From b0f09b21746380c80b738a051f313caf0b0b684d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 3 Oct 2013 12:11:29 +0200 Subject: Code CleanUP and change to consisted Version numbers --- .../moa/id/advancedlogging/StatisticLogger.java | 6 +- .../moa/id/auth/AuthenticationServer.java | 581 +-------------------- .../moa/id/auth/MOAIDAuthInitializer.java | 1 - .../moa/id/auth/data/AuthenticationSession.java | 166 +----- .../StartAuthentificationParameterParser.java | 5 +- .../moa/id/auth/servlet/MonitoringServlet.java | 2 - .../moa/id/auth/servlet/SelectBKUServlet.java | 184 ------- .../moa/id/config/auth/OAAuthParameter.java | 50 -- .../java/at/gv/egovernment/moa/id/data/Cookie.java | 143 ----- .../gv/egovernment/moa/id/data/CookieManager.java | 138 ----- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 22 - .../id/protocols/pvp2x/PVPTargetConfiguration.java | 3 + .../moa/id/protocols/saml1/GetArtifactAction.java | 72 +-- .../moa/id/protocols/saml1/GetArtifactServlet.java | 135 ----- .../protocols/saml1/SAML1AuthenticationServer.java | 24 - .../moa/id/protocols/saml1/SAML1Protocol.java | 13 - .../id/storage/AuthenticationSessionStoreage.java | 32 -- 17 files changed, 35 insertions(+), 1542 deletions(-) delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 9b498a475..c84599b25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -98,9 +98,13 @@ public class StatisticLogger { //log basic AuthInformation dblog.setOaurlprefix(protocolRequest.getOAURL()); dblog.setOafriendlyName(dbOA.getFriendlyName()); - dblog.setOatarget(dbOA.getTarget()); dblog.setBusinessservice(isBusinessService(dbOA)); + if (dblog.isBusinessservice()) + dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue()); + else + dblog.setOatarget(dbOA.getTarget()); + dblog.setBkuurl(moasession.getBkuURL()); dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 35e4815ba..e8564ad3c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -110,6 +110,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -146,8 +147,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; - /** session data store (session ID -> AuthenticationSession) */ - //private static Map sessionStore = new HashMap(); /** * time out in milliseconds used by {@link cleanup} for session store @@ -178,171 +177,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } -// /** -// * Processes request to select a BKU.
-// * Processing depends on value of -// * {@link AuthConfigurationProvider#getBKUSelectionType}.
-// * For bkuSelectionType==HTMLComplete, a returnURI -// * for the "BKU Auswahl" service is returned.
-// * For bkuSelectionType==HTMLSelect, an HTML form for BKU -// * selection is returned. -// * -// * @param authURL -// * base URL of MOA-ID Auth component -// * @param target -// * "Geschäftsbereich" -// * @param oaURL -// * online application URL requested -// * @param bkuSelectionTemplateURL -// * template for BKU selection form to be used in case of -// * HTMLSelect; may be null -// * @param templateURL -// * URL providing an HTML template for the HTML form to be used -// * for call startAuthentication -// * @return for bkuSelectionType==HTMLComplete, the -// * returnURI for the "BKU Auswahl" service; for -// * bkuSelectionType==HTMLSelect, an HTML form for BKU -// * selection -// * @throws WrongParametersException -// * upon missing parameters -// * @throws AuthenticationException -// * when the configured BKU selection service cannot be reached, -// * and when the given bkuSelectionTemplateURL cannot be reached -// * @throws ConfigurationException -// * on missing configuration data -// * @throws BuildException -// * while building the HTML form -// */ -// public String selectBKU(String authURL, String target, String oaURL, -// String bkuSelectionTemplateURL, String templateURL) -// throws WrongParametersException, AuthenticationException, -// ConfigurationException, BuildException { -// -// // check if HTTP Connection may be allowed (through -// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) -// String boolStr = AuthConfigurationProvider -// .getInstance() -// .getGenericConfigurationParameter( -// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); -// if ((!authURL.startsWith("https:")) -// && (false == BoolUtils.valueOf(boolStr))) -// throw new AuthenticationException("auth.07", new Object[] { authURL -// + "*" }); -// if (isEmpty(authURL)) -// throw new WrongParametersException("StartAuthentication", -// "AuthURL", "auth.05"); -// if (isEmpty(oaURL)) -// throw new WrongParametersException("StartAuthentication", PARAM_OA, -// "auth.05"); -// -// ConnectionParameter bkuConnParam = AuthConfigurationProvider -// .getInstance().getBKUConnectionParameter(); -// if (bkuConnParam == null) -// throw new ConfigurationException("config.08", -// new Object[] { "BKUSelection/ConnectionParameter" }); -// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter(oaURL); -// if (oaParam == null) -// throw new AuthenticationException("auth.00", new Object[] { oaURL }); -// -// if (!oaParam.getBusinessService()) { -// if (isEmpty(target)) -// throw new WrongParametersException("StartAuthentication", -// PARAM_TARGET, "auth.05"); -// } else { -// if (!isEmpty(target)) { -// Logger -// .info("Ignoring target parameter thus application type is \"businessService\""); -// } -// target = null; -// } -// -// AuthenticationSession session = newSession(); -// Logger.info("MOASession " + session.getSessionID() + " angelegt"); -// session.setTarget(target); -// session.setOAURLRequested(oaURL); -// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); -// session.setAuthURL(authURL); -// session.setTemplateURL(templateURL); -// session.setBusinessService(oaParam.getBusinessService()); -// -// try { -// AuthenticationSessionStoreage.storeSession(session); -// -// } catch (MOADatabaseException e) { -// throw new AuthenticationException("", null); -// } -// -// String returnURL = new DataURLBuilder().buildDataURL(authURL, -// REQ_START_AUTHENTICATION, session.getSessionID()); -// String bkuSelectionType = AuthConfigurationProvider.getInstance() -// .getBKUSelectionType(); -// if (bkuSelectionType -// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { -// // bkuSelectionType==HTMLComplete -// String redirectURL = bkuConnParam.getUrl() + "?" -// + AuthServlet.PARAM_RETURN + "=" + returnURL; -// return redirectURL; -// } else { -// // bkuSelectionType==HTMLSelect -// String bkuSelectTag; -// try { -// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider -// .getInstance(), bkuConnParam); -// } catch (Throwable ex) { -// throw new AuthenticationException("auth.11", new Object[] { -// bkuConnParam.getUrl(), ex.toString() }, ex); -// } -// String bkuSelectionTemplate = null; -// -// //removed in MOAID 2.0 -// // override template url by url from configuration file -//// if (oaParam.getBkuSelectionTemplateURL() != null) { -//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); -//// } -// -//// if (bkuSelectionTemplateURL != null) { -//// try { -//// bkuSelectionTemplate = new String(FileUtils -//// .readURL(bkuSelectionTemplateURL)); -//// } catch (IOException ex) { -//// throw new AuthenticationException("auth.03", new Object[] { -//// bkuSelectionTemplateURL, ex.toString() }, ex); -//// } -//// } -// -// String htmlForm = new SelectBKUFormBuilder().build( -// bkuSelectionTemplate, returnURL, bkuSelectTag); -// return htmlForm; -// } -// } - -// /** -// * Method readBKUSelectTag. -// * -// * @param conf -// * the ConfigurationProvider -// * @param connParam -// * the ConnectionParameter for that connection -// * @return String -// * @throws ConfigurationException -// * on config-errors -// * @throws PKIException -// * on PKI errors -// * @throws IOException -// * on any data error -// * @throws GeneralSecurityException -// * on security errors -// */ -// private String readBKUSelectTag(ConfigurationProvider conf, -// ConnectionParameter connParam) throws ConfigurationException, -// PKIException, IOException, GeneralSecurityException { -// -// if (connParam.isHTTPSURL()) -// return SSLUtils.readHttpsURL(conf, connParam); -// else -// return HTTPUtils.readHttpURL(connParam.getUrl()); -// } /** * Processes the beginning of an authentication session. @@ -441,6 +275,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { //removed in MOAID 2.0 String pushInfobox = ""; + // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); // if (verifyInfoboxParameters != null) { @@ -500,18 +335,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters .get(PARAM_XMLRESPONSE); - // System.out.println("PB: " + xmlInfoboxReadResponse); - if (isEmpty(xmlInfoboxReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - -// AuthenticationSession session = getSession(sessionID); -// if (session.getTimestampIdentityLink() != null) -// throw new AuthenticationException("auth.01", -// new Object[] { sessionID }); - session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -537,24 +364,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { return null; } - // for testing new identity link certificate - // xmlInfoboxReadResponse = null; - // try { - // File file = new File("c:/temp/XXXMuster.xml"); - // FileInputStream fis; - // - // fis = new FileInputStream(file); - // byte[] array = Utils.readFromInputStream(fis); - // - // xmlInfoboxReadResponse = new String(array); - // System.out.println(xmlInfoboxReadResponse); - // - // } catch (FileNotFoundException e) { - // e.printStackTrace(); - // } catch (UtilsException e) { - // e.printStackTrace(); - // } - // parses the IdentityLink identityLink = new InfoboxReadResponseParser( xmlInfoboxReadResponse).parseIdentityLink(); @@ -572,10 +381,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); -// if (identityLink.getIdentificationType().equalsIgnoreCase( -// Constants.URN_PREFIX_BASEID)) { -// } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -687,7 +492,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -744,7 +548,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam); - // session.setAuthBlock(authBlock); // builds the List transformsInfos = oaParam.getTransformsInfos(); if ((transformsInfos == null) || (transformsInfos.size() == 0)) { @@ -757,77 +560,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { return createXMLSignatureRequest; } -// /** -// * -// * @param session -// * @param authConf -// * @param oaParam -// * @return -// * @throws ConfigurationException -// * @throws BuildException -// * @throws ValidateException -// */ -// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( -// AuthenticationSession session, AuthConfigurationProvider authConf, -// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, -// BuildException, ValidateException { -// -// // check for intermediate processing of the infoboxes -// if (session.isValidatorInputPending()) -// return "Redirect to Input Processor"; -// -// if (authConf == null) -// authConf = AuthConfigurationProvider.getInstance(); -// if (oaParam == null) -// oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter( -// session.getPublicOAURLPrefix()); -// -// // BZ.., calculate bPK for signing to be already present in AuthBlock -// IdentityLink identityLink = session.getIdentityLink(); -// if (identityLink.getIdentificationType().equals( -// Constants.URN_PREFIX_BASEID)) { -// -// // only compute bPK if online application is a public service and we -// // have the Stammzahl -//// if (isOW) { -//// // if person is OW, delete identification value (bPK is calculated via MIS) -//// identityLink.setIdentificationValue(null); -//// identityLink.setIdentificationType(null); -//// } -//// else { -// -// //TODO: check correctness!!! bpk calcultion is done during Assertion generation -//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink -//// .getIdentificationValue(), session.getTarget()); -//// identityLink.setIdentificationValue(bpkBase64); -//// -//// //TODO: insert correct Type!!!! -//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); -//// } -// -// } -// // ..BZ -// // } -// -// // builds the AUTH-block -// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); -// -// // session.setAuthBlock(authBlock); -// // builds the -// List transformsInfos = oaParam.getTransformsInfos(); -// if ((transformsInfos == null) || (transformsInfos.size() == 0)) { -// // no OA specific transforms specified, use default ones -// transformsInfos = authConf.getTransformsInfos(); -// } -// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() -// .build(authBlock, oaParam.getKeyBoxIdentifier(), -// transformsInfos, oaParam.isSlVersion12()); -// -// System.out.println("XML: " + createXMLSignatureRequest); -// -// return createXMLSignatureRequest; -// } /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.
