From f10fb18bac8e4b98460d100a4af42a943ddb75df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 25 Oct 2016 16:23:23 +0200 Subject: fix another problem in session database --- .../moa/id/advancedlogging/MOAReversionLogger.java | 8 +- .../moa/id/advancedlogging/StatisticLogger.java | 43 +- .../moa/id/auth/BaseAuthenticationServer.java | 28 -- .../id/auth/builder/AuthenticationDataBuilder.java | 35 +- .../auth/builder/SignatureVerificationUtils.java | 6 +- .../moa/id/auth/data/AuthenticationSession.java | 353 ++++++++------- .../id/auth/data/AuthenticationSessionWrapper.java | 492 +++++++++++++++++++++ .../id/auth/data/ExtendedSAMLAttributeImpl.java | 24 +- .../egovernment/moa/id/auth/data/IdentityLink.java | 220 +++++---- .../moa/id/auth/data/InfoboxValidationResult.java | 9 +- .../id/auth/data/InfoboxValidationResultImpl.java | 1 + .../id/auth/data/VerifyXMLSignatureResponse.java | 217 ++++----- .../id/auth/modules/AbstractAuthServletTask.java | 32 +- .../tasks/EvaluateSSOConsentsTaskImpl.java | 18 +- .../internal/tasks/FinalizeAuthenticationTask.java | 7 +- .../auth/parser/IdentityLinkAssertionParser.java | 5 +- .../StartAuthentificationParameterParser.java | 22 +- .../parser/VerifyXMLSignatureResponseParser.java | 5 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 14 +- .../moa/id/auth/servlet/LogOutServlet.java | 5 +- .../moa/id/data/AuthenticationData.java | 15 +- .../at/gv/egovernment/moa/id/data/IAuthData.java | 7 +- .../at/gv/egovernment/moa/id/data/MISMandate.java | 39 +- .../moa/id/moduls/AuthenticationManager.java | 120 ++--- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 47 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 13 +- .../AbstractAuthProtocolModulController.java | 51 ++- .../protocols/ProtocolFinalizationController.java | 67 ++- .../MandateProfRepDescAttributeBuilder.java | 4 +- .../MandateProfRepOIDAttributeBuilder.java | 4 +- .../id/protocols/pvp2x/AttributQueryAction.java | 10 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 6 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 9 +- .../metadata/MOASPMetadataSignatureFilter.java | 4 +- .../storage/DBAuthenticationSessionStoreage.java | 121 ++--- .../id/storage/IAuthenticationSessionStoreage.java | 80 ++-- .../moa/id/module/test/TestRequestImpl.java | 37 +- .../egovernment/moa/id/commons/api/IRequest.java | 23 +- .../commons/api/data/AuthProzessDataConstants.java | 66 +++ .../commons/api/data/IAuthenticationSession.java | 296 +++++++++++++ .../moa/id/commons/api/data/IIdentityLink.java | 175 ++++++++ .../moa/id/commons/api/data/IMISMandate.java | 65 +++ .../api/data/IVerifiyXMLSignatureResponse.java | 161 +++++++ id/server/moa-id-jaxb_classes/pom.xml | 55 +++ .../moa/id/auth/AuthenticationServer.java | 76 ++-- .../builder/AuthenticationAssertionBuilder.java | 2 +- .../AuthenticationBlockAssertionBuilder.java | 10 +- .../moa/id/auth/builder/PersonDataBuilder.java | 4 +- .../builder/VerifyXMLSignatureRequestBuilder.java | 4 +- .../modules/internal/tasks/GetForeignIDTask.java | 15 +- .../internal/tasks/GetMISSessionIDTask.java | 7 +- .../tasks/InitializeBKUAuthenticationTask.java | 16 +- .../tasks/PrepareAuthBlockSignatureTask.java | 4 +- .../internal/tasks/PrepareGetMISMandateTask.java | 12 +- .../tasks/VerifyAuthenticationBlockTask.java | 4 +- .../internal/tasks/VerifyCertificateTask.java | 9 +- .../internal/tasks/VerifyIdentityLinkTask.java | 4 +- .../id/auth/parser/InfoboxReadResponseParser.java | 4 +- .../CreateXMLSignatureResponseValidator.java | 14 +- .../id/auth/validator/IdentityLinkValidator.java | 3 +- .../VerifyXMLSignatureResponseValidator.java | 9 +- .../moa/id/util/CitizenCardServletUtils.java | 4 +- .../moa/id/auth/builder/PersonDataBuilderTest.java | 6 +- .../auth/parser/InfoboxReadResponseParserTest.java | 7 +- .../eidas/tasks/CreateIdentityLinkTask.java | 6 +- .../eidas/tasks/ReceiveAuthnResponseTask.java | 2 +- .../tasks/ReceiveElgaMandateResponseTask.java | 2 +- .../data/SSOTransferAuthenticationData.java | 16 +- .../ssotransfer/servlet/SSOTransferServlet.java | 24 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 9 +- .../ssotransfer/utils/SSOContainerUtils.java | 11 +- .../tasks/ReceiveAuthnResponseTask.java | 7 +- .../AuthenticationDataAssertionBuilder.java | 2 +- .../protocols/saml1/SAML1AuthenticationData.java | 2 +- .../protocols/saml1/SAML1AuthenticationServer.java | 2 +- .../moa/id/monitoring/IdentityLinkTestModule.java | 10 +- id/server/pom.xml | 3 +- 77 files changed, 2349 insertions(+), 980 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java create mode 100644 id/server/moa-id-jaxb_classes/pom.xml diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 4a5cbd55f..b26c9c1a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -31,11 +31,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -177,7 +177,7 @@ public class MOAReversionLogger { } - public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) { + public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) { if (MiscUtil.isNotEmpty(mandate.getOWbPK())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, mandate.getOWbPK()); @@ -222,7 +222,7 @@ public class MOAReversionLogger { * @param identityLink */ public void logPersonalInformationEvent(IRequest pendingReq, - IdentityLink identityLink) { + IIdentityLink identityLink) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, buildPersonInformationHash( identityLink.getGivenName(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 14c0800b1..5b0f5115d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -43,7 +43,6 @@ import org.springframework.transaction.annotation.Transactional; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -51,13 +50,14 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -149,7 +149,7 @@ public class StatisticLogger implements IStatisticLogger{ if (authData.isUseMandate()) { dblog.setMandatelogin(authData.isUseMandate()); - MISMandate mandate = authData.getMISMandate(); + IMISMandate mandate = authData.getMISMandate(); if (mandate != null) { if (MiscUtil.isNotEmpty(mandate.getProfRep())) { @@ -254,23 +254,32 @@ public class StatisticLogger implements IStatisticLogger{ //dblog.setOaID(dbOA.getHjid()); dblog.setBusinessservice(isBusinessService(dbOA)); - try { - AuthenticationSession moasession = authenticatedSessionStorage. - getSession(errorRequest.getMOASessionIdentifier()); - if (moasession != null) { - if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { - dblog.setBkuurl(moasession.getBkuURL()); - dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); - } - - dblog.setMandatelogin(moasession.isMandateUsed()); + IAuthenticationSession moasession = null; + if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) { + Logger.debug("Use MOA session information from SSO session for ErrorLogging"); + try { + moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier()); + + } catch (MOADatabaseException e) { + Logger.error("Error during database communication", e); + } - - } catch (MOADatabaseException e) { - Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information."); + + } else { + Logger.debug("Use MOA session information from pending-req for ErrorLogging"); + moasession = errorRequest.getMOASession(); } - + + if (moasession != null) { + if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { + dblog.setBkuurl(moasession.getBkuURL()); + dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); + } + + dblog.setMandatelogin(moasession.isMandateUsed()); + } + generateErrorLogFormThrowable(throwable, dblog); entityManager.persist(dblog); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java index 20f2029cb..f0d9741d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java @@ -4,11 +4,8 @@ package at.gv.egovernment.moa.id.auth; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -20,32 +17,7 @@ import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; */ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { - @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired protected AuthConfiguration authConfig; - /** - * Retrieves a session from the session store. - * - * @param id session ID - * @return AuthenticationSession stored with given session ID (never {@code null}). - * @throws AuthenticationException in case the session id does not reflect a valic, active session. - */ - public AuthenticationSession getSession(String id) - throws AuthenticationException { - AuthenticationSession session; - try { - session = authenticationSessionStorage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[]{id}); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("auth.02", new Object[]{id}); - - } catch (Exception e) { - throw new AuthenticationException("parser.04", new Object[]{id}); - } - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 16d320ea5..3264fc3bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -47,11 +47,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -61,6 +57,11 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; @@ -110,13 +111,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { public IAuthData buildAuthenticationData(IRequest pendingReq, - AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration()); } public IAuthData buildAuthenticationData(IRequest pendingReq, - AuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { AuthenticationData authdata = null; //only needed for SAML1 legacy support @@ -253,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { Collection includedToGenericAuthData = null; @@ -273,8 +274,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //#################################################### //parse user info's from identityLink - IdentityLink idlFromPVPAttr = null; - IdentityLink identityLink = session.getIdentityLink(); + IIdentityLink idlFromPVPAttr = null; + IIdentityLink identityLink = session.getIdentityLink(); if (identityLink != null) { parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); @@ -515,7 +516,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } //mandate functionality - MISMandate misMandate = null; + IMISMandate misMandate = null; if (session.isMandateUsed()) { //#################################################### //set Mandate reference value @@ -766,7 +767,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //#################################################################### //parse AuthBlock signature-verification response //INFO: this parameters are only required for SAML1 auth. protocol - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + IVerifiyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); if (verifyXMLSigResp != null) { authData.setQualifiedCertificate(verifyXMLSigResp .isQualifiedCertificate()); @@ -833,7 +834,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { return false; } - private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection includedGenericSessionData) { + private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection includedGenericSessionData) { //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); @@ -919,7 +920,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @return Pair which was received by PVP-Attribute and could be decrypted for this Service Provider, * or null if no attribute exists or can not decrypted */ - private Pair getEncryptedbPKFromPVPAttribute(AuthenticationSession session, + private Pair getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, AuthenticationData authData, IOAAuthParameters spConfig) { //set List of encrypted bPKs to authData DAO String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); @@ -981,7 +982,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param session MOASession, but never null * @return bPK, which was received by PVP-Attribute, or null if no attribute exists */ - private String getbPKValueFromPVPAttribute(AuthenticationSession session) { + private String getbPKValueFromPVPAttribute(IAuthenticationSession session) { String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) { @@ -1015,7 +1016,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param session MOASession, but never null * @return bPKType, which was received by PVP-Attribute, or null if no attribute exists */ - private String getbPKTypeFromPVPAttribute(AuthenticationSession session) { + private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) { String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) { @@ -1065,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException { + private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException { if (oaParam.getBusinessService()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; @@ -1076,7 +1077,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { prIdentificationType.getFirstChild().setNodeValue(bPKType); IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink businessServiceIdl = idlparser.parseIdentityLink(); + IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index ac93d7af9..9ca15c76f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -29,12 +29,12 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -74,7 +74,7 @@ public class SignatureVerificationUtils { } } - public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { try { //build signature-verification request Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); @@ -84,7 +84,7 @@ public class SignatureVerificationUtils { .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); return verifyXMLSignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index a72f6c2ea..94651915e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -46,20 +46,26 @@ import java.util.Map; import org.apache.commons.collections4.map.HashedMap; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** - * Session data to be stored between AuthenticationServer API calls. * - * @author Paul Ivancsics - * @version $Id$ + * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a + * AuthenticationSession database + * + * @author Thomas Lenz + * */ -public class AuthenticationSession implements Serializable { +public class AuthenticationSession implements Serializable, IAuthenticationSession { /** * @@ -94,7 +100,7 @@ public class AuthenticationSession implements Serializable { * * Mandate element */ - private MISMandate mandate; + private IMISMandate mandate; /** * Reference value for mandate bussiness service for the assertion @@ -110,7 +116,7 @@ public class AuthenticationSession implements Serializable { /** * identity link read from smartcard */ - private IdentityLink identityLink; + private IIdentityLink identityLink; /** * authentication block to be signed by the user @@ -151,7 +157,7 @@ public class AuthenticationSession implements Serializable { private String QAALevel = null; - private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; @@ -170,14 +176,61 @@ public class AuthenticationSession implements Serializable { } + /** + * @param id + * @param now + * @param moaSession + */ + public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) { + sessionID = id; + sessionCreated = now; + + authBlock = moaSession.getAuthBlock(); + authBlockTokken = moaSession.getAuthBlockTokken(); + authenticated = moaSession.isAuthenticated(); + bkuURL = moaSession.getBkuURL(); + extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH(); + extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA(); + + genericSessionDataStorate = moaSession.getGenericSessionDataStorage(); + + identityLink = moaSession.getIdentityLink(); + isForeigner = moaSession.isForeigner(); + isOW = moaSession.isOW(); + issueInstant = moaSession.getIssueInstant(); + mandate = moaSession.getMISMandate(); + mandateReferenceValue = moaSession.getMandateReferenceValue(); + misSessionID = moaSession.getMISSessionID(); + QAALevel = moaSession.getQAALevel(); + samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk(); + sessionCreated = moaSession.getSessionCreated(); + signerCertificate = moaSession.getEncodedSignerCertificate(); + useMandates = moaSession.isMandateUsed(); + XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse(); + + //TODO: implement session construction from existing eID information + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + */ + @Override public boolean isAuthenticated() { return authenticated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + */ + @Override public void setAuthenticated(boolean authenticated) { this.authenticated = authenticated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override public X509Certificate getSignerCertificate() { try { return new X509Certificate(signerCertificate); @@ -188,10 +241,18 @@ public class AuthenticationSession implements Serializable { } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override public byte[] getEncodedSignerCertificate() { return this.signerCertificate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate) + */ + @Override public void setSignerCertificate(X509Certificate signerCertificate) { try { this.signerCertificate = signerCertificate.getEncoded(); @@ -201,174 +262,141 @@ public class AuthenticationSession implements Serializable { } } - /** - * Returns the identityLink. - * - * @return IdentityLink + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() */ - public IdentityLink getIdentityLink() { + @Override + public IIdentityLink getIdentityLink() { return identityLink; } - /** - * Returns the sessionID. