From 261294df86c33105eb2113808fc6f171e9250ac7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 7 Jun 2013 11:46:00 +0200
Subject: Generic Artifact/Assertion management by using Hibernate for SAML1
 and PVP2

---
 .../id/config/auth/AuthConfigurationProvider.java  |  45 ++++++++
 .../moa/id/data/AuthenticationData.java            |   7 +-
 .../id/protocols/pvp2x/PVPAssertionStorage.java    |  25 +++--
 .../protocols/saml1/SAML1AuthenticationServer.java |  61 +++++++----
 .../moa/id/storage/AssertionStorage.java           | 119 +++++++++++++++++++++
 5 files changed, 227 insertions(+), 30 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java

(limited to 'id/server/idserverlib/src/main/java/at')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index b86b2ec68..b21bfdacb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -27,16 +27,23 @@ package at.gv.egovernment.moa.id.config.auth;
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
 import java.util.List;
+import java.util.Properties;
 
+import org.hibernate.cfg.Configuration;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import test.tlenz.simpletest;
+
 import eu.stork.vidp.messages.common.STORKBootstrap;
 
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
 import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -45,6 +52,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 
@@ -278,11 +286,48 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 				throw new ConfigurationException("config.03", null, t);
 		  }
 
+			
+		//Initial Hibernate Framework
+		//TODO: Full update to new MOA-ID configuration!!! 	
+		Logger.trace("Initializing Hibernate framework.");
+		
+		String propertiesFileLocation = System.getProperty("moa.id.config");
+		MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
+		File propertiesFile = new File(propertiesFileLocation);
+		FileInputStream fis;
+		Properties props = new Properties();
+		try {
+			fis = new FileInputStream(propertiesFile);
+			props.load(fis);
+			
+			
+			// initialize hibernate
+			synchronized (AuthConfigurationProvider.class) {
+				Configuration hibernateConfig = new Configuration();
+			    hibernateConfig.addAnnotatedClass(AssertionStore.class);
+			    hibernateConfig.addProperties(props);
+			    HibernateUtil.initHibernate(hibernateConfig, props);
+			  }
+			Logger.trace("Hibernate initialization finished.");
+			
+		} catch (FileNotFoundException e) {
+			throw new ConfigurationException("config.03", null, e);
+			
+		} catch (IOException e) {
+			throw new ConfigurationException("config.03", null, e);
+			
+		} catch (ExceptionInInitializerError e) {
+			throw new  ConfigurationException("config.17", null, e);
+		}
+		
+				
 		//Initialize OpenSAML for STORK
 		Logger.trace("Starting initialization of OpenSAML...");
 		STORKBootstrap.bootstrap();
 		Logger.debug("OpenSAML successfully initialized");
 			
+		
+		
         // build the internal datastructures
     	builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
     	bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 79f3b4e30..c1de93fae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -24,6 +24,7 @@
 
 package at.gv.egovernment.moa.id.data;
 
+import java.io.Serializable;
 import java.util.Date;
 
 /**
@@ -33,8 +34,12 @@ import java.util.Date;
  * @version $Id$
  */
 
-public class AuthenticationData {
+public class AuthenticationData implements Serializable {
   /**
+	 * 
+	 */
+	private static final long serialVersionUID = -1042697056735596866L;
+/**
    * major version number of the SAML assertion
    */
   private int majorVersion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index c188914df..a61dc53be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -1,13 +1,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.binding.artifact.SAMLArtifactMap;
 import org.opensaml.xml.io.MarshallingException;
 
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
 
 public class PVPAssertionStorage implements SAMLArtifactMap {
 
@@ -20,7 +19,8 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 		return instance;
 	}
 	
-	private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+	//private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
+	private AssertionStorage assertions = AssertionStorage.getInstance();
 	
 	public boolean contains(String artifact) {
 		return assertions.containsKey(artifact);
@@ -33,11 +33,24 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 				issuerId,
 				samlMessage);
 		
-		assertions.put(artifact, assertion);
+		try {
+			assertions.put(artifact, assertion);
+			
+		} catch (MOADatabaseException e) {
+			// TODO Insert Error Handling, if Assertion could not be stored
+			throw new MarshallingException("Assertion are not stored in Database.",e);
+		}
 	}
 
 	public SAMLArtifactMapEntry get(String artifact) {
-		return assertions.get(artifact);
+		try {
+			return (SAMLArtifactMapEntry) assertions.get(artifact);
+			
+		} catch (MOADatabaseException e) {
+			// TODO Insert Error Handling, if Assertion could not be read
+			e.printStackTrace();
+			return null;
+		}
 	}
 
 	public void remove(String artifact) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 4399c556b..d22993030 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -22,10 +22,12 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -39,7 +41,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	// We might need to introduce a openEJB to accomplish this
 	/** authentication data store (assertion handle -> AuthenticationData) */
 	@SuppressWarnings("rawtypes")
-	private static Map authenticationDataStore = new HashMap();
+	
+	
+	//private static Map authenticationDataStore = new HashMap();
+	private static AssertionStorage authenticationDataStore =  AssertionStorage.getInstance();
+	
 	