*
    @@ -850,15 +582,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); -// AuthenticationSession session = getSession(sessionID); - AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - - //session.setSignerCertificate(cert); return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); @@ -921,12 +649,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - //AuthenticationSession session = getSession(sessionID); - /* - * if (session.getTimestampIdentityLink() != null) throw new - * AuthenticationException("auth.01", new Object[] { sessionID }); - */ - // session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -949,8 +671,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - // int code = verifyXMLSignatureResponse.getSignatureCheckCode(); - return verifyXMLSignatureResponse.getX509certificate(); } @@ -1099,62 +819,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - -// /** -// * Builds an authentication block <saml:Assertion> from -// * given session data. -// * -// * @param session -// * authentication session -// * -// * @return <saml:Assertion> as a String -// * -// * @throws BuildException -// * If an error occurs on serializing an extended SAML attribute -// * to be appended to the AUTH-Block. -// */ -// private String buildAuthenticationBlockForOW(AuthenticationSession session, -// OAAuthParameter oaParam, boolean isOW) throws BuildException { -// IdentityLink identityLink = session.getIdentityLink(); -// String issuer = identityLink.getName(); -// String gebDat = identityLink.getDateOfBirth(); -// String identificationValue = identityLink.getIdentificationValue(); -// String identificationType = identityLink.getIdentificationType(); -// -// String issueInstant = DateTimeUtils.buildDateTime(Calendar -// .getInstance(), oaParam.getUseUTC()); -// session.setIssueInstant(issueInstant); -// String authURL = session.getAuthURL(); -// String target = session.getTarget(); -// String targetFriendlyName = session.getTargetFriendlyName(); -// // Bug #485 -// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) -// // String oaURL = session.getPublicOAURLPrefix(); -// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); -// -// -// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); -// Iterator it = extendedSAMLAttributes.iterator(); -// // delete bPK attribute from extended SAML attributes -// if (session.isOW()) { -// ExtendedSAMLAttribute toDelete = null; -// while (it.hasNext()) { -// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); -// if (attr.getName().equalsIgnoreCase("bPK")) -// toDelete = attr; -// } -// if (toDelete != null) -// extendedSAMLAttributes.remove(toDelete); -// } -// -// String authBlock = new AuthenticationBlockAssertionBuilder() -// .buildAuthBlock(issuer, issueInstant, authURL, target, -// targetFriendlyName, identificationValue, -// identificationType, oaURL, gebDat, -// extendedSAMLAttributes, session, oaParam); -// -// return authBlock; -// } /** * Verifies the infoboxes (except of the identity link infobox) returned by @@ -1197,7 +861,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - //TODO: check correctness!!!! //removed in MOAID 2.0 // VerifyInfoboxParameters verifyInfoboxParameters = oaParam // .getVerifyInfoboxParameters(); @@ -1210,6 +873,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); + //removed in MOAID 2.0 // if (verifyInfoboxParameters != null) { // // infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); @@ -1461,57 +1125,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } -// /** -// * Intermediate processing of the infoboxes. The first pending infobox -// * validator may validate the provided input -// * -// * @param session -// * The current authentication session -// * @param parameters -// * The parameters got returned by the user input fields -// */ -// public static void processInput(AuthenticationSession session, -// Map parameters) throws ValidateException { -// -// // post processing of the infoboxes -// Iterator iter = session.getInfoboxValidatorIterator(); -// if (iter != null) { -// while (iter.hasNext()) { -// Vector infoboxValidatorVector = (Vector) iter.next(); -// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector -// .get(2); -// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { -// String identifier = (String) infoboxValidatorVector.get(0); -// String friendlyName = (String) infoboxValidatorVector -// .get(1); -// InfoboxValidationResult infoboxValidationResult = null; -// try { -// infoboxValidationResult = infoboxvalidator -// .validate(parameters); -// } catch (ValidateException e) { -// Logger.error("Error validating " + identifier -// + " infobox:" + e.getMessage()); -// throw new ValidateException("validator.44", -// new Object[] { friendlyName }); -// } -// if (!infoboxValidationResult.isValid()) { -// Logger.info("Validation of " + identifier -// + " infobox failed."); -// throw new ValidateException("validator.40", -// new Object[] { -// friendlyName, -// infoboxValidationResult -// .getErrorMessage() }); -// } -// AddAdditionalSAMLAttributes( -// session, -// infoboxValidationResult.getExtendedSamlAttributes(), -// identifier, friendlyName); -// } -// } -// } -// } - /** * Adds given SAML Attributes to the current session. They will be appended * to the final SAML Assertion or the AUTH block. If the attributes are @@ -1583,33 +1196,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setExtendedSAMLAttributesOA(oaAttributes); } - // /** - // * Adds given SAML Attributes to the current session. They will be - // appended - // * to the final SAML Assertion or the AUTH block. If the attributes are - // * already in the list, they will be replaced. - // * - // * @param session The current session - // * @param extendedSAMLAttributes The SAML attributes to add - // * @param identifier The infobox identifier for debug purposes - // * @param friendlyNam The friendly name of the infobox for debug purposes - // */ - // private static void AddAdditionalSAMLAttributes(AuthenticationSession - // session, MISMandate mandate) throws ValidateException - // { - // - // List oaAttributes = session.getExtendedSAMLAttributesOA(); - // if (oaAttributes==null) oaAttributes = new Vector(); - // List authAttributes = session.getExtendedSAMLAttributesAUTH(); - // if (authAttributes==null) authAttributes = new Vector(); - // - // - // addExtendedSamlAttributes(authAttributes, mandate); - // - // session.setExtendedSAMLAttributesAUTH(authAttributes); - // session.setExtendedSAMLAttributesOA(oaAttributes); - // } - /** * Adds the AUTH block related SAML attributes to the validation result. * This is needed always before the AUTH block is to be signed, because the @@ -1629,11 +1215,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { extendedSamlAttributes.clear(); - // extendedSamlAttributes.add(new - // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, - // mandate, SZRGWConstants.MANDATE_NS, - // ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); - // Name Element domMandate = mandateToElement(mandate); Element nameSpaceNode = domMandate.getOwnerDocument().createElement( @@ -1646,24 +1227,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode); - // first check if physical person - // Element name = (Element) XPathAPI.selectSingleNode(mandator, - // "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode); - // String mandatorname = ParepUtils.extractMandatorName(mandator); - - // extendedSamlAttributes.add(new - // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, - // mandatorname, SZRGWConstants.MANDATE_NS, - // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - // Geburtsdatum - // String dob = ParepUtils.extractMandatorDateOfBirth(mandator); - // if (dob != null && !"".equals(dob)) { - // extendedSamlAttributes.add(new - // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, - // SZRGWConstants.MANDATE_NS, - // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - // } - // Mandate extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl( ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, @@ -1692,15 +1255,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - // String oid = mandate.getProfRep(); - // if (oid != null) { - // String oidDescription = mandate.getTextualDescriptionOfOID(); - // extendedSamlAttributes.add(new - // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - // oidDescription, SZRGWConstants.MANDATE_NS, - // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY)); - // } - ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes .size()]; extendedSamlAttributes.copyInto(ret); @@ -1831,9 +1385,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - //AuthenticationSession session = getSession(sessionID); - + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses @@ -1938,22 +1490,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } } - -// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); -// boolean useUTC = oaParam.getUseUTC(); -// boolean useCondition = oaParam.getUseCondition(); -// int conditionLength = oaParam.getConditionLength(); - - //TL: moved to Authentification Data generation -// AuthenticationData authData = buildAuthenticationData(session, vsresp, -// useUTC, false); -// -// //set Authblock -// session.setAuthData(authData); - - session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); @@ -1977,42 +1514,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Daten angelegt zu MOASession " + newMOASessionID); return newMOASessionID; - /* - String samlAssertion = new AuthenticationDataAssertionBuilder() - .build(authData, session.getAssertionPrPerson(), session - .getAssertionAuthBlock(), session - .getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), - session.getAssertionBusinessService(), session - .getExtendedSAMLAttributesOA(), - useCondition, conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session - .getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; - */ } - } /** @@ -2102,16 +1604,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - - //TODO: CHECK if STORK parts works correct!!!! if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - - //AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); // post processing of the infoboxes Iterator iter = session.getInfoboxValidatorIterator(); @@ -2155,19 +1651,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - -// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); -// boolean useUTC = oaParam.getUseUTC(); - -// boolean useCondition = oaParam.getUseCondition(); -// int conditionLength = oaParam.getConditionLength(); - - //TL: moved to Assertion generation. -// AuthenticationData authData = buildAuthenticationData(session, vsresp, -// useUTC, true); -// -// session.setAuthData(authData); session.setAuthenticatedUsed(false); session.setAuthenticated(true); @@ -2177,43 +1660,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setSignerCertificate(vsresp.getX509certificate()); vsresp.setX509certificate(null); session.setForeigner(true); - - return "new Session"; - - //TODO: regenerate MOASession ID! - /* - String samlAssertion = new AuthenticationDataAssertionBuilder().build( - authData, session.getAssertionPrPerson(), session - .getAssertionAuthBlock(), session - .getAssertionIlAssertion(), session.getBkuURL(), - session.getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - - return samlArtifact;*/ + //TODO: regenerate MOASession ID! + return "new Session"; } /** @@ -2242,7 +1691,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); -// boolean useUTC = oaParam.getUseUTC(); boolean businessService = oaParam.getBusinessService(); authData.setMajorVersion(1); @@ -2266,7 +1714,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setPublicAuthorityCode(verifyXMLSigResp .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); -// authData.setUseUTC(oaParam.getUseUTC()); try { @@ -2350,8 +1797,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { try { session = AuthenticationSessionStoreage.getSession(id); - /*(AuthenticationSession) sessionStore - .get(id);*/ if (session == null) throw new AuthenticationException("auth.02", new Object[] { id }); return session; @@ -2373,7 +1818,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { //clean AssertionStore AssertionStorage assertionstore = AssertionStorage.getInstance(); - assertionstore.clean(now, authDataTimeOut); + assertionstore.clean(now, authDataTimeOut); + + //clean ExeptionStore + DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); + exstore.clean(now, authDataTimeOut); + } /** @@ -2730,13 +2180,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (Throwable e) { throw new CertificateException(e); } - -// CertificateFactory cf; -// X509Certificate cert = null; -// cf = CertificateFactory.getInstance("X.509"); -// CertificateFactory -// cert = (X509Certificate)cf.generateCertificate(is); -// return cert; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index a73d76d68..2890532b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,7 +28,6 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; -import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 540311231..41440f323 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -25,25 +25,18 @@ package at.gv.egovernment.moa.id.auth.data; import iaik.x509.X509Certificate; -import java.io.IOException; import java.io.Serializable; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.util.ArrayList; -import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Vector; -import javax.xml.parsers.ParserConfigurationException; - import org.w3c.dom.Element; -import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -154,10 +147,10 @@ public class AuthenticationSession implements Serializable { */ private IdentityLink identityLink; - /** - * timestamp logging when identity link has been received - */ - private Date timestampIdentityLink; +// /** +// * timestamp logging when identity link has been received +// */ +// private Date timestampIdentityLink; //store Authblock /** @@ -562,15 +555,6 @@ public class AuthenticationSession implements Serializable { this.authBlock = authBlock; } - /** - * Returns the timestampIdentityLink. - * - * @return Date - */ - public Date getTimestampIdentityLink() { - return timestampIdentityLink; - } - /** * Returns the businessService. * @@ -591,28 +575,6 @@ public class AuthenticationSession implements Serializable { this.businessService = businessService; } -// /** -// * Returns the timestampStart. -// * -// * @return Date -// */ -// public Date getTimestampStart() { -// return