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ + @Override public String getSessionID() { return sessionID; } - /** - * Sets the identityLink. - * - * @param identityLink - * The identityLink to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) */ - public void setIdentityLink(IdentityLink identityLink) { + @Override + public void setIdentityLink(IIdentityLink identityLink) { this.identityLink = identityLink; } - /** - * Sets the sessionID. - * - * @param sessionId - * The sessionID to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ + @Override public void setSessionID(String sessionId) { this.sessionID = sessionId; } - /** - * Returns the BKU URL. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() */ + @Override public String getBkuURL() { return bkuURL; } - /** - * Sets the bkuURL - * - * @param bkuURL - * The BKU URL to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) */ + @Override public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } - /** - * Returns the authBlock. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock() */ + @Override public String getAuthBlock() { return authBlock; } - /** - * Sets the authBlock. - * - * @param authBlock - * The authBlock to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String) */ + @Override public void setAuthBlock(String authBlock) { this.authBlock = authBlock; } - /** - * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. - * - * @return The SAML Attributes to be appended to the AUTHBlock. Maybe null. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH() */ + @Override public List getExtendedSAMLAttributesAUTH() { if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList(); return extendedSAMLAttributesAUTH; } - /** - * Sets the SAML Attributes to be appended to the AUTHBlock. - * - * @param extendedSAMLAttributesAUTH - * The SAML Attributes to be appended to the AUTHBlock. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List) */ + @Override public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; } - /** - * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online - * application. Maybe null. - * - * @return The SAML Attributes to be appended to the SAML assertion delivered to the online - * application + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA() */ + @Override public List getExtendedSAMLAttributesOA() { return extendedSAMLAttributesOA; } - /** - * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online - * application. - * - * @param extendedSAMLAttributesOA - * The SAML Attributes to be appended to the SAML assertion delivered to the online - * application. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List) */ + @Override public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; } - /** - * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the - * SAML Assertion or not. - * - * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or - * false if not. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk() */ + @Override public boolean getSAMLAttributeGebeORwbpk() { return this.samlAttributeGebeORwbpk; } - /** - * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the - * SAML Assertion or not. - * - * @param samlAttributeGebeORwbpk - * The boolean for value either a target or wbPK is provided as SAML Attribute in the - * SAML Assertion or not. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean) */ + @Override public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; } - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ + @Override public String getIssueInstant() { return issueInstant; } - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant - * The issueInstant to set. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) */ + @Override public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } - /** - * - * @param useMandate - * indicates if mandate is used or not + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String) */ + @Override public void setUseMandate(String useMandate) { if (useMandate.compareToIgnoreCase("true") == 0) this.useMandates = true; @@ -377,141 +405,172 @@ public class AuthenticationSession implements Serializable { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + */ + @Override public void setUseMandates(boolean useMandates) { this.useMandates = useMandates; } - /** - * @return + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() */ + @Override public boolean isMandateUsed() { return this.useMandates; } - /** - * - * @param misSessionID - * indicates the MIS session ID + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) */ + @Override public void setMISSessionID(String misSessionID) { this.misSessionID = misSessionID; } - /** - * Returns the MIS session ID - * - * @return + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID() */ + @Override public String getMISSessionID() { return this.misSessionID; } - /** - * @return the mandateReferenceValue + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue() */ + @Override public String getMandateReferenceValue() { return mandateReferenceValue; } - /** - * @param mandateReferenceValue - * the mandateReferenceValue to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String) */ + @Override public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() + */ + @Override public boolean isForeigner() { return isForeigner; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + */ + @Override public void setForeigner(boolean isForeigner) { this.isForeigner = isForeigner; } - public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse() + */ + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { return XMLVerifySignatureResponse; } - public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse) + */ + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } - public MISMandate getMISMandate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate() + */ + @Override + public IMISMandate getMISMandate() { return mandate; } - public void setMISMandate(MISMandate mandate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate) + */ + @Override + public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } - /** - * @return the isOW + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() */ + @Override public boolean isOW() { return isOW; } - /** - * @param isOW - * the isOW to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) */ + @Override public void setOW(boolean isOW) { this.isOW = isOW; } - /** - * @return the authBlockTokken + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() */ + @Override public String getAuthBlockTokken() { return authBlockTokken; } - /** - * @param authBlockTokken - * the authBlockTokken to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String) */ + @Override public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } - /** - * eIDAS QAA level - * - * @return the qAALevel + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() */ + @Override public String getQAALevel() { return QAALevel; } - /** - * set QAA level in eIDAS form - * - * @param qAALevel the qAALevel to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) */ + @Override public void setQAALevel(String qAALevel) { QAALevel = qAALevel; } - /** - * @return the sessionCreated + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ + @Override public Date getSessionCreated() { return sessionCreated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + */ + @Override public Map getGenericSessionDataStorage() { return genericSessionDataStorate; } - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @return The session-data object or null if no data is found with this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) */ + @Override public Object getGenericDataFromSession(String key) { if (MiscUtil.isNotEmpty(key)) { return genericSessionDataStorate.get(key); @@ -523,13 +582,10 @@ public class AuthenticationSession implements Serializable { } - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @param clazz The class type which is stored with this key - * @return The session-data object or null if no data is found with this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) */ + @Override public T getGenericDataFromSession(String key, final Class clazz) { if (MiscUtil.isNotEmpty(key)) { Object data = genericSessionDataStorate.get(key); @@ -555,13 +611,10 @@ public class AuthenticationSession implements Serializable { } - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) */ + @Override public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { if (MiscUtil.isEmpty(key)) { Logger.warn("Generic session-data can not be stored with a 'null' key"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java new file mode 100644 index 000000000..5419e8ae0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java @@ -0,0 +1,492 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants { + + + private Map sessionData; + + /** + * @param genericDataStorage + */ + public AuthenticationSessionWrapper(Map genericDataStorage) { + this.sessionData = genericDataStorage; + } + + private T wrapStringObject(String key, Object defaultValue, Class clazz) { + if (MiscUtil.isNotEmpty(key)) { + Object obj = sessionData.get(key); + if (obj != null && clazz.isInstance(obj)) + return (T) obj; + } + + if (defaultValue == null) + return null; + + else if (clazz.isInstance(defaultValue)) + return (T)defaultValue; + + else { + Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + + } + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + */ + @Override + public boolean isAuthenticated() { + return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + */ + @Override + public void setAuthenticated(boolean authenticated) { + sessionData.put(FLAG_IS_AUTHENTICATED, authenticated); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override + public X509Certificate getSignerCertificate() { + byte[] encCert = getEncodedSignerCertificate(); + + if (encCert != null) { + try { + return new X509Certificate(encCert); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } + } + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override + public byte[] getEncodedSignerCertificate() { + return wrapStringObject(VALUE_SIGNER_CERT, null, byte[].class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate) + */ + @Override + public void setSignerCertificate(X509Certificate signerCertificate) { + try { + sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); + + }catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() + */ + @Override + public IIdentityLink getIdentityLink() { + return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() + */ + @Override + public String getSessionID() { + return wrapStringObject(VALUE_SESSIONID, null, String.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) + */ + @Override + public void setIdentityLink(IIdentityLink identityLink) { + sessionData.put(VALUE_IDENTITYLINK, identityLink); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) + */ + @Override + public void setSessionID(String sessionId) { + sessionData.put(VALUE_SESSIONID, sessionId); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() + */ + @Override + public String getBkuURL() { + return wrapStringObject(VALUE_BKUURL, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) + */ + @Override + public void setBkuURL(String bkuURL) { + sessionData.put(VALUE_BKUURL, bkuURL); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock() + */ + @Override + public String getAuthBlock() { + return wrapStringObject(VALUE_AUTHBLOCK, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String) + */ + @Override + public void setAuthBlock(String authBlock) { + sessionData.put(VALUE_AUTHBLOCK, authBlock); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH() + */ + @Override + public List getExtendedSAMLAttributesAUTH() { + return wrapStringObject(VALUE_EXTENTEDSAMLATTRAUTH, new ArrayList(), List.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List) + */ + @Override + public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { + sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA() + */ + @Override + public List getExtendedSAMLAttributesOA() { + return wrapStringObject(VALUE_EXTENTEDSAMLATTROA, null, List.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List) + */ + @Override + public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { + sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk() + */ + @Override + public boolean getSAMLAttributeGebeORwbpk() { + return wrapStringObject(FLAG_SAMLATTRIBUTEGEBEORWBPK, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean) + */ + @Override + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() + */ + @Override + public String getIssueInstant() { + return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) + */ + @Override + public void setIssueInstant(String issueInstant) { + sessionData.put(VALUE_ISSUEINSTANT, issueInstant); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String) + */ + @Override + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + setUseMandates(true); + else + setUseMandates(false); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + */ + @Override + public void setUseMandates(boolean useMandates) { + sessionData.put(FLAG_USE_MANDATE, useMandates); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() + */ + @Override + public boolean isMandateUsed() { + return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) + */ + @Override + public void setMISSessionID(String misSessionID) { + sessionData.put(VALUE_MISSESSIONID, misSessionID); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID() + */ + @Override + public String getMISSessionID() { + return wrapStringObject(VALUE_MISSESSIONID, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue() + */ + @Override + public String getMandateReferenceValue() { + return wrapStringObject(VALUE_MISREFVALUE, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String) + */ + @Override + public void setMandateReferenceValue(String mandateReferenceValue) { + sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() + */ + @Override + public boolean isForeigner() { + return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + */ + @Override + public void setForeigner(boolean isForeigner) { + sessionData.put(FLAG_IS_FOREIGNER, isForeigner); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse() + */ + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { + return wrapStringObject(VALUE_VERIFYSIGRESP, null, IVerifiyXMLSignatureResponse.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse) + */ + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { + sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate() + */ + @Override + public IMISMandate getMISMandate() { + return wrapStringObject(VALUE_MISMANDATE, null, IMISMandate.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate) + */ + @Override + public void setMISMandate(IMISMandate mandate) { + sessionData.put(VALUE_MISMANDATE, mandate); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() + */ + @Override + public boolean isOW() { + return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) + */ + @Override + public void setOW(boolean isOW) { + sessionData.put(FLAG_IS_ORGANWALTER, isOW); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() + */ + @Override + public String getAuthBlockTokken() { + return wrapStringObject(VALUE_AUTNBLOCKTOKKEN, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String) + */ + @Override + public void setAuthBlockTokken(String authBlockTokken) { + sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() + */ + @Override + public String getQAALevel() { + return wrapStringObject(VALUE_QAALEVEL, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) + */ + @Override + public void setQAALevel(String qAALevel) { + sessionData.put(VALUE_QAALEVEL, qAALevel); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() + */ + @Override + public Date getSessionCreated() { + return wrapStringObject(VALUE_CREATED, null, Date.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + */ + @Override + public Map getGenericSessionDataStorage() { + Map result = new HashMap(); + for (String el : sessionData.keySet()) { + if (el.startsWith(GENERIC_PREFIX)) + result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el)); + + } + + return result; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) + */ + @Override + public Object getGenericDataFromSession(String key) { + return sessionData.get(GENERIC_PREFIX + key); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericDataFromSession(String key, Class clazz) { + return wrapStringObject(GENERIC_PREFIX + key, null, clazz); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) + */ + @Override + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + sessionData.put(GENERIC_PREFIX + key, object); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index c7fa58eaf..f1d48935f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. @@ -92,13 +94,13 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali * The following values are allowed: *
