switch to original transaction with ID " + iReqSP.getRequestID());
TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
@@ -467,11 +473,15 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String oaURL = metadata.getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- config.setOAURL(oaURL);
- config.setBinding(msg.getRequestBinding());
+ config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
+ config.setBinding(msg.getRequestBinding());
+
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
} else if (inMsg instanceof MOAResponse &&
@@ -546,8 +556,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setRequest(moaRequest);
config.setOAURL(moaRequest.getEntityID());
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+
return config;
}
@@ -634,11 +647,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
String oaURL = moaRequest.getEntityMetadata().getEntityID();
oaURL = StringEscapeUtils.escapeHtml(oaURL);
+ OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
PVPTargetConfiguration config = new PVPTargetConfiguration();
config.setOAURL(oaURL);
+ config.setOnlineApplicationConfiguration(oa);
config.setBinding(consumerService.getBinding());
config.setRequest(moaRequest);
config.setConsumerURL(consumerService.getLocation());
@@ -646,7 +661,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
//parse AuthRequest
config.setPassiv(authReq.isPassive());
config.setForce(authReq.isForceAuthn());
-
+
+ MOAReversionLogger.getInstance().logEvent(config, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+
return config;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 9934c339d..4c30a1148 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -155,8 +155,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
throw new InvalidProtocolRequestException("auth.00",
new Object[] { null });
}
-
+ config.setOnlineApplicationConfiguration(oaParam);
config.setSourceID(sourceID);
+
if (MiscUtil.isNotEmpty(target))
config.setTarget(target);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 57531992d..1ef08464f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -192,6 +192,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
throw new AuthenticationException("stork.12", new Object[]{STORK2Request.getOAURL()});
else {
+ STORK2Request.setOnlineApplicationConfiguration(oaParam);
if (oaParam.isSTORKPVPGateway()) {
if (MiscUtil.isNotEmpty(oaParam.getSTORKPVPForwardEntity())) {
Logger.info("Received request for STORK->PVP gateway. " +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 1edb8d1f3..8e42f0df7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -48,6 +48,12 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
import java.io.Serializable;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class MISMandate implements Serializable{
@@ -91,6 +97,28 @@ public class MISMandate implements Serializable{
public byte[] getMandate() {
return mandate;
}
+
+ public Element getMandateDOM() {
+ try {
+ byte[] byteMandate = mandate;
+ String stringMandate = new String(byteMandate);
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+
+ }
+ catch (Throwable e) {
+ Logger.warn("Mandate content could not be generated from MISMandate.");
+ return null;
+ }
+ }
+
+ public Mandate getMandateJaxB() {
+ Element domMandate = getMandateDOM();
+ if (domMandate != null)
+ return MandateBuilder.buildMandate(domMandate);
+
+ return null;
+ }
+
public void setMandate(byte[] mandate) {
this.mandate = mandate;
}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index 021ee62cf..940f9c3f4 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -8,6 +8,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -20,6 +22,8 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -79,6 +83,11 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED, moasession.getCcc());
+
if (StringUtils.isEmpty(moasession.getCcc())) {
// illegal state; task should not have been executed without a selected country
throw new AuthenticationException("stork.22", new Object[] { sessionID });
@@ -97,6 +106,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED);
+
} catch (MOAIDException ex) {
throw new TaskExecutionException(ex.getMessage(), ex);