timestampStart; -// } - - /** - * Sets the current date as timestampIdentityLink. - */ - public void setTimestampIdentityLink() { - timestampIdentityLink = new Date(); - } - -// /** -// * Sets the current date as timestampStart. -// */ -// public void setTimestampStart() { -// timestampStart = new Date(); -// } /** * @return template URL @@ -883,25 +845,6 @@ public class AuthenticationSession implements Serializable { return this.useMandate; } -// /** -// * -// * @param useTargetFromConfig -// * indicates if target from config is used or not -// */ -// public void setUseTargetFromConfig(boolean useTargetFromConfig) { -// this.useTargetFromConfig = useTargetFromConfig; -// -// } -// -// /** -// * Returns if target is used from mandate or not -// * -// * @return -// */ -// public boolean getUseTargetFromConfig() { -// return this.useTargetFromConfig; -// } - /** * * @param misSessionID @@ -920,97 +863,6 @@ public class AuthenticationSession implements Serializable { return this.misSessionID; } -// /** -// * @return the assertionAuthData -// */ -// public AuthenticationData getAssertionAuthData() { -// return assertionAuthData; -// } -// -// /** -// * @param assertionAuthData -// * the assertionAuthData to set -// */ -// public void setAssertionAuthData(AuthenticationData assertionAuthData) { -// this.assertionAuthData = assertionAuthData; -// } -// -// /** -// * @return the assertionPrPerson -// */ -// public String getAssertionPrPerson() { -// return assertionPrPerson; -// } -// -// /** -// * @param assertionPrPerson -// * the assertionPrPerson to set -// */ -// public void setAssertionPrPerson(String assertionPrPerson) { -// this.assertionPrPerson = assertionPrPerson; -// } -// -// /** -// * @return the assertionAuthBlock -// */ -// public String getAssertionAuthBlock() { -// return assertionAuthBlock; -// } -// -// /** -// * @param assertionAuthBlock -// * the assertionAuthBlock to set -// */ -// public void setAssertionAuthBlock(String assertionAuthBlock) { -// this.assertionAuthBlock = assertionAuthBlock; -// } -// -// /** -// * @return the assertionIlAssertion -// */ -// public String getAssertionIlAssertion() { -// return assertionIlAssertion; -// } -// -// /** -// * @param assertionIlAssertion -// * the assertionIlAssertion to set -// */ -// public void setAssertionIlAssertion(String assertionIlAssertion) { -// this.assertionIlAssertion = assertionIlAssertion; -// } -// -// /** -// * @return the assertionSignerCertificateBase64 -// */ -// public String getAssertionSignerCertificateBase64() { -// return assertionSignerCertificateBase64; -// } -// -// /** -// * @param assertionSignerCertificateBase64 -// * the assertionSignerCertificateBase64 to set -// */ -// public void setAssertionSignerCertificateBase64( -// String assertionSignerCertificateBase64) { -// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; -// } -// -// /** -// * @return the assertionBusinessService -// */ -// public boolean getAssertionBusinessService() { -// return assertionBusinessService; -// } -// -// /** -// * @param assertionBusinessService -// * the assertionBusinessService to set -// */ -// public void setAssertionBusinessService(boolean assertionBusinessService) { -// this.assertionBusinessService = assertionBusinessService; -// } - /** * @return the mandateReferenceValue */ @@ -1053,16 +905,6 @@ public class AuthenticationSession implements Serializable { this.ccc = ccc; } - - -// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { -// return XMLCreateSignatureResponse; -// } -// -// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { -// XMLCreateSignatureResponse = xMLCreateSignatureResponse; -// } - public boolean isForeigner() { return isForeigner; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 878e9d0cd..81ba83405 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.auth.parser; import java.io.UnsupportedEncodingException; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -137,7 +138,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! //Validate BKU URI - if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + List allowedbkus = oaParam.getBKUURL(); + allowedbkus.addAll(AuthConfigurationProvider.getInstance().getDefaultBKUURLs()); + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); if (!oaParam.getBusinessService()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java index 4cd471db0..b96fa519f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.io.PrintWriter; -import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -14,7 +13,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.monitoring.TestManager; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; public class MonitoringServlet extends AuthServlet { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java deleted file mode 100644 index 40d57e60b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; - -/** - * Servlet requested for selecting a BKU. - *
    In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete, - * the browser is redirected to the configured "BKU-Auswahl-URL". - *
    In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect, - * the list of available BKU's is fetched from a BKU-Auswahl server, and presented - * to the user in an HTML form. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SelectBKUServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 4764993494204751296L; - -/** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - - /** - * Responds with an HTML form which requests the user to choose a BKU. - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET SelectBKU"); - -// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); -// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); -// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); -// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); -// -// String authURL = req.getScheme() + "://" + req.getServerName(); -// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { -// authURL = authURL.concat(":" + req.getServerPort()); -// } -// authURL = authURL.concat(req.getContextPath() + "/"); -// -// String target = req.getParameter(PARAM_TARGET); -// String oaURL = req.getParameter(PARAM_OA); -// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); -// String templateURL = req.getParameter(PARAM_TEMPLATE); -// -// // escape parameter strings -// target = StringEscapeUtils.escapeHtml(target); -// oaURL = StringEscapeUtils.escapeHtml(oaURL); -// templateURL = StringEscapeUtils.escapeHtml(templateURL); -// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); -// -// -// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); -// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); -// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); -// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); -// -// try { -// -// // check parameter -// if (!ParamValidatorUtils.isValidOA(oaURL)) -// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); -// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) -// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); -// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) -// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); -// -// if (!ParamValidatorUtils.isValidTarget(target)) -// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); -// -// OAAuthParameter