    *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} *
  • *
* @@ -111,28 +113,28 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getValue() */ public Object getValue() { return value_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getName() */ public String getName() { return name_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getNameSpace() */ public String getNameSpace() { return namespace_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getAddToAUTHBlock() */ public int getAddToAUTHBlock() { return addToAUTHBlock_; @@ -144,16 +146,16 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali * @param addToAUTHBlock One of the following values: *
    *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} *
  • *
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} */ public void setAddToAUTHBlock(int addToAUTHBlock) { addToAUTHBlock_ = addToAUTHBlock; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 78f1e14f0..2690bc2cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -54,6 +54,7 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.DOMUtils; @@ -64,7 +65,7 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink implements Serializable{ +public class IdentityLink implements Serializable, IIdentityLink{ private static final long serialVersionUID = 1L; @@ -128,188 +129,183 @@ public class IdentityLink implements Serializable{ public IdentityLink() { } - /** - * Returns the dateOfBirth. - * @return Calendar - */ - public String getDateOfBirth() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() + */ + @Override +public String getDateOfBirth() { return dateOfBirth; } - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() + */ + @Override +public String getFamilyName() { return familyName; } - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() + */ + @Override +public String getGivenName() { return givenName; } - /** - * Returns the name. - * @return The name. - */ - public String getName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() + */ + @Override +public String getName() { if (name == null) { name = givenName + " " + familyName; } return name; } - /** - * Returns the identificationValue. - * "identificationValue" is the translation of "Stammzahl". - * @return String - */ - public String getIdentificationValue() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() + */ + @Override +public String getIdentificationValue() { return identificationValue; } - /** - * Returns the identificationType. - * "identificationType" type of the identificationValue in the IdentityLink. - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() */ + @Override public String getIdentificationType() { return identificationType; } - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) + */ + @Override +public void setDateOfBirth(String dateOfBirth) { this.dateOfBirth = dateOfBirth; } - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) + */ + @Override +public void setFamilyName(String familyName) { this.familyName = familyName; } - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) + */ + @Override +public void setGivenName(String givenName) { this.givenName = givenName; } - /** - * Sets the identificationValue. - * "identificationValue" is the translation of "Stammzahl". - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) + */ + @Override +public void setIdentificationValue(String identificationValue) { this.identificationValue = identificationValue; } - /** - * Sets the Type of the identificationValue. - * @param identificationType The type of identificationValue to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) */ + @Override public void setIdentificationType(String identificationType) { this.identificationType = identificationType; } - /** - * Returns the samlAssertion. - * @return Element - */ - public Element getSamlAssertion() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() + */ + @Override +public Element getSamlAssertion() { return samlAssertion; } - /** - * Returns the samlAssertion. - * @return Element - */ - public String getSerializedSamlAssertion() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() + */ + @Override +public String getSerializedSamlAssertion() { return serializedSamlAssertion; } - /** - * Sets the samlAssertion and the serializedSamlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) + */ + @Override +public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { this.samlAssertion = samlAssertion; this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); } - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - public Element[] getDsigReferenceTransforms() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() + */ + @Override +public Element[] getDsigReferenceTransforms() { return dsigReferenceTransforms; } - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) + */ + @Override +public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { this.dsigReferenceTransforms = dsigReferenceTransforms; } - /** - * Returns the publicKey. - * @return PublicKey[] - */ - public PublicKey[] getPublicKey() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() + */ + @Override +public PublicKey[] getPublicKey() { return publicKey; } - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - public void setPublicKey(PublicKey[] publicKey) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) + */ + @Override +public void setPublicKey(PublicKey[] publicKey) { this.publicKey = publicKey; } - /** - * Returns the prPerson. - * @return Element - */ - public Element getPrPerson() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() + */ + @Override +public Element getPrPerson() { return prPerson; } - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - public void setPrPerson(Element prPerson) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) + */ + @Override +public void setPrPerson(Element prPerson) { this.prPerson = prPerson; } - /** - * Returns the issuing time of the identity link SAML assertion. - * - * @return The issuing time of the identity link SAML assertion. - */ - public String getIssueInstant() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() + */ + @Override +public String getIssueInstant() { return issueInstant; } - /** - * Sets the issuing time of the identity link SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - public void setIssueInstant(String issueInstant) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) + */ + @Override +public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java index e9a278d0f..82263f7a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -46,12 +46,13 @@ package at.gv.egovernment.moa.id.auth.data; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; /** * Includes the result of an extended infobox validation. * * If validation succeeds, an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} * maybe provided. Each of these SAML-Attributes will be either appended to the * final SAML-Assertion passed to the online application or to the AUTH-Block, * or to both. @@ -65,7 +66,7 @@ public interface InfoboxValidationResult { /** * The method returns true if validation succeeds. In that case * method {@link #getExtendedSamlAttributes()} may provide an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the * AUTH-Block or to both. *
@@ -78,14 +79,14 @@ public interface InfoboxValidationResult { public boolean isValid(); /** - * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * Returns an array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be added to the SAML-Assertion * provided to the online application. * The SAML-Attributes in that array will be added to the final * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged * in the array this method returns. * - * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * @return An array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be added to the SAML-Assertion * provided to the online application, the AUTH-Block, or both. If no attributes should * be added this array maybe null or empty. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java index 0ba17eb2f..c5183d29c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.data; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; /** * Default implementation of the {@link InfoboxValidationResult} interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 6cf1de319..c054976ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; import java.util.Date; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import iaik.x509.X509Certificate; /** @@ -59,7 +60,7 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse implements Serializable{ +public class VerifyXMLSignatureResponse implements Serializable, IVerifiyXMLSignatureResponse{ private static final long serialVersionUID = 1L; @@ -89,173 +90,179 @@ public class VerifyXMLSignatureResponse implements Serializable{ private Date signingDateTime; - /** - * Returns the certificateCheckCode. - * @return int - */ - public int getCertificateCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getCertificateCheckCode() + */ + @Override +public int getCertificateCheckCode() { return certificateCheckCode; } - /** - * Returns the signatureCheckCode. - * @return int - */ - public int getSignatureCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureCheckCode() + */ + @Override +public int getSignatureCheckCode() { return signatureCheckCode; } - /** - * Returns the xmlDSIGManifestCheckCode. - * @return int - */ - public int getXmlDSIGManifestCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode() + */ + @Override +public int getXmlDSIGManifestCheckCode() { return xmlDSIGManifestCheckCode; } - /** - * Returns the xmlDsigSubjectName. - * @return String - */ - public String getXmlDsigSubjectName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName() + */ + @Override +public String getXmlDsigSubjectName() { return xmlDsigSubjectName; } - /** - * Sets the certificateCheckCode. - * @param certificateCheckCode The certificateCheckCode to set - */ - public void setCertificateCheckCode(int certificateCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setCertificateCheckCode(int) + */ + @Override +public void setCertificateCheckCode(int certificateCheckCode) { this.certificateCheckCode = certificateCheckCode; } - /** - * Sets the signatureCheckCode. - * @param signatureCheckCode The signatureCheckCode to set - */ - public void setSignatureCheckCode(int signatureCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureCheckCode(int) + */ + @Override +public void setSignatureCheckCode(int signatureCheckCode) { this.signatureCheckCode = signatureCheckCode; } - /** - * Sets the xmlDSIGManifestCheckCode. - * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set - */ - public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int) + */ + @Override +public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; } - /** - * Sets the xmlDsigSubjectName. - * @param xmlDsigSubjectName The xmlDsigSubjectName to set - */ - public void setXmlDsigSubjectName(String xmlDsigSubjectName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String) + */ + @Override +public void setXmlDsigSubjectName(String xmlDsigSubjectName) { this.xmlDsigSubjectName = xmlDsigSubjectName; } - /** - * Returns the publicAuthorityCode. - * @return int - */ - public String getPublicAuthorityCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getPublicAuthorityCode() + */ + @Override +public String getPublicAuthorityCode() { return publicAuthorityCode; } - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthorityCode(java.lang.String) + */ + @Override +public void setPublicAuthorityCode(String publicAuthorityCode) { this.publicAuthorityCode = publicAuthorityCode; } - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isQualifiedCertificate() + */ + @Override +public boolean isQualifiedCertificate() { return qualifiedCertificate; } - /** - * Returns the x509certificate. - * @return X509Certificate - */ - public X509Certificate getX509certificate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getX509certificate() + */ + @Override +public X509Certificate getX509certificate() { return x509certificate; } - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setQualifiedCertificate(boolean) + */ + @Override +public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - /** - * Sets the x509certificate. - * @param x509certificate The x509certificate to set - */ - public void setX509certificate(X509Certificate x509certificate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setX509certificate(iaik.x509.X509Certificate) + */ + @Override +public void setX509certificate(X509Certificate x509certificate) { this.x509certificate = x509certificate; } - /** - * Returns the xmlDSIGManigest. - * @return boolean - */ - public boolean isXmlDSIGManigest() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest() + */ + @Override +public boolean isXmlDSIGManigest() { return xmlDSIGManigest; } - /** - * Sets the xmlDSIGManigest. - * @param xmlDSIGManigest The xmlDSIGManigest to set - */ - public void setXmlDSIGManigest(boolean xmlDSIGManigest) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean) + */ + @Override +public void setXmlDSIGManigest(boolean xmlDSIGManigest) { this.xmlDSIGManigest = xmlDSIGManigest; } - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isPublicAuthority() + */ + @Override +public boolean isPublicAuthority() { return publicAuthority; } - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthority(boolean) + */ + @Override +public void setPublicAuthority(boolean publicAuthority) { this.publicAuthority = publicAuthority; } - /** - * Returns the the resulting code of the signature manifest check. - * - * @return The code of the sigature manifest check. - */ - public int getSignatureManifestCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode() + */ + @Override +public int getSignatureManifestCheckCode() { return signatureManifestCheckCode; } - /** - * Sets the signatureManifestCode. - * - * @param signatureManifestCheckCode The signatureManifestCode to set. - */ - public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int) + */ + @Override +public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { this.signatureManifestCheckCode = signatureManifestCheckCode; } - public Date getSigningDateTime() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSigningDateTime() + */ +@Override +public Date getSigningDateTime() { return signingDateTime; } - public void setSigningDateTime(Date signingDateTime) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) + */ +@Override +public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 1b78ff677..ec6dbc951 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing @@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public abstract class AbstractAuthServletTask extends MoaIdTask { @Autowired protected IRequestStorage requestStoreage; - @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; protected static final String ERROR_CODE_PARAM = "errorid"; protected IRequest pendingReq = null; - protected AuthenticationSession moasession = null; + protected IAuthenticationSession moasession = null; public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException; @@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { * @throws MOADatabaseException */ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { - String moasessionid = pendingReq.getMOASessionIdentifier(); - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - try { - moasession = authenticatedSessionStorage.getSession(moasessionid); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID()); + moasession = pendingReq.getMOASession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index dfb90da3a..1c26ff5ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { private static final String PARAM_SSO_CONSENTS = "value"; @Autowired private SSOManager ssoManager; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { ssoConsents = Boolean.parseBoolean(ssoConsentsString); //perform default task initialization - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - if (!