From 261294df86c33105eb2113808fc6f171e9250ac7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Jun 2013 11:46:00 +0200 Subject: Generic Artifact/Assertion management by using Hibernate for SAML1 and PVP2 --- .../id/config/auth/AuthConfigurationProvider.java | 45 ++++++++ .../moa/id/data/AuthenticationData.java | 7 +- .../id/protocols/pvp2x/PVPAssertionStorage.java | 25 +++-- .../protocols/saml1/SAML1AuthenticationServer.java | 61 +++++++---- .../moa/id/storage/AssertionStorage.java | 119 +++++++++++++++++++++ 5 files changed, 227 insertions(+), 30 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b86b2ec68..b21bfdacb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -27,16 +27,23 @@ package at.gv.egovernment.moa.id.config.auth; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; import java.util.List; +import java.util.Properties; +import org.hibernate.cfg.Configuration; import org.w3c.dom.Element; import org.w3c.dom.Node; +import test.tlenz.simpletest; + import eu.stork.vidp.messages.common.STORKBootstrap; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; import at.gv.egovernment.moa.id.config.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; @@ -45,6 +52,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -278,11 +286,48 @@ public class AuthConfigurationProvider extends ConfigurationProvider { throw new ConfigurationException("config.03", null, t); } + + //Initial Hibernate Framework + //TODO: Full update to new MOA-ID configuration!!! + Logger.trace("Initializing Hibernate framework."); + + String propertiesFileLocation = System.getProperty("moa.id.config"); + MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); + File propertiesFile = new File(propertiesFileLocation); + FileInputStream fis; + Properties props = new Properties(); + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + + // initialize hibernate + synchronized (AuthConfigurationProvider.class) { + Configuration hibernateConfig = new Configuration(); + hibernateConfig.addAnnotatedClass(AssertionStore.class); + hibernateConfig.addProperties(props); + HibernateUtil.initHibernate(hibernateConfig, props); + } + Logger.trace("Hibernate initialization finished."); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + } + + //Initialize OpenSAML for STORK Logger.trace("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 79f3b4e30..c1de93fae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; import java.util.Date; /** @@ -33,8 +34,12 @@ import java.util.Date; * @version $Id$ */ -public class AuthenticationData { +public class AuthenticationData implements Serializable { /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** * major version number of the SAML assertion */ private int majorVersion; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index c188914df..a61dc53be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -1,13 +1,12 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; -import java.util.HashMap; -import java.util.Map; - import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.artifact.SAMLArtifactMap; import org.opensaml.xml.io.MarshallingException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; +import at.gv.egovernment.moa.id.storage.AssertionStorage; public class PVPAssertionStorage implements SAMLArtifactMap { @@ -20,7 +19,8 @@ public class PVPAssertionStorage implements SAMLArtifactMap { return instance; } - private Map assertions = new HashMap(); + //private Map assertions = new HashMap(); + private AssertionStorage assertions = AssertionStorage.getInstance(); public boolean contains(String artifact) { return assertions.containsKey(artifact); @@ -33,11 +33,24 @@ public class PVPAssertionStorage implements SAMLArtifactMap { issuerId, samlMessage); - assertions.put(artifact, assertion); + try { + assertions.put(artifact, assertion); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be stored + throw new MarshallingException("Assertion are not stored in Database.",e); + } } public SAMLArtifactMapEntry get(String artifact) { - return assertions.get(artifact); + try { + return (SAMLArtifactMapEntry) assertions.get(artifact); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be read + e.printStackTrace(); + return null; + } } public void remove(String artifact) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 4399c556b..d22993030 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -22,10 +22,12 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -39,7 +41,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer { // We might need to introduce a openEJB to accomplish this /** authentication data store (assertion handle -> AuthenticationData) */ @SuppressWarnings("rawtypes") - private static Map authenticationDataStore = new HashMap(); + + + //private static Map authenticationDataStore = new HashMap(); + private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); + /** * time out in milliseconds used by {@link cleanup} for authentication data @@ -180,34 +186,40 @@ public class SAML1AuthenticationServer extends AuthenticationServer { AuthenticationData authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; + try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); + authData = (AuthenticationData) authenticationDataStore + .get(assertionHandle); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); } + } + boolean keepAssertion = false; + try { + String boolStr = AuthConfigurationProvider.getInstance() + .getGenericConfigurationParameter( + "AuthenticationServer.KeepAssertion"); + if (null != boolStr && boolStr.equalsIgnoreCase("true")) + keepAssertion = true;// Only allowed for debug purposes!!! + + } catch (ConfigurationException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + if (!keepAssertion) { + authenticationDataStore.remove(assertionHandle); + } + long now = new Date().getTime(); + if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + return authData; } @@ -283,13 +295,16 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); String assertionHandle = parser.parseAssertionHandle(); + synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); authenticationDataStore.put(assertionHandle, authData); } + } catch (AuthenticationException ex) { throw ex; + } catch (Throwable ex) { throw new AuthenticationException("auth.06", new Object[] { samlArtifact }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java new file mode 100644 index 000000000..93cd43651 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionStorage { + + private static AssertionStorage instance = null; + + public static AssertionStorage getInstance() { + if(instance == null) { + instance = new AssertionStorage(); + } + return instance; + } + + public boolean containsKey(String artifact) { + try { + searchInDatabase(artifact); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String artifact, Object assertion) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(artifact); + element.setType(assertion.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) assertion); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + HibernateUtil.saveOrUpdate(element); + Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Assertion could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public Object get(String artifact) throws MOADatabaseException { + + AssertionStore element = searchInDatabase(artifact); + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + Object test = Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Log.warn("Assertion Cast-Exception by using Artifact=" + artifact); + throw new MOADatabaseException("Assertion Cast-Exception"); + } + } + + + public void remove(String artifact) { + + try { + AssertionStore element = searchInDatabase(artifact); + HibernateUtil.delete(element); + + } catch (MOADatabaseException e) { + Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Assertion not removed! (Error during Database communication)", e); + } + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); + Session session = HibernateUtil.getCurrentSession(); + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + List result = query.list(); + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No Assertion found with this Artifact"); + } + + return (AssertionStore) result.get(0); + } +} -- cgit v1.2.3