oaParam = -// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); -// if (oaParam == null) -// throw new AuthenticationException("auth.00", new Object[] { oaURL }); -// -// // get target and target friendly name from config -// String targetConfig = oaParam.getTarget(); -// -// String returnValue = null; -// if (StringUtils.isEmpty(targetConfig)) { -// // no target attribut is given in OA config -// // target is used from request -// // check parameter -// if (!ParamValidatorUtils.isValidTarget(target)) -// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); -// -// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); -// } -// else { -// // use target from config -// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); -// } -// -// -// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); -// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { -// // bkuSelectionType==HTMLComplete -// String redirectURL = returnValue; -// resp.setContentType("text/html"); -// resp.sendRedirect(redirectURL); -// Logger.info("REDIRECT TO: " + redirectURL); -// } else { -// // bkuSelectionType==HTMLSelect -// String htmlForm = returnValue; -// resp.setContentType("text/html;charset=UTF-8"); -// Logger.debug("HTML-Form: " + htmlForm); -// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); -// out.write(htmlForm); -// out.flush(); -// Logger.debug("Finished GET SelectBKU"); -// } -// } -// catch (WrongParametersException ex) { -// handleWrongParameters(ex, req, resp); -// } -// catch (Throwable ex) { -// handleError(null, ex, req, resp); -// } - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index d2a70c527..e1f527040 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -93,35 +93,6 @@ public class OAAuthParameter extends OAParameter { private String keyBoxIdentifier; -/** - * @return the slVersion - */ -//public String getSlVersion() { -// return oa_auth.getSlVersion(); -//} -// -///** -// * @return the slVersion12 -// */ -//public boolean isSlVersion12() { -// -// // set SLVersion to 1.2 per default -// return true; -// -//// if ("1.2".equals(oa_auth.getSlVersion())) -//// return true; -//// else -//// return false; -//} - -//public boolean getUseUTC() { -// return oa_auth.isUseUTC(); -//} -// -//public boolean useIFrame() { -// return oa_auth.isUseIFrame(); -//} - /** * @return the identityLinkDomainIdentifier */ @@ -159,13 +130,6 @@ public List getTransformsInfos() { return oa_auth.getOAPVP2(); } -///** -// * @return the bkuSelectionTemplateURL -// */ -//public String getBkuSelectionTemplateURL() { -// return bkuSelectionTemplateURL; -//} - /** * @return the templateURL */ @@ -247,20 +211,6 @@ public List getTransformsInfos() { return null; } -///** -// * @return the inputProcessorSignTemplateURL -// */ -//public String getInputProcessorSignTemplateURL() { -// return inputProcessorSignTemplateURL; -//} - -///** -// * @return the verifyInfoboxParameters -// */ -//public VerifyInfoboxParameters getVerifyInfoboxParameters() { -// return verifyInfoboxParameters; -//} - /** * @return the mandateProfiles */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java deleted file mode 100644 index 3745f2c95..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.data; -import java.util.HashMap; -import java.util.Iterator; -import java.util.StringTokenizer; - -import at.gv.egovernment.moa.logging.Logger; - -/** - * The Cookie-class provides methods to save and return cookies for - * each single session - * - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class Cookie { - /** A HahsMap containing all our cookies */ - HashMap cookies = new HashMap(); - /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication - * to send them back to the client/browser as soon as possible */ - HashMap cookies401 = new HashMap(); - - /** - * Adds a Cookie from a response with response-code 401 to the cookie-pool - * for sending it back to the browser / client - * @param cookieString The complete 'Set-Cookie' - String - */ - public void add401(String cookieString) - { - cookies401.put(getKey(cookieString),cookieString); - } - - /** - * Get the HashMap containing all cookies to be sent to the browser / client - * @return HashMap with all cookies - */ - public HashMap get401() - { - return cookies401; - } - - /** - * Clear the 401 cookie-pool - */ - public void clear401() - { - cookies401.clear(); - } - - /** - * Set a cookie that comes from the Online-Application - * and save it in our "normal" cookie-pool - * @param value The complete "Set-Cookie" - String from the Online-Application - */ - public void setCookie(String value) { - cookies.put(getKey(value), getValue(value)); - } - - /** - * Method saveOldCookies. - * @param value The complete "Set-Cookie" - String from the Online-Application - */ - public void saveOldCookies(String value) { - StringTokenizer st = new StringTokenizer(value,";"); - while (st.hasMoreTokens()) - { - // We have to trim because the Tokenizer returns cookies including spaces at the beginning - StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"="); - String cookieKey = st2.nextToken().trim(); - if (st2.hasMoreTokens()) - { - String cookieValue = st2.nextToken().trim(); - if (!cookies.containsKey(cookieKey)) - cookies.put(cookieKey , cookieValue); - } - } - Logger.debug("Found these cookies: " + getCookies()); - } - - /** - * Get a String containing all cookies saved in that session seperated by '; ' - * to be sent back to the Online-Application - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookies() { - String result = ""; - if (cookies.size()==0) - return null; - Iterator i = cookies.keySet().iterator(); - while (i.hasNext()) { - String key = (String) i.next(); - result += key + "=" + (String)cookies.get(key) + "; "; - } - return result.substring(0, result.length() - 2); - } - - /** - * Returns the key of a key-value-pair of a cookie - * getKey("CookieA=1234") returns CookieA - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the key of a key-value-pair of a cookie - */ - private String getKey(String input) { - return input.substring(0, input.indexOf("=")); - } - - /** - * Returns the value of a key-value-pair of a cookie - * getKey("CookieA=1234") returns 1234 - * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie - * @return String the value of a key-value-pair of a cookie - */ - private String getValue(String input) { - if (input.indexOf(";") == -1) - return input.substring(input.indexOf("=") + 1, input.getBytes().length); - return input.substring(input.indexOf("=") + 1, input.indexOf(";")); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java deleted file mode 100644 index cb87f8ff0..