(isValidSSOSession && moasession.isAuthenticated() )) { + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); + //Populate this pending request with SSO session information + pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession); + + //user allow single sign-on authentication if (ssoConsents) { + //authenticate pending-request pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 6a1ed7203..4eff0fcf5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { try { defaultTaskInitialization(request, executionContext); - //set MOASession to authenticated and store MOASession + //set MOASession to authenticated moasession.setAuthenticated(true); - String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); - //set pendingRequest to authenticated and set new MOASessionID - ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); + //set pending request to authenticated pendingReq.setAuthenticated(true); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index a5783bfb7..8f7364f62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -61,6 +61,7 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -256,8 +257,8 @@ public class IdentityLinkAssertionParser { * @throws ParseException on any parsing error */ - public IdentityLink parseIdentityLink() throws ParseException { - IdentityLink identityLink; + public IIdentityLink parseIdentityLink() throws ParseException { + IIdentityLink identityLink; try { identityLink = new IdentityLink(); identityLink.setSamlAssertion(assertionElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 140c7aebc..92d76751f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -30,13 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -51,7 +51,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ @Autowired AuthConfiguration authConfig; - public void parse(AuthenticationSession moasession, + public void parse(IAuthenticationSession moasession, String target, String oaURL, String bkuURL, @@ -221,8 +221,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } - public void parse(ExecutionContext ec, HttpServletRequest req, - AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { + public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) + throws WrongParametersException, MOAIDException { //get Parameters from request String oaURL = (String) ec.get(PARAM_OA); @@ -231,20 +231,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String useMandate = (String) ec.get(PARAM_USEMANDATE); String ccc = (String) ec.get(PARAM_CCC); - if (request.getOnlineApplicationConfiguration() != null && - request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { - Logger.debug("Service " + request.getOnlineApplicationConfiguration().getPublicURLPrefix() + if (pendingReq.getOnlineApplicationConfiguration() != null && + pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { + Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + " only allows authentication with mandates. --> Set useMandate to TRUE."); - useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); + useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); } - oaURL = request.getOAURL(); + oaURL = pendingReq.getOAURL(); //only needed for SAML1 - String target = request.getGenericData("saml1_target", String.class); + String target = pendingReq.getGenericData("saml1_target", String.class); - parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 7bce406e0..b54a43fff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -56,6 +56,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -168,9 +169,9 @@ public class VerifyXMLSignatureResponseParser { * @throws ParseException on any parsing error */ - public VerifyXMLSignatureResponse parseData() throws ParseException { + public IVerifiyXMLSignatureResponse parseData() throws ParseException { - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 5e09380ae..a146f778e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -134,16 +134,14 @@ public class IDPSingleLogOutServlet extends AbstractController { try { if (ssoManager.isValidSSOSession(ssoid, null)) { - String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid); - - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID); - if(authSession != null) { - authManager.performSingleLogOut(req, resp, authSession, authURL); - return; + AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid); + + if(authSession != null) { + authManager.performSingleLogOut(req, resp, authSession, authURL); + return; - } } + } } catch (Exception e) { handleErrorNoRedirect(e, req, resp, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 15333a933..8ef047300 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,6 +56,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -105,8 +106,8 @@ public class LogOutServlet { //TODO: Single LogOut Implementation //delete SSO session and MOA session - String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid); - authmanager.performOnlyIDPLogOut(req, resp, moasessionid); + AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid); + authmanager.performOnlyIDPLogOut(moasessionid); Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index d306ec005..f5f056ccc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -34,7 +34,8 @@ import java.util.Map; import org.apache.commons.collections4.map.HashedMap; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; @@ -74,7 +75,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * user identityLink specialized to OAParamter */ - private IdentityLink identityLink; + private IIdentityLink identityLink; /** * application specific user identifier (bPK/wbPK) @@ -138,7 +139,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String pvpAttribute_OU = null; private boolean useMandate = false; - private MISMandate mandate = null; + private IMISMandate mandate = null; private String mandateReferenceValue = null; private boolean foreigner =false; @@ -390,14 +391,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @return the identityLink */ - public IdentityLink getIdentityLink() { + public IIdentityLink getIdentityLink() { return identityLink; } /** * @param identityLink the identityLink to set */ - public void setIdentityLink(IdentityLink identityLink) { + public void setIdentityLink(IIdentityLink identityLink) { this.identityLink = identityLink; } @@ -436,7 +437,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @return the mandate */ - public MISMandate getMISMandate() { + public IMISMandate getMISMandate() { return mandate; } @@ -461,7 +462,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param mandate the mandate to set */ - public void setMISMandate(MISMandate mandate) { + public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index c32564679..4c15cd3d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -27,7 +27,8 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; /** * @author tlenz @@ -62,7 +63,7 @@ public interface IAuthData { List getEncbPKList(); - IdentityLink getIdentityLink(); + IIdentityLink getIdentityLink(); byte[] getSignerCertificate(); String getAuthBlock(); @@ -74,7 +75,7 @@ public interface IAuthData { String getPublicAuthorityCode(); boolean isQualifiedCertificate(); - MISMandate getMISMandate(); + IMISMandate getMISMandate(); Element getMandate(); String getMandateReferenceValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java index 81157994e..25d50f57a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java @@ -51,12 +51,13 @@ import java.io.Serializable; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; -public class MISMandate implements Serializable{ +public class MISMandate implements Serializable, IMISMandate{ private static final long serialVersionUID = 1L; @@ -81,23 +82,47 @@ public class MISMandate implements Serializable{ private String owBPK = null; // private boolean isFullMandateIncluded = false; + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getProfRep() + */ + @Override public String getProfRep() { return oid; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setProfRep(java.lang.String) + */ + @Override public void setProfRep(String oid) { this.oid = oid; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setOWbPK(java.lang.String) + */ + @Override public void setOWbPK(String oWbPK) { this.owBPK = oWbPK; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getOWbPK() + */ + @Override public String getOWbPK() { return owBPK; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandate() + */ + @Override public byte[] getMandate() { return mandate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateDOM() + */ + @Override public Element getMandateDOM() { try { byte[] byteMandate = mandate; @@ -111,6 +136,10 @@ public class MISMandate implements Serializable{ } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateJaxB() + */ + @Override public Mandate getMandateJaxB() { Element domMandate = getMandateDOM(); if (domMandate != null) @@ -119,10 +148,18 @@ public class MISMandate implements Serializable{ return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setMandate(byte[]) + */ + @Override public void setMandate(byte[] mandate) { this.mandate = mandate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getTextualDescriptionOfOID() + */ + @Override public String getTextualDescriptionOfOID() { if (MiscUtil.isNotEmpty(this.oid)) { if (this.oid.equalsIgnoreCase(OID_NOTAR)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 34b250bf0..f718777b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired(required=true) private MOAMetadataProvider metadataProvider; public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, null, authURL); } + /** + * @param req + * @param resp + * @param moasessionid + */ + public void performOnlyIDPLogOut(AuthenticationSession authSession) { + + if (authSession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return; + + } + + try { + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + + authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); + return; + } + + } + + public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String moaSessionID) { + HttpServletResponse response, String internalMOASsoSessionID) { Logger.info("Remove active user-session"); - if(moaSessionID == null) { - moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + if(internalMOASsoSessionID == null) { + internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID); } - if(moaSessionID == null) { + if(internalMOASsoSessionID == null) { Logger.info("NO MOA Session to logout"); return; } AuthenticationSession authSession; try { - authSession = authenticatedSessionStore.getSession(moaSessionID); + authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroySession(moaSessionID); - - //session.invalidate(); - + + performOnlyIDPLogOut(authSession); + } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } @@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - authenticatedSessionStore.destroySession(correspondingMOASession); + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); ssoManager.deleteSSOSessionID(httpReq, httpResp); } } @@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession moaSession = null; + AuthenticationSession ssoMOASession = null; if (isValidSSOSession && isSSOAllowed) { - String moasessionID = ssoManager.getMOASession(ssoId); - moaSession = authenticatedSessionStore.getSession(moasessionID); + ssoMOASession = ssoManager.getInternalMOASession(ssoId); - if (moaSession == null) + if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); else { @@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - + boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); + //force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, httpResp, pendingReq); @@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (isSessionAuthenticated) { // Passive authentication ok! revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { throw new NoPassivAuthenticationException(); @@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { // Is authenticated .. proceed revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { // Start authentication! @@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @return true if session is already authenticated, otherwise false * @throws MOAIDException */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { //if no MOASession exist -> authentication is required - if (moaSession == null) { + if (ssoMOASession == null) { return false; } else { - //if MOASession is Found but not authenticated --> authentication is required - if (!moaSession.isAuthenticated()) { + //if MOA SSO-Session is found but not authenticated --> authentication is required + if (!ssoMOASession.isAuthenticated()) { return false; } //if MOASession is already authenticated and protocol-request is authenticated // --> no authentication is required any more - else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest } else if (!protocolRequest.isAuthenticated() - && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); protocolRequest.setAuthenticated(true); - protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; } @@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create MOASession object - AuthenticationSession moasession; - try { - moasession = authenticatedSessionStore.createSession(pendingReq); - pendingReq.setMOASessionIdentifier(moasession.getSessionID()); - - } catch (MOADatabaseException e1) { - Logger.error("Database Error! MOASession can not be created!"); - throw new MOAIDException("init.04", new Object[] {}); - - } - + //create authentication process execution context ExecutionContext executionContext = new ExecutionContextImpl(); @@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; @@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //terminate MOASession try { - authenticatedSessionStore.destroySession(session.getSessionID()); + authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); @@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants { e.printStackTrace(); } } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index ffc6012c9..b612352c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.net.MalformedURLException; import java.net.URL; import java.util.Collection; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -35,10 +36,14 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.metadata.provider.MetadataProvider; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -67,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String requestID; - private String moaSessionIdentifier; private String processInstanceId; + private String ssoMoaSessionId; private String uniqueTransactionIdentifer; private String uniqueSessionIdentifer; @@ -91,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private Map genericDataStorage = new HashMap(); + private IAuthenticationSession moaSSOSessionContainer = null; + /** * @throws ConfigurationException @@ -99,11 +106,14 @@ public abstract class RequestImpl implements IRequest, Serializable{ public final void initialize(HttpServletRequest req) throws ConfigurationException { //set requestID requestID = Random.nextLongRandom(); - + //set unique transaction identifier for logging uniqueTransactionIdentifer = Random.nextLongRandom(); TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); + //initialize session object + genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date()); + genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom()); //check if End-Point is valid String authURLString = HTTPUtils.extractAuthURLFromRequest(req); @@ -247,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{ return requestID; } - public String getMOASessionIdentifier() { - return this.moaSessionIdentifier; + public String getInternalSSOSessionIdentifier() { + return this.ssoMoaSessionId; + } + + /** + * Set the internal SSO session identifier, which associated with this pending request + * + * @param internalSSOSessionId + */ + public void setInternalSSOSessionIdentifier(String internalSSOSessionId) { + this.ssoMoaSessionId = internalSSOSessionId; } - public void setMOASessionIdentifier(String moaSessionIdentifier) { - this.moaSessionIdentifier = moaSessionIdentifier; + public IAuthenticationSession getMOASession() { + //if SSO session information are set, use this + if (moaSSOSessionContainer != null) + return moaSSOSessionContainer; + else + return new AuthenticationSessionWrapper(genericDataStorage); + } + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { + if (ssoSession instanceof AuthenticationSession) { + moaSSOSessionContainer = ssoSession; + + } else + throw new IllegalStateException("Session information can only be populated with SSO information from database"); + + + } + + public IOAAuthParameters getOnlineApplicationConfiguration() { return this.