From f10fb18bac8e4b98460d100a4af42a943ddb75df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 25 Oct 2016 16:23:23 +0200 Subject: fix another problem in session database --- .../moa/id/advancedlogging/MOAReversionLogger.java | 8 +- .../moa/id/advancedlogging/StatisticLogger.java | 43 +- .../moa/id/auth/BaseAuthenticationServer.java | 28 -- .../id/auth/builder/AuthenticationDataBuilder.java | 35 +- .../auth/builder/SignatureVerificationUtils