 	/**
 	 * time out in milliseconds used by {@link cleanup} for authentication data
@@ -180,34 +186,40 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 		AuthenticationData authData = null;
 		synchronized (authenticationDataStore) {
 			// System.out.println("assertionHandle: " + assertionHandle);
-			authData = (AuthenticationData) authenticationDataStore
-					.get(assertionHandle);
-			if (authData == null) {
-				Logger.error("Assertion not found for SAML Artifact: "
-						+ samlArtifact);
-				throw new AuthenticationException("1206",
-						new Object[] { samlArtifact });
-			}
-			boolean keepAssertion = false;
+						
 			try {
-				String boolStr = AuthConfigurationProvider.getInstance()
-						.getGenericConfigurationParameter(
-								"AuthenticationServer.KeepAssertion");
-				if (null != boolStr && boolStr.equalsIgnoreCase("true"))
-					keepAssertion = true;// Only allowed for debug purposes!!!
-			} catch (ConfigurationException ex) {
-				throw new AuthenticationException("1205", new Object[] {
-						samlArtifact, ex.toString() });
-			}
-			if (!keepAssertion) {
-				authenticationDataStore.remove(assertionHandle);
+				authData = (AuthenticationData) authenticationDataStore
+						.get(assertionHandle);
+				
+			} catch (MOADatabaseException e) {
+				Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+				throw new AuthenticationException("1206", new Object[] { samlArtifact });
 			}
+				
 		}
+		boolean keepAssertion = false;
+		try {
+			String boolStr = AuthConfigurationProvider.getInstance()
+					.getGenericConfigurationParameter(
+							"AuthenticationServer.KeepAssertion");
+			if (null != boolStr && boolStr.equalsIgnoreCase("true"))
+				keepAssertion = true;// Only allowed for debug purposes!!!
+			
+		} catch (ConfigurationException ex) {
+			throw new AuthenticationException("1205", new Object[] {
+					samlArtifact, ex.toString() });
+		}
+		if (!keepAssertion) {
+			authenticationDataStore.remove(assertionHandle);
+		}
+		
 		long now = new Date().getTime();
+		
 		if (now - authData.getTimestamp().getTime() > authDataTimeOut)
-			throw new AuthenticationException("1207",
-					new Object[] { samlArtifact });
+			throw new AuthenticationException("1207", new Object[] { samlArtifact });
+		
 		Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+		
 		return authData;
 	}
 	
@@ -283,13 +295,16 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				throw new AuthenticationException("auth.06",
 						new Object[] { samlArtifact });
 			String assertionHandle = parser.parseAssertionHandle();
+			
 			synchronized (authenticationDataStore) {
 				Logger.debug("Assertion stored for SAML Artifact: "
 						+ samlArtifact);
 				authenticationDataStore.put(assertionHandle, authData);
 			}
+			
 		} catch (AuthenticationException ex) {
 			throw ex;
+			
 		} catch (Throwable ex) {
 			throw new AuthenticationException("auth.06",
 					new Object[] { samlArtifact });
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
new file mode 100644
index 000000000..93cd43651
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.storage;
+
+import iaik.util.logging.Log;
+
+import java.io.Serializable;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class AssertionStorage {
+
+	private static AssertionStorage instance = null;
+	
+	public static AssertionStorage getInstance() {
+		if(instance == null) {
+			instance = new AssertionStorage();
+		}
+		return instance;
+	}
+	 
+	public boolean containsKey(String artifact) {
+		try {
+			searchInDatabase(artifact);
+			return true;
+			
+		} catch (MOADatabaseException e) {
+			return false;
+		}
+		
+	}
+	
+	public void put(String artifact, Object assertion) throws MOADatabaseException {	
+		//setup AssertionStore element
+		AssertionStore element = new AssertionStore();
+		element.setArtifact(artifact);
+		element.setType(assertion.getClass().getName());
+		element.setDatatime(new Date());
+
+		//serialize the Assertion for Database storage
+		byte[] data = SerializationUtils.serialize((Serializable) assertion);
+		element.setAssertion(data);
+		
+		//store AssertionStore element to Database
+		try {
+			HibernateUtil.saveOrUpdate(element);
+			Log.info("Assertion with Artifact=" + artifact + " is stored in Database");
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("Assertion could not be stored.");
+			throw new MOADatabaseException(e);
+		}
+		
+	}
+	 
+	public Object get(String artifact) throws MOADatabaseException {
+	 
+	  AssertionStore element = searchInDatabase(artifact);
+	  
+	  //Deserialize Assertion
+	  Object data = SerializationUtils.deserialize(element.getAssertion());
+	  
+	  //check if assertion has the correct class type 
+	  try {
+		Object test = Class.forName(element.getType()).cast(data);
+		return test;
+		
+	  } catch (Exception e) {
+		Log.warn("Assertion Cast-Exception by using Artifact=" + artifact);
+		throw new MOADatabaseException("Assertion Cast-Exception");
+	  }
+	}
+	
+	 
+	public void remove(String artifact) {
+		
+		 try {
+			AssertionStore element = searchInDatabase(artifact);
+			HibernateUtil.delete(element);
+				
+		} catch (MOADatabaseException e) {
+			Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact 
+					+ "not found)");
+
+		} catch (HibernateException e) {
+			Logger.warn("Assertion not removed! (Error during Database communication)", e);
+		}
+	}
+
+	@SuppressWarnings("rawtypes")
+	private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException {
+		  MiscUtil.assertNotNull(artifact, "artifact");	  
+		  Logger.trace("Getting Assertion with Artifact " + artifact + " from database.");
+		  Session session = HibernateUtil.getCurrentSession();
+		  session.beginTransaction();
+		  Query query = session.getNamedQuery("getAssertionWithArtifact");
+		  query.setString("artifact", artifact);
+		  List result = query.list();
+		  
+		  Logger.trace("Found entries: " + result.size());
+		  
+		  //Assertion requires an unique artifact
+		  if (result.size() != 1) {
+			 Logger.trace("No entries found.");
+		   	throw new MOADatabaseException("No Assertion found with this Artifact");
+		  }
+		  
+		  return (AssertionStore) result.get(0);
+	}
+}
-- 
cgit v1.2.3