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index c27012ba9..557d9af48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -157,7 +158,7 @@ public class SSOManager { } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); try { - authenticatedSessionStore.destroySession(storedSession.getSessionid()); + authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid()); } catch (MOADatabaseException e) { Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e); @@ -175,8 +176,8 @@ public class SSOManager { } - public String getMOASession(String ssoSessionID) { - return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); + public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException { + return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); } @@ -184,9 +185,9 @@ public class SSOManager { public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); + AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); + if (moaSession != null) { + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID()); return extSessionInformation.getUniqueSessionId(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java index 79afba412..95a7660d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -37,7 +37,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -86,10 +86,10 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro } - AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); - if (moaSession != null) { + AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq); + if (ssoMoaSession != null) { //authenticated MOASession already exists --> protocol-specific postProcessing can start directly - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession); //transaction is finished, log transaction finished event revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); @@ -111,7 +111,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, AuthenticationSession moaSession) { + IRequest pendingReq, IAuthenticationSession moaSession) { Logger.debug("Add SSO information to MOASession."); //Store SSO information into database @@ -140,7 +140,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro * @throws Exception */ protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, AuthenticationSession moaSession) throws Exception { + IRequest pendingReq, IAuthenticationSession moaSession) throws Exception { String newSSOSessionId = null; @@ -161,9 +161,27 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //Store OA specific SSO session information if an SSO cookie is set if (isSSOCookieSetted) { - try { - authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), - newSSOSessionId, sloInformation, pendingReq); + try { + AuthenticationSession internalDBSSOSession = null; + + //create new SSO session, if actually no SSO session exists + if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) { + internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq); + authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + //MOA SSO-session already exists only update is required + } else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) && + moaSession instanceof AuthenticationSession) { + authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + } else { + Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName() + + " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier()); + throw new AuthenticationException("1299", null); + + } } catch (AuthenticationException e) { Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); @@ -218,19 +236,8 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro protected void removeUserSession(IRequest pendingReq, HttpServletRequest req, HttpServletResponse resp) { - try { - AuthenticationSession moaSession = authenticatedSessionStorage.getSession( - pendingReq.getMOASessionIdentifier()); - - if (moaSession != null) - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } catch (MOADatabaseException e) { - Logger.error("Remove user-session FAILED." , e); - - } - - + authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier()); + } protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 0da43d818..0f9b615a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -32,14 +32,12 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -112,48 +110,33 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon try { Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); - //get MOASession from database - String sessionID = pendingReq.getMOASessionIdentifier(); - - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12"); - - } + //get MOA session data object from pending request + IAuthenticationSession pendingMoaSession = pendingReq.getMOASession(); - //load MOASession from database - AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID); - if (moaSession == null) { - Logger.error("No MOASession with ID " + sessionID + " found.!"); - handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true); - - } else { + //check if pending-request has 'abortedByUser' flag set + if (pendingReq.isAbortedByUser()) { + //send authentication aborted error to Service Provider + buildProtocolSpecificErrorResponse( + new AuthenticationException("auth.21", new Object[] {}), + req, resp, pendingReq); - //check if pending-request has 'abortedByUser' flag set - if (pendingReq.isAbortedByUser()) { - //send authentication aborted error to Service Provider - buildProtocolSpecificErrorResponse( - new AuthenticationException("auth.21", new Object[] {}), - req, resp, pendingReq); + //do not remove the full active SSO-Session + // in case of only one Service-Provider authentication request is aborted + if ( !(pendingMoaSession.isAuthenticated() + && pendingReq.needSingleSignOnFunctionality()) ) { + removeUserSession(pendingReq, req, resp); - //do not remove the full active SSO-Session - // in case of only one Service-Provider authentication request is aborted - if ( !(moaSession.isAuthenticated() - && pendingReq.needSingleSignOnFunctionality()) ) { - removeUserSession(pendingReq, req, resp); - - } - - //check if MOASession and pending-request are authenticated - } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); - - } else { - //suspect state: pending-request is not aborted but also are not authenticated - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - - } + } + + //check if MOASession and pending-request are authenticated + } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession); + + } else { + //suspect state: pending-request is not aborted but also are not authenticated + Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); + handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); + } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index a611c72b9..b7d21f903 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -26,8 +26,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -45,7 +45,7 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); if (MiscUtil.isEmpty(profRepName)) { - MISMandate misMandate = authData.getMISMandate(); + IMISMandate misMandate = authData.getMISMandate(); if(misMandate == null) { throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index bef9afd8f..04de3288a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -23,8 +23,8 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -41,7 +41,7 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); if (MiscUtil.isEmpty(profRepOID)) { - MISMandate mandate = authData.getMISMandate(); + IMISMandate mandate = authData.getMISMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index cd14664f9..365a31fe1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -107,10 +107,10 @@ public class AttributQueryAction implements IAction { try { //get Single Sign-On information for the Service-Provider // which sends the Attribute-Query request - AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); if (moaSession == null) { - Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND."); - throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()}); + Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND."); + throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()}); } InterfederationSessionStore nextIDPInformation = @@ -155,9 +155,9 @@ public class AttributQueryAction implements IAction { throw new MOAIDException("pvp2.01", null, e); } catch (MOADatabaseException e) { - Logger.error("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() + " is not found in Database", e); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index f09a3c30c..a7a249eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -56,7 +56,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; @@ -600,7 +600,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { //check active MOASession String nameID = attrQuery.getSubject().getNameID().getValue(); - AuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID); + IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID); if (session == null) { Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); throw new AttributQueryException("auth.31", null); @@ -620,7 +620,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { pendingReq.setAction(AttributQueryAction.class.getName()); //add moasession - pendingReq.setMOASessionIdentifier(session.getSessionID()); + pendingReq.setInternalSSOSessionIdentifier(session.getSessionID()); //write revisionslog entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index c762e2505..ff703d585 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -37,11 +37,11 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -94,7 +94,7 @@ public class SingleLogOutAction implements IAction { MOARequest samlReq = (MOARequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - AuthenticationSession session = + IAuthenticationSession session = authenticationSessionStorage.searchMOASessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); @@ -114,10 +114,9 @@ public class SingleLogOutAction implements IAction { sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); return null; - } else { - String moasession = ssomanager.getMOASession(ssoID); + } else { try { - session = authenticationSessionStorage.getSession(moasession); + session = ssomanager.getInternalMOASession(ssoID); if (session == null) throw new MOADatabaseException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index 2457d2fe4..b6fed5934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -33,7 +33,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -78,7 +78,7 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter { SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); - VerifyXMLSignatureResponse result = sigVerify.verify( + IVerifiyXMLSignatureResponse result = sigVerify.verify( serialized, trustProfileID); //check signature-verification result diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 7dd6d15cd..ad200e400 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -75,12 +76,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //@Autowired MOASessionDBUtils moaSessionDBUtils; @Override - public boolean isAuthenticated(String moaSessionID) { + public boolean isAuthenticated(String internalSsoSessionID) { AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID); + session = searchInDatabase(internalSsoSessionID); return session.isAuthenticated(); } catch (MOADatabaseException e) { @@ -89,8 +90,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { - String id = Random.nextRandom(); + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { + String id = Random.nextLongRandom(); try { AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); dbsession.setSessionid(id); @@ -106,12 +107,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier()); dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - AuthenticationSession session = new AuthenticationSession(id, now); + AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession()); encryptSession(session, dbsession); //store AssertionStore element to Database entityManager.persist(dbsession); - Logger.info("Create MOASession with sessionID: " + id); + Logger.info("Create MOA SSO-Session with internal sessionID: " + id); return session; @@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + public AuthenticationSession getInternalSSOSession(String sessionID) throws MOADatabaseException { if (MiscUtil.isEmpty(sessionID)) return null; @@ -189,30 +190,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - - encryptSession(session, dbsession); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setAuthenticated(session.isAuthenticated()); - dbsession.setUpdated(new Date()); - - entityManager.merge(dbsession); - Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - } - } - - @Override - public void destroySession(String moaSessionID) throws MOADatabaseException { + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { Query query = entityManager.createNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); + query.setParameter("sessionid", internalSsoSessionID); List results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -229,39 +210,6 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } - @Override - public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException { - - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - - Logger.debug("Change SessionID from " + session.getSessionID() - + "to " + newSessionID); - - session.setSessionID(newSessionID); - encryptSession(session, dbsession); - - dbsession.setSessionid(newSessionID); - dbsession.setAuthenticated(session.isAuthenticated()); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setUpdated(new Date()); - - entityManager.merge(dbsession); - - Logger.trace("Change SessionID complete."); - - return newSessionID; - - } - - @Override - public String changeSessionID(AuthenticationSession session) - throws BuildException, MOADatabaseException { - String id = Random.nextRandom(); - return changeSessionID(session, id); - - } - @Override public void setAuthenticated(String moaSessionID, boolean isAuthenticated) { @@ -279,7 +227,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public String getMOASessionSSOID(String SSOSessionID) { + public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException { MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); @@ -295,7 +243,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return null; } else - return results.get(0).getSessionid(); + try { + return decryptSession(results.