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.data; - -import java.util.HashMap; - -/** - * The CookieManager is a singleton to manage a Cookie-Object for - * each session - * @author Stefan Knirsch - * @version $Id$ - * - */ -public class CookieManager { - /** the singleton instance of the CookieManager */ - private static CookieManager instance; - /** a HashMap to bind a Cookie-object to every single session*/ - private static HashMap cookies = new HashMap(); - - /** - * Create a singleton of the CookieManager - * @return CookieManager - */ - public static CookieManager getInstance() - { - if(instance==null) instance=new CookieManager(); - return instance; - } - - /** - * Save a cookie to a specified session-id - * @param id The session id - * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication - */ - public void saveCookie(String id, String cookie_string) - { - getCookieWithID(id).setCookie(cookie_string); - } - - /** - * Method saveOldCookies. - * @param id - * @param cookie_string - */ - public void saveOldCookies(String id,String cookie_string) - { - getCookieWithID(id).saveOldCookies(cookie_string); - } - - /** - * Get a Cookie-Object for a specified session-id - * @param id The session id - * @return Cookie object containing all saved cookies for this session - */ - public Cookie getCookieWithID(String id) - { - Cookie c = null; - if(cookies.containsKey(id)) - c = (Cookie)cookies.get(id); - else - { - c = new Cookie(); - cookies.put(id,c); - } - return c; - } - - - /** - * Get a String containing all cookies of a specified session-id - * saved in that session seperated by '; ' to be sent back to - * the Online-Application - * @param id the session-id - * @return String containing all cookies saved in that session seperated by '; ' - */ - public String getCookie(String id) - { - Cookie result = (Cookie)cookies.get((String)id); - if (result==null) - return null; - return result.getCookies(); - - } - - /** - * Adds a Cookie for a special session from a response with - * response-code 401 to the cookie-pool for sending it back - * to the browser / client - * @param id The session-id - * @param value The complete 'Set-Cookie' - String - */ - public void add401(String id,String value) - { - getCookieWithID(id).add401(value); - } - - /** - * Clear the 401 cookie-pool of a session - * @param id the session-id - */ - public void clear401(String id) - { - getCookieWithID(id).clear401(); - } - - /** - * Get the HashMap containing all cookies of a session to be sent to the browser / client - * @param id the session-id - * @return HashMap with all cookies - */ - public HashMap get401(String id) - { - return getCookieWithID(id).get401(); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index d9e3b741f..39c22b701 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -11,7 +11,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import org.opensaml.DefaultBootstrap; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.AuthnRequest; import org.opensaml.saml2.core.RequestAbstractType; @@ -23,11 +22,9 @@ import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.xml.ConfigurationException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -39,7 +36,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; @@ -47,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; @@ -61,18 +56,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public static final String SOAP = "Soap"; public static final String METADATA = "Metadata"; - private static List servletList = new ArrayList(); - private static List decoder = new ArrayList(); private static HashMap actions = new HashMap(); static { - servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, - ServletType.AUTH)); - servletList.add(new ServletInfo(PVPProcessor.class, POST, - ServletType.AUTH)); - decoder.add(new PostBinding()); decoder.add(new RedirectBinding()); @@ -94,10 +82,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return instance; } - public List getServlets() { - return servletList; - } - public String getName() { return NAME; } @@ -179,19 +163,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); - //TODO: maybe change to getEntityID() - //String oaURL = consumerService.getLocation(); String oaURL = moaRequest.getEntityMetadata().getEntityID(); String binding = consumerService.getBinding(); String entityID = moaRequest.getEntityMetadata().getEntityID(); Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding); - //String oaURL = (String) request.getParameter(PARAM_OA); oaURL = StringEscapeUtils.escapeHtml(oaURL); -// if (!ParamValidatorUtils.isValidOA(oaURL)) -// throw new WrongParametersException("StartAuthentication", -// PARAM_OA, "auth.12"); config.setOAURL(oaURL); config.setBinding(binding); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index d842d5fe0..7d101c936 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -4,6 +4,9 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; public class PVPTargetConfiguration extends RequestImpl { + + private static final long serialVersionUID = 4889919265919638188L; + MOARequest request; String binding; String consumerURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 75186eec2..fa9dbe990 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -1,28 +1,15 @@ package at.gv.egovernment.moa.id.protocols.saml1; -import java.io.IOException; -import java.io.PrintWriter; -import java.io.UnsupportedEncodingException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -34,15 +21,7 @@ public class GetArtifactAction implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { - -// HttpSession httpSession = httpReq.getSession(); -// AuthenticationManager authmanager = AuthenticationManager.getInstance(); -// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - -// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) { -// throw new AuthenticationException("auth.21", new Object[] {}); -// } - + String oaURL = (String) req.getOAURL(); String target = (String) req.getTarget(); @@ -59,23 +38,10 @@ public class GetArtifactAction implements IAction { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - - // if (oaURL == null) { -// oaURL = session.getOAURLRequested(); -// } - - // TODO: Support Mandate MODE! OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(oaURL); - - // builds authentication data and stores it together with a SAML - // artifact - - //TODO: check, if this is correct!!!! - //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), - // useUTC, false); - + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, @@ -97,18 +63,13 @@ public class GetArtifactAction implements IAction { httpResp.addHeader("Location", url); } else { - String redirectURL = oaURL; - - //session.getOAURLRequested(); - + String redirectURL = oaURL; if (!oaParam.getBusinessService()) { -// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -// URLEncoder.encode(session.getTarget(), "UTF-8")); redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); - } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = httpResp.encodeRedirectURL(redirectURL); @@ -120,30 +81,11 @@ public class GetArtifactAction implements IAction { return authData.getAssertionID(); - } catch (WrongParametersException ex) { - // handleWrongParameters(ex, req, httpResp); - ex.printStackTrace(); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (BuildException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (AuthenticationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (MOADatabaseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + } catch (Exception ex) { + Logger.error("SAML1 Assertion build error", ex); + throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); } - return null; } protected static String addURLParameter(String url, String paramname, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java deleted file mode 100644 index 87868e777..