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e); + throw new MOADatabaseException("MOASession deserialization-exception"); + } } @@ -413,7 +367,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public List getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + public List getAllActiveOAFromMOASession(IAuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database."); @@ -429,7 +383,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { + public List getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database."); @@ -444,7 +398,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(userNameID, "userNameID"); Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " @@ -475,7 +429,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType) { MiscUtil.assertNotNull(moaSession, "MOASession"); MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(protocolType, "usedProtocol"); @@ -505,7 +459,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String) */ @Override - public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) { + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) { OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule); if (activeOA != null) { activeOA.setAttributeQueryUsed(true); @@ -516,7 +470,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession getSessionWithUserNameID(String nameID) { + public IAuthenticationSession getSessionWithUserNameID(String nameID) { MiscUtil.assertNotNull(nameID, "nameID"); Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); @@ -592,20 +546,35 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { AuthenticatedSessionStore dbsession = null; + AuthenticationSession moaSession = null; Date now = new Date(); //search for active session - String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier()); - if (MiscUtil.isNotEmpty(moaSession)) { + if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) { + Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO"); + moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier()); + + } else { + Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object"); + moaSession = createInternalSSOSession(req); + + } + + if (moaSession != null) { try { - dbsession = searchInDatabase(moaSession); + dbsession = searchInDatabase(moaSession.getSessionID()); }catch (MOADatabaseException e) { Logger.error("NO MOASession found but MOASession MUST already exist!"); throw e; - } - } - + } + + } else { + Logger.error("NO MOASession found but MOASession MUST already exist!"); + throw new MOADatabaseException("NO MOASession found but MOASession MUST already exist!"); + + } + dbsession.setUpdated(now); //decrypt MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java index 934b7ca65..c8d09e17e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -30,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -48,103 +49,74 @@ public interface IAuthenticationSessionStoreage { /** * Check if the stored MOASession is already authenticated * - * @param moaSessionID MOASession identifier + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return true if the MOASession is authenticated, otherwise false */ - public boolean isAuthenticated(String moaSessionID); + public boolean isAuthenticated(String internalSsoSessionID); /** - * Create a new MOASession + * Create a new MOA SSO-Session object in database + * The SSO session object get populated with eID information from pending request * * @param target Pending Request which is associated with this MOASession * @return MOASession object * @throws MOADatabaseException MOASession storage operation FAILED * @throws BuildException MOASession encryption FAILED */ - public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException; + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException; /** * Get a MOASession with sessionID * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return MOASession, or null if no session exists with this ID * @throws MOADatabaseException MOASession load operation FAILED */ - public AuthenticationSession getSession(String sessionID) throws MOADatabaseException; + public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException; /** * Get the session-data extension-object for a MOASession * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null * @throws MOADatabaseException MOASession load operation FAILED */ - public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException; + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) throws MOADatabaseException; /** * Store a session-data extension-object to MOASession * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @param sessionExtensions AuthenticationSessionExtensions object * @throws MOADatabaseException MOASession storage operation FAILED */ - public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; + public void setAuthenticationSessionExtensions(String internalSsoSessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; - /** - * Store a MOASession - * - * @param session MOASession which should be stored - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption FAILED - */ - public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException; - /** * Delete a MOASession * - * @param moaSessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @throws MOADatabaseException MOASession delete operation FAILED */ - public void destroySession(String moaSessionID) throws MOADatabaseException; - - - /** - * Change the sessionID of a MOASession - * - * @param session MOASession for which the sessionID should be changed - * @param newSessionID new MOASessionID which should be used - * @return new MOASessionID - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption/decryption FAILED - */ - public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException; - - /** - * Change the sessionID of a MOASession - * - * @param session MOASession for which the sessionID should be changed - * @return new MOASessionID - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption/decryption FAILED - */ - public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException; - + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException; + /** * Set the isAuthenticated flag to MOASession * - * @param moaSessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @param isAuthenticated Is authenticated flag (true/false) */ - public void setAuthenticated(String moaSessionID, boolean isAuthenticated); + public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated); /** * Find the MOASessionId of an active Single Sign-On session * * @param SSOSessionID Single Sign-On sessionID - * @return MOASessionID of the associated MOASession + * @return internal MOA SSO-Session of the associated SSO-Session Id + * @throws MOADatabaseException */ - public String getMOASessionSSOID(String SSOSessionID); + public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException; /** * Check if a MOASession is an active Single Sign-On session @@ -182,7 +154,7 @@ public interface IAuthenticationSessionStoreage { * @param moaSession MOASession data object * @return List of Service-Provider information */ - public List getAllActiveOAFromMOASession(AuthenticationSession moaSession); + public List getAllActiveOAFromMOASession(IAuthenticationSession moaSession); /** @@ -191,7 +163,7 @@ public interface IAuthenticationSessionStoreage { * @param moaSession MOASession data object * @return List of Interfederation-IDP information */ - public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession); + public List getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession); /** * Search a MOASession by using already transfered authentication information @@ -200,7 +172,7 @@ public interface IAuthenticationSessionStoreage { * @param userNameID UserId (bPK), which was send to this Service-Provider * @return MOASession, or null if no corresponding MOASession is found */ - public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); + public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); /** * Search a active Single Sign-On session for a specific Service-Provider @@ -210,7 +182,7 @@ public interface IAuthenticationSessionStoreage { * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider * @return Internal Single Sign-On information for this Service-Provider */ - public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType); + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType); /** @@ -219,7 +191,7 @@ public interface IAuthenticationSessionStoreage { * @param nameID UserID (bPK) * @return MOASession, or null if no corresponding MOASession is found */ - public AuthenticationSession getSessionWithUserNameID(String nameID); + public IAuthenticationSession getSessionWithUserNameID(String nameID); /** * Search an active federation IDP which could be used for federated Single Sign-On @@ -283,7 +255,7 @@ public interface IAuthenticationSessionStoreage { * @param oaurl * @param requestedModule */ - public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule); + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule); /** * @param nextIDPInformation diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java index 0b5128c8b..3ecbb84a2 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java @@ -28,6 +28,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; /** @@ -119,15 +120,6 @@ public class TestRequestImpl implements IRequest { return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getMOASessionIdentifier() - */ - @Override - public String getMOASessionIdentifier() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier() */ @@ -260,6 +252,33 @@ public class TestRequestImpl implements IRequest { // TODO Auto-generated method stub return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier() + */ + @Override + public String getInternalSSOSessionIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession() + */ + @Override + public IAuthenticationSession getMOASession() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession) + */ + @Override + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { + // TODO Auto-generated method stub + + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java index 25919a937..88cd89319 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java @@ -26,6 +26,7 @@ import java.util.Collection; import org.opensaml.saml2.metadata.provider.MetadataProvider; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; public interface IRequest { @@ -109,13 +110,29 @@ public interface IRequest { /** - * Hold the identifier of the MOASession which is associated with this request + * Hold the identifier of the SSO MOASession which is associated with this request * - * @return MOASession identifier if a associated session exists, otherwise null + * @return SSO MOASession identifier if a associated session exists, otherwise null */ - public String getMOASessionIdentifier(); + public String getInternalSSOSessionIdentifier(); + /** + * Hold the MOASession object of a pending request + * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request + * + * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request + */ + public IAuthenticationSession getMOASession(); + + + /** + * Populate the MOASession object of a pending request with information from an SSO session database + * + * @param ssoSession + */ + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession); + /** * Holds a unique transaction identifier, which could be used for looging * This transaction identifier is unique for a single identification and authentication process diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java new file mode 100644 index 000000000..db413b0f5 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +/** + * @author tlenz + * + */ +public interface AuthProzessDataConstants { + + public static final String GENERIC_PREFIX = "generic_"; + + + public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; + public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; + public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; + public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK = "direct_SAMLAttributeGebeORwbpk"; + + + public static final String VALUE_CREATED = "direct_created"; + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; + public static final String VALUE_SESSIONID = "direct_sessionId"; + public static final String VALUE_SIGNER_CERT = "direct_signerCert"; + public static final String VALUE_IDENTITYLINK = "direct_idl"; + public static final String VALUE_BKUURL = "direct_bkuUrl"; + public static final String VALUE_AUTHBLOCK = "direct_authBlock"; + + public static final String VALUE_AUTNBLOCKTOKKEN = "direct_authblocktokken"; + public static final String VALUE_QAALEVEL = "direct_qaaLevel"; + public static final String VALUE_VERIFYSIGRESP = "direct_verifySigResp"; + + public static final String VALUE_MISSESSIONID = "direct_MIS_SessionId"; + public static final String VALUE_MISREFVALUE = "direct_MIS_RefValue"; + public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + + + + + @Deprecated + public static final String VALUE_EXTENTEDSAMLATTRAUTH = "direct_extSamlAttrAuth"; + + @Deprecated + public static final String VALUE_EXTENTEDSAMLATTROA = "direct_extSamlAttrOA"; + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java new file mode 100644 index 000000000..8bffceaed --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java @@ -0,0 +1,296 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.util.Date; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public interface IAuthenticationSession { + + boolean isAuthenticated(); + + void setAuthenticated(boolean authenticated); + + X509Certificate getSignerCertificate(); + + byte[] getEncodedSignerCertificate(); + + void setSignerCertificate(X509Certificate signerCertificate); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + IIdentityLink getIdentityLink(); + + /** + * Returns the sessionID. + * + * @return String + */ + String getSessionID(); + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + void setIdentityLink(IIdentityLink identityLink); + + /** + * Sets the sessionID. + * + * @param sessionId + * The sessionID to set + */ + void setSessionID(String sessionId); + + /** + * Returns the BKU URL. + * + * @return String + */ + String getBkuURL(); + + /** + * Sets the bkuURL + * + * @param bkuURL + * The BKU URL to set + */ + void setBkuURL(String bkuURL); + + /** + * Returns the authBlock. + * + * @return String + */ + String getAuthBlock(); + + /** + * Sets the authBlock. + * + * @param authBlock + * The authBlock to set + */ + void setAuthBlock(String authBlock); + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe null. + */ + List getExtendedSAMLAttributesAUTH(); + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH + * The SAML Attributes to be appended to the AUTHBlock. + */ + void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH); + + /** + * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online + * application. Maybe null. + * + * @return The SAML Attributes to be appended to the SAML assertion delivered to the online + * application + */ + List getExtendedSAMLAttributesOA(); + + /** + * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online + * application. + * + * @param extendedSAMLAttributesOA + * The SAML Attributes to be appended to the SAML assertion delivered to the online + * application. + */ + void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA); + + /** + * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or + * false if not. + */ + boolean getSAMLAttributeGebeORwbpk(); + + /** + * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk + * The boolean for value either a target or wbPK is provided as SAML Attribute in the + * SAML Assertion or not. + */ + void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk); + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * + * @param useMandate + * indicates if mandate is used or not + */ + void setUseMandate(String useMandate); + + void setUseMandates(boolean useMandates); + + /** + * @return + */ + boolean isMandateUsed(); + + /** + * + * @param misSessionID + * indicates the MIS session ID + */ + void setMISSessionID(String misSessionID); + + /** + * Returns the MIS session ID + * + * @return + */ + String getMISSessionID(); + + /** + * @return the mandateReferenceValue + */ + String getMandateReferenceValue(); + + /** + * @param mandateReferenceValue + * the mandateReferenceValue to set + */ + void setMandateReferenceValue(String mandateReferenceValue); + + boolean isForeigner(); + + void setForeigner(boolean isForeigner); + + IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse(); + + void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse); + + IMISMandate getMISMandate(); + + void setMISMandate(IMISMandate mandate); + + /** + * @return the isOW + */ + boolean isOW(); + + /** + * @param isOW + * the isOW to set + */ + void setOW(boolean isOW); + + /** + * @return the authBlockTokken + */ + String getAuthBlockTokken(); + + /** + * @param authBlockTokken + * the authBlockTokken to set + */ + void setAuthBlockTokken(String authBlockTokken); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + T getGenericDataFromSession(String key, Class clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + */ + void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java new file mode 100644 index 000000000..3a0ccd7c9 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java @@ -0,0 +1,175 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IIdentityLink { + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * @return String + */ + String getGivenName(); + + /** + * Returns the name. + * @return The name. + */ + String getName(); + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java new file mode 100644 index 000000000..5bf8b9779 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IMISMandate.java @@ -0,0 +1,65 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; + +/** + * @author tlenz + * + */ +public interface IMISMandate { + + String getProfRep(); + + void setProfRep(String oid); + + void setOWbPK(String oWbPK); + + String getOWbPK(); + + byte[] getMandate(); + + Element getMandateDOM(); + + Mandate getMandateJaxB(); + + void setMandate(byte[] mandate); + + String getTextualDescriptionOfOID(); + // /** + // * @return the isFullMandateIncluded + // */ + // public boolean isFullMandateIncluded() { + // return isFullMandateIncluded; + // } + // /** + // * @param isFullMandateIncluded the isFullMandateIncluded to set + // */ + // public void setFullMandateIncluded(boolean isFullMandateIncluded) { + // this.isFullMandateIncluded = isFullMandateIncluded; + // } + +} \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java new file mode 100644 index 000000000..08dfcae71 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IVerifiyXMLSignatureResponse.java @@ -0,0 +1,161 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.api.data; + +import java.util.Date; + +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public interface IVerifiyXMLSignatureResponse { + + /** + * Returns the certificateCheckCode. + * @return int + */ + int getCertificateCheckCode(); + + /** + * Returns the signatureCheckCode. + * @return int + */ + int getSignatureCheckCode(); + + /** + * Returns the xmlDSIGManifestCheckCode. + * @return int + */ + int getXmlDSIGManifestCheckCode(); + + /** + * Returns the xmlDsigSubjectName. + * @return String + */ + String getXmlDsigSubjectName(); + + /** + * Sets the certificateCheckCode. + * @param certificateCheckCode The certificateCheckCode to set + */ + void setCertificateCheckCode(int certificateCheckCode); + + /** + * Sets the signatureCheckCode. + * @param signatureCheckCode The signatureCheckCode to set + */ + void setSignatureCheckCode(int signatureCheckCode); + + /** + * Sets the xmlDSIGManifestCheckCode. + * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set + */ + void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode); + + /** + * Sets the xmlDsigSubjectName. + * @param xmlDsigSubjectName The xmlDsigSubjectName to set + */ + void setXmlDsigSubjectName(String xmlDsigSubjectName); + + /** + * Returns the publicAuthorityCode. + * @return int + */ + String getPublicAuthorityCode(); + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityCode The publicAuthorityCode to set + */ + void setPublicAuthorityCode(String publicAuthorityCode); + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + boolean isQualifiedCertificate(); + + /** + * Returns the x509certificate. + * @return X509Certificate + */ + X509Certificate getX509certificate(); + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + void setQualifiedCertificate(boolean qualifiedCertificate); + + /** + * Sets the x509certificate. + * @param x509certificate The x509certificate to set + */ + void setX509certificate(X509Certificate x509certificate); + + /** + * Returns the xmlDSIGManigest. + * @return boolean + */ + boolean isXmlDSIGManigest(); + + /** + * Sets the xmlDSIGManigest. + * @param xmlDSIGManigest The xmlDSIGManigest to set + */ + void setXmlDSIGManigest(boolean xmlDSIGManigest); + + /** + * Returns the publicAuthority. + * @return boolean + */ + boolean isPublicAuthority(); + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + void setPublicAuthority(boolean publicAuthority); + + /** + * Returns the the resulting code of the signature manifest check. + * + * @return The code of the sigature manifest check. + */ + int getSignatureManifestCheckCode(); + + /** + * Sets the signatureManifestCode. + * + * @param signatureManifestCheckCode The signatureManifestCode to set. + */ + void setSignatureManifestCheckCode(int signatureManifestCheckCode); + + Date getSigningDateTime(); + + void setSigningDateTime(Date signingDateTime); + +} \ No newline at end of file diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml new file mode 100644 index 000000000..9dbb28dfe --- /dev/null +++ b/id/server/moa-id-jaxb_classes/pom.xml @@ -0,0 +1,55 @@ + + 4.0.0 + + MOA.id + moa-id + 3.x + + MOA.id.server + moa-id-jaxb_classes + + + + + default + + true + + + + local + local + file:${basedir}/../../../repository + + + shibboleth.internet2.edu + Internet2 + https://build.shibboleth.net/nexus/content/groups/public/ + + + hyberjaxb + http://repository.highsource.org/maven2/releases/ + + false + + + + jboss + https://repository.jboss.org/nexus/content/repositories/central/ + + true + + + + egiz-commons + https://demo.egiz.gv.at/int-repo/ + + true + + + + + + + ${moa-id-version} + \ No newline at end of file diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 90ed1c886..66161e508 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -36,9 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BKUException; @@ -60,9 +58,13 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.XMLUtil; import at.gv.egovernment.moa.logging.Logger; @@ -134,7 +136,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(AuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException, + public String startAuthentication(IAuthenticationSession session, HttpServletRequest req, IRequest pendingReq) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { if (session == null) { @@ -246,7 +248,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * link results in an Exception being thrown. * @throws BKUException */ - public String verifyIdentityLink(IRequest pendingReq, AuthenticationSession session, + public String verifyIdentityLink(IRequest pendingReq, IAuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, BKUException { @@ -285,7 +287,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } // parses the - IdentityLink identityLink = new InfoboxReadResponseParser( + IIdentityLink identityLink = new InfoboxReadResponseParser( xmlInfoboxReadResponse).parseIdentityLink(); // validates the identity link IdentityLinkValidator.getInstance().validate(identityLink); @@ -298,7 +300,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); @@ -346,7 +348,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public void verifyCertificate(AuthenticationSession session, + public void verifyCertificate(IAuthenticationSession session, X509Certificate certificate, IRequest pendingReq) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException, MOAIDException { @@ -387,7 +389,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @return String representation of the * <CreateXMLSignatureRequest> */ - public void verifyMandate(IRequest pendingReq, AuthenticationSession session, MISMandate mandate) + public void verifyMandate(IRequest pendingReq, IAuthenticationSession session, IMISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { @@ -429,7 +431,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ValidateException */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( - AuthenticationSession session, IRequest pendingReq) throws ConfigurationException, + IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); @@ -522,10 +524,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws BuildException If an error occurs on serializing an extended SAML attribute * to be appended to the AUTH-Block. */ - private String buildAuthenticationBlock(AuthenticationSession session, + private String buildAuthenticationBlock(IAuthenticationSession session, IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IIdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); @@ -583,28 +585,32 @@ public class AuthenticationServer extends BaseAuthenticationServer { List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - + String authBlock = null; if (pendingReq.needSingleSignOnFunctionality()) { String oaURL = pendingReq.getAuthURL(); if (MiscUtil.isNotEmpty(oaURL)) oaURL = oaURL.replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; + authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, requestedTarget, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + } else { String oaURL = oaParam.getPublicURLPrefix().replaceAll("&", "&"); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session, oaParam); - return authBlock; + authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlock(issuer, issueInstant, authURL, requestedTarget, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + } + + session.setExtendedSAMLAttributesAUTH(extendedSAMLAttributes); + return authBlock; + } @@ -622,7 +628,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws SAXException */ private void validateExtendedSAMLAttributeForMandates( - AuthenticationSession session, MISMandate mandate, + IAuthenticationSession session, IMISMandate mandate, boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { @@ -654,7 +660,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws SAXException */ private void setExtendedSAMLAttributeForMandatesOID( - AuthenticationSession session, MISMandate mandate, boolean business) + IAuthenticationSession session, IMISMandate mandate, boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { @@ -677,7 +683,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param friendlyNam The friendly name of the infobox for debug purposes */ private static void AddAdditionalSAMLAttributes( - AuthenticationSession session, + IAuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier, String friendlyName) throws ValidateException { if (extendedSAMLAttributes == null) @@ -745,7 +751,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( - MISMandate mandate, boolean business, boolean provideStammzahl) + IMISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { Vector extendedSamlAttributes = new Vector(); @@ -811,7 +817,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws TransformerException */ private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID( - MISMandate mandate, boolean business) throws SAXException, + IMISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException { Vector extendedSamlAttributes = new Vector(); @@ -855,7 +861,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws IOException * @throws SAXException */ - private static Element mandateToElement(MISMandate mandate) + private static Element mandateToElement(IMISMandate mandate) throws SAXException, IOException, ParserConfigurationException { ByteArrayInputStream bais = new ByteArrayInputStream(mandate .getMandate()); @@ -910,7 +916,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * BASE64
New id of the authenticated MOA session or {@code null} in case of mandate mode (???) * @throws BKUException */ - public void verifyAuthenticationBlock(IRequest pendingReq, AuthenticationSession session, + public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException, BKUException { @@ -958,7 +964,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { domVsresp = SignatureVerificationInvoker.getInstance().verifyXMLSignature(domVsreq); // parses the - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( + IVerifiyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( domVsresp).parseData(); if (Logger.isTraceEnabled()) { @@ -1103,14 +1109,14 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @param sessionID session ID of the running authentication session * @return String "new Session" */ - public void getForeignAuthenticationData(AuthenticationSession session) + public void getForeignAuthenticationData(IAuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { if (session == null) throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); - VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); + IVerifiyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 89f42ab7d..9a807ca00 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -31,8 +31,8 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index e51700111..ecc91991e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -43,12 +43,12 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -173,7 +173,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session, + IAuthenticationSession session, IOAAuthParameters oaParam) throws BuildException @@ -339,7 +339,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session, + IAuthenticationSession session, IOAAuthParameters oaParam) throws BuildException { @@ -479,7 +479,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session, + IAuthenticationSession session, IOAAuthParameters oaParam) throws BuildException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 333d8680c..9dcc93e9f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -49,8 +49,8 @@ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -82,7 +82,7 @@ public class PersonDataBuilder { * @return the <pr:Person> element as a String * @throws BuildException on any error */ - public String build(IdentityLink identityLink, boolean provideStammzahl) + public String build(IIdentityLink identityLink, boolean provideStammzahl) throws BuildException { try { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index d2ea53011..e6adcf159 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -56,9 +56,9 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -118,7 +118,7 @@ public class VerifyXMLSignatureRequestBuilder { * * @throws ParseException */ - public Element build(IdentityLink identityLink, String trustProfileID) + public Element build(IIdentityLink identityLink, String trustProfileID) throws ParseException { try { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 4a28658ff..ba778002d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -21,7 +21,6 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -30,8 +29,8 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -136,7 +135,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { } else { IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( response.getIdentityLink())); - IdentityLink identitylink = ilParser.parseIdentityLink(); + IIdentityLink identitylink = ilParser.parseIdentityLink(); moasession.setIdentityLink(identitylink); // set QAA Level four in case of card authentifcation @@ -146,13 +145,9 @@ public class GetForeignIDTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); - - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - throw new MOAIDException("Session store error", null); - } + + //store pending request + requestStoreage.storePendingRequest(pendingReq); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 3f63c207e..a24cc9a43 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -21,6 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -91,7 +92,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { // for now: list contains only one element - MISMandate mandate = (MISMandate) list.get(0); + IMISMandate mandate = (IMISMandate) list.get(0); String sMandate = new String(mandate.getMandate(), "UTF-8"); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { @@ -115,8 +116,8 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { //log mandate specific set of events revisionsLogger.logMandateEventSet(pendingReq, mandate); - //Stor MOAsession - authenticatedSessionStorage.storeSession(moasession); + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); } catch (MOAIDException ex) { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index c1fae1f1e..608f50200 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -64,18 +64,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { try { // - internalInitializeWithoutPersist(executionContext, request, response); - - // make sure MOASession and Pending-Request has been persisted before running the process - try { - authenticatedSessionStorage.storeSession(moasession); - requestStoreage.storePendingRequest(pendingReq); - - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } + internalInitializeWithoutPersist(executionContext, request, response); + requestStoreage.storePendingRequest(pendingReq); } catch (MOADatabaseException | MOAIDException e) { @@ -106,7 +96,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { Logger.info("Start Authentication Module: " + pendingReq.requestedModule() + " Action: " + pendingReq.requestedAction()); - authInitialisationParser.parse(executionContext, request, moasession, pendingReq); + authInitialisationParser.parse(executionContext, moasession, request, pendingReq); } else { String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index ed49201b8..f7a816c74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -55,8 +55,8 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { String createXMLSignatureRequest = authServer .