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ /dev/null @@ -1,135 +0,0 @@ -package at.gv.egovernment.moa.id.protocols.saml1; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.URLEncoder; - -public class GetArtifactServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 3593264832041467899L; - - /** - * Constructor for GetArtifactServlet. - */ - public GetArtifactServlet() { - super(); - } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - HttpSession httpSession = req.getSession(); - - - -// AuthenticationSession session = AuthenticationManager -// .getAuthenticationSession(httpSession); -// -// String oaURL = (String) req.getAttribute(PARAM_OA); -// oaURL = StringEscapeUtils.escapeHtml(oaURL); -// -// String target = (String) req.getAttribute(PARAM_TARGET); -// target = StringEscapeUtils.escapeHtml(target); -// -// try { -// -// // check parameter -// if (!ParamValidatorUtils.isValidOA(oaURL)) -// throw new WrongParametersException("StartAuthentication", -// PARAM_OA, "auth.12"); -// -// if (oaURL == null) { -// oaURL = session.getOAURLRequested(); -// } -// -// if (oaURL == null) { -// throw new WrongParametersException("StartAuthentication", -// PARAM_OA, "auth.12"); -// } -// -// String samlArtifactBase64 = SAML1AuthenticationServer -// .BuildSAMLArtifact(session); -// -// String redirectURL = oaURL; -// session.getOAURLRequested(); -// if (!session.getBusinessService()) { -// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -// URLEncoder.encode(session.getTarget(), "UTF-8")); -// -// } -// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, -// URLEncoder.encode(samlArtifactBase64, "UTF-8")); -// redirectURL = resp.encodeRedirectURL(redirectURL); -// -// resp.setContentType("text/html"); -// resp.setStatus(302); -// -// resp.addHeader("Location", redirectURL); -// Logger.debug("REDIRECT TO: " + redirectURL); -// -// // CONFIRMATION FOR SSO! -// /* -// * OAAuthParameter oaParam = -// * AuthConfigurationProvider.getInstance(). -// * getOnlineApplicationParameter(oaURL); -// * -// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName -// * == null) { friendlyName = oaURL; } -// * -// * -// * LoginConfirmationBuilder builder = new -// * LoginConfirmationBuilder(); -// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); -// * String form = builder.finish(oaURL, session.getIdentityLink() -// * .getName(), friendlyName); -// */ -// -// /* -// resp.setContentType("text/html"); -// -// OutputStream out = resp.getOutputStream(); -// out.write(form.getBytes("UTF-8")); -// out.flush(); -// out.close();*/ -// -// } catch (WrongParametersException ex) { -// handleWrongParameters(ex, req, resp); -// } catch (ConfigurationException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } catch (BuildException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } catch (AuthenticationException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } - - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - doGet(req, resp); - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 9e5f43d8e..c9ee281e6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -51,11 +51,9 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return instance; } - //private static Map authenticationDataStore = new HashMap(); private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); - //TODO: make this time configurable /** * time out in milliseconds used by {@link cleanup} for authentication data * store @@ -119,19 +117,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } - //removed from MOA-ID 2.0 config -// try { -// String boolStr = AuthConfigurationProvider.getInstance() -// .getGenericConfigurationParameter( -// "AuthenticationServer.KeepAssertion"); -// if (null != boolStr && boolStr.equalsIgnoreCase("true")) -// keepAssertion = true;// Only allowed for debug purposes!!! -// -// } catch (ConfigurationException ex) { -// throw new AuthenticationException("1205", new Object[] { -// samlArtifact, ex.toString() }); -// } - authenticationDataStore.remove(samlArtifact); long now = new Date().getTime(); @@ -317,11 +302,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.setSamlAssertion(samlAssertion); -// String samlArtifact = new SAMLArtifactBuilder().build( -// session.getAuthURL(), session.getSessionID(), -// saml1parameter.getSourceID()); - - //TODO: check if it correct String samlArtifact = new SAMLArtifactBuilder().build( session.getAuthURL(), Random.nextRandom(), saml1parameter.getSourceID()); @@ -349,10 +329,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - //AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - IdentityLink tempIdentityLink = null; Element mandate = session.getMandate(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index e36ac0a8c..9d163032e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -1,8 +1,6 @@ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; import java.util.HashMap; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -19,8 +17,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ServletInfo; -import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -33,13 +29,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public static final String GETARTIFACT = "GetArtifact"; - private static List servletList = new ArrayList(); - private static HashMap actions = new HashMap(); static { - servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, - ServletType.AUTH)); actions.put(GETARTIFACT, new GetArtifactAction()); @@ -55,11 +47,6 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return instance; } - public List getServlets() { - return servletList; - } - - public String getName() { return NAME; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index a78585ff0..e17c9728d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -1,11 +1,7 @@ package at.gv.egovernment.moa.id.storage; -import java.io.Serializable; import java.util.Date; -import java.util.HashMap; -import java.util.Iterator; import java.util.List; -import java.util.Set; import org.apache.commons.lang.SerializationUtils; import org.hibernate.HibernateException; @@ -16,9 +12,7 @@ import org.hibernate.Transaction; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; @@ -163,18 +157,6 @@ public class AuthenticationSessionStoreage { } -// public static void dumpSessionStore() { -// synchronized (sessionStore) { -// Set keys = sessionStore.keySet(); -// Iterator keyIterator = keys.iterator(); -// while(keyIterator.hasNext()) { -// String key = keyIterator.next(); -// AuthenticationSession session = sessionStore.get(key); -// Logger.info("Key: " + key + " -> " + session.toString()); -// } -// } -// } - public static String changeSessionID(AuthenticationSession session) throws AuthenticationException, BuildException { @@ -373,20 +355,6 @@ public class AuthenticationSessionStoreage { } else { return true; - -// AuthenticatedSessionStore dbsession = result.get(0); -// -// -// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { -// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); -// return true; -// -// } else { -// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() -// + " but this Session does not match to MOA Sesson ID=" + moaSessionId); -// } -// -// return false; } } -- cgit v1.2.3