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); - //store MOASession - authenticatedSessionStorage.storeSession(moasession); + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); //write response CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 88560eacf..8acfd255b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -37,14 +37,11 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -136,13 +133,8 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { String redirectMISGUI = misSessionID.getRedirectURL(); moasession.setMISSessionID(misSessionID.getSessiondId()); - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException | BuildException e) { - throw new MOAIDException("Session store error", null); - - } + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 516e9501b..ddd52c337 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -94,8 +94,8 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); - //store all changes in session DAO - authenticatedSessionStorage.storeSession(moasession); + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index df158a7ec..6aefb75a1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -20,7 +20,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -98,12 +97,8 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { String createXMLSignatureRequestOrRedirect = authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - throw new MOAIDException("session store error", null); - } + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 0deda4d43..4408f3852 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -73,8 +73,8 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; - //store session - authenticatedSessionStorage.storeSession(moasession); + //store pending request with new MOASession data information + requestStoreage.storePendingRequest(pendingReq); //set 'identityLink exists' flag to context executionContext.put("identityLinkAvailable", identityLinkAvailable); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 90fd7e1c7..275a85129 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -63,10 +63,10 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -241,7 +241,7 @@ public class InfoboxReadResponseParser { * @return Identity link * @throws ParseException on any parsing error */ - public IdentityLink parseIdentityLink() throws ParseException { + public IIdentityLink parseIdentityLink() throws ParseException { Element samlAssertion = parseSAMLAssertion(); IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion); return ilParser.parseIdentityLink(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 4b0e7b869..a227ab5be 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -57,15 +57,15 @@ import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -129,7 +129,7 @@ public class CreateXMLSignatureResponseValidator { * @param pendingReq * @throws ValidateException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier @@ -142,7 +142,7 @@ public class CreateXMLSignatureResponseValidator { String oaURL = oaParam.getPublicURLPrefix(); boolean businessService = oaParam.getBusinessService(); - IdentityLink identityLink = session.getIdentityLink(); + IIdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); String issuer = samlAssertion.getAttribute("Issuer"); @@ -415,13 +415,13 @@ public class CreateXMLSignatureResponseValidator { * @param pendingReq * @throws ValidateException */ - public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq) + public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) throws ValidateException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier String oaURL = pendingReq.getAuthURL(); - IdentityLink identityLink = session.getIdentityLink(); + IIdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); String issuer = samlAssertion.getAttribute("Issuer"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java index fa6486afe..f3ce6888b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -51,6 +51,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.XPathUtils; @@ -134,7 +135,7 @@ public class IdentityLinkValidator implements Constants { * @param identityLink The identityLink to validate * @throws ValidateException on any validation error */ - public void validate(IdentityLink identityLink) throws ValidateException { + public void validate(IIdentityLink identityLink) throws ValidateException { Element samlAssertion = identityLink.getSamlAssertion(); //Search the SAML:ASSERTION Object (A2.054) diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 4e591ada2..4953dad02 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -54,11 +54,12 @@ import java.util.Iterator; import java.util.List; import java.util.Set; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -109,7 +110,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error * @throws ConfigurationException */ - public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, + public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, List identityLinkSignersSubjectDNNames, String whatToCheck, IOAAuthParameters oaParam) @@ -240,8 +241,8 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException */ public void validateCertificate( - VerifyXMLSignatureResponse verifyXMLSignatureResponse, - IdentityLink idl) + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, + IIdentityLink idl) throws ValidateException { X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 1f2cda680..d093cc7f0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -57,9 +57,9 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.net.MediaType; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; @@ -148,7 +148,7 @@ public class CitizenCardServletUtils extends ServletUtils{ * @throws MOAIDException * @throws IOException */ - public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) + public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, IAuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) throws MOAIDException, IOException { resp.setStatus(200); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java index b26fd4738..f2fde6322 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java @@ -47,8 +47,8 @@ package test.at.gv.egovernment.moa.id.auth.builder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; import test.at.gv.egovernment.moa.id.UnitTestCase; @@ -67,14 +67,14 @@ public class PersonDataBuilderTest extends UnitTestCase implements Constants { } public void testBuild() throws Exception { String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); - IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + IIdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); String xmlPersonData = new PersonDataBuilder().build(il, true); String xmlPersonDataShould = "123456789012http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahlHermannMuster1968-10-22"; assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); } public void testBuildNoZMRZahl() throws Exception { String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); - IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + IIdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); String xmlPersonData = new PersonDataBuilder().build(il, false); String xmlPersonDataShould = XML_DECL + "HermannMuster1968-10-22"; assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java index 8d7dee597..38bf1cab6 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java @@ -49,10 +49,9 @@ package test.at.gv.egovernment.moa.id.auth.parser; import java.io.RandomAccessFile; import test.at.gv.egovernment.moa.id.UnitTestCase; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; /** * @author Paul Ivancsics @@ -81,7 +80,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase { InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); - IdentityLink idl = ilap.parseIdentityLink(); + IIdentityLink idl = ilap.parseIdentityLink(); System.out.println(idl.getGivenName()); System.out.println(idl.getFamilyName()); System.out.println(idl.getDateOfBirth()); @@ -101,7 +100,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase { InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); - IdentityLink idl = ilap.parseIdentityLink(); + IIdentityLink idl = ilap.parseIdentityLink(); System.out.println(idl.getGivenName()); System.out.println(idl.getFamilyName()); System.out.println(idl.getDateOfBirth()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 6be64ba72..cf3a13e32 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -35,13 +35,13 @@ import org.w3c.dom.Node; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -73,7 +73,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); - IdentityLink identityLink = null; + IIdentityLink identityLink = null; //connect SZR-Gateway //TODO: implement SZR-Gateway communication!!!! @@ -162,7 +162,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { moasession.setBkuURL("Not applicable (eIDASAuthentication)"); //store MOA-session to database - authenticatedSessionStorage.storeSession(moasession); + requestStoreage.storePendingRequest(pendingReq); } catch (eIDASAttributeException e) { throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 7ba5aee1e..c4b2bfeae 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -111,7 +111,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); //store MOA-session to database - authenticatedSessionStorage.storeSession(moasession); + requestStoreage.storePendingRequest(pendingReq); revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 07bde7762..81c3322c9 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -175,7 +175,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } //store MOASession - authenticatedSessionStorage.storeSession(moasession); + requestStoreage.storePendingRequest(pendingReq); //write revisions log entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED, diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 78cbd788d..2f6a54027 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,14 +28,14 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; /** @@ -44,10 +44,10 @@ import at.gv.egovernment.moa.logging.Logger; */ public class SSOTransferAuthenticationData implements IAuthData { - private AuthenticationSession authSession = null; + private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; - public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException { + public SSOTransferAuthenticationData(AuthConfiguration authConfig, IAuthenticationSession authSession) throws ConfigurationException { this.authSession = authSession; String domainIdentifier = authConfig.getSSOTagetIdentifier(); if (domainIdentifier != null) @@ -197,9 +197,9 @@ public class SSOTransferAuthenticationData implements IAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentityLink() */ @Override - public IdentityLink getIdentityLink() { + public IIdentityLink getIdentityLink() { return this.authSession.getIdentityLink(); - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getSignerCertificate() @@ -272,7 +272,7 @@ public class SSOTransferAuthenticationData implements IAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getMISMandate() */ @Override - public MISMandate getMISMandate() { + public IMISMandate getMISMandate() { return this.authSession.getMISMandate(); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 70b2ebbe9..7d1bfd7b9 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -82,6 +82,7 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContain import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -190,7 +191,7 @@ public class SSOTransferServlet{ Logger.debug("Load token:" + token + " from storage."); SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000); if (container != null) { - AuthenticationSession moaSession = new AuthenticationSession("123456", new Date()); + IAuthenticationSession moaSession = new AuthenticationSession("123456", new Date()); URL idlURL = new URL(FileUtils.makeAbsoluteURL( authConfig.getMonitoringTestIdentityLinkURL(), @@ -288,7 +289,7 @@ public class SSOTransferServlet{ try { SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut); if (container != null) { - AuthenticationSession moaSession = authenticationSessionStorage.getSession(container.getMoaSessionID()); + IAuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(container.getMoaSessionID()); if (moaSession != null) { internalTransferPersonalInformation(req, resp, container, moaSession, false); @@ -405,19 +406,16 @@ public class SSOTransferServlet{ //create first step of SSO Transfer GUI - String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); - if(authSession != null) { - internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), - SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); + IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); + if(authSession != null) { + internalCreateQRCodeForTransfer(resp, authURL, + authSession.getSessionID(), + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); - return; - } + return; } - } + config.putCustomParameter("errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible."); @@ -439,7 +437,7 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, AuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 003ce8c21..cf4590fc1 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -200,14 +200,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor); // store MOASession into database - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } + requestStoreage.storePendingRequest(pendingReq); executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); executionContext.put("sessionRestoreFinished", false); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 0785f767b..568ffb330 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,7 +97,6 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -107,6 +106,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -168,7 +169,7 @@ public class SSOContainerUtils { @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired AuthConfiguration authConfig; - public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException { + public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, IAuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException { // AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); //TODO: maybe change to correct URL @@ -233,7 +234,7 @@ public class SSOContainerUtils { Logger.info("Found mandate information in SSO session-container."); try { - MISMandate mandate = new MISMandate(); + IMISMandate mandate = new MISMandate(); String mandateFull = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME); if (MiscUtil.isNotEmpty(mandateFull)) { @@ -336,7 +337,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, - AuthenticationSession authSession, Date date, byte[] hashedSecret) { + IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils @@ -527,7 +528,7 @@ public class SSOContainerUtils { } - private static List buildSSOAttributeForTransfer(AuthenticationSession authSession, IAuthData authData) { + private static List buildSSOAttributeForTransfer(IAuthenticationSession authSession, IAuthData authData) { List attrList = new ArrayList(); IOAAuthParameters oaParam = new SSOTransferOnlineApplication(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index f739940c8..8f5a231ee 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -75,6 +75,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtracto import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -91,6 +92,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private AuthenticationDataBuilder authDataBuilder; @Autowired(required=true) MOAMetadataProvider metadataProvider; + @Autowired(required=true) protected IAuthenticationSessionStoreage authenticatedSessionStorage; /* (non-Javadoc) @@ -176,7 +178,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. - addFederatedSessionInformation(pendingReq, + addFederatedSessionInformation(pendingReq, idpConfig.getPublicURLPrefix(), extractor); } else { @@ -192,9 +194,6 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { addFederatedSessionInformation(pendingReq, idpConfig.getPublicURLPrefix(), extractor); - //update MOASession - authenticatedSessionStorage.storeSession(moasession); - } //store valid assertion into pending-request diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index fc04fa9a7..f6c8cb6e3 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -29,9 +29,9 @@ import java.text.MessageFormat; import java.util.Calendar; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index d48c0a9bb..2a7cce89e 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,7 +49,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 0a760cb5a..df8f13544 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -49,7 +49,6 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -60,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index 7994e7a06..6372fefa8 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -29,8 +29,6 @@ import java.util.List; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -38,6 +36,8 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; import at.gv.egovernment.moa.logging.Logger; @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class IdentityLinkTestModule implements TestModuleInterface { - private static IdentityLink identityLink = null; + private static IIdentityLink identityLink = null; public void initializeTest(long delayParam, String url) throws Exception{ @@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); } - } + } public List performTests() throws Exception{ Logger.trace("Start MOA-ID IdentityLink Test"); @@ -74,7 +74,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the try { - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); diff --git a/id/server/pom.xml b/id/server/pom.xml index 1824bf272..55bff295a 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -20,11 +20,12 @@ moa-id-spring-initializer moa-id-frontend-resources + moa-id-jaxb_classes idserverlib moa-id-commons modules auth-final - auth-edu + auth-edu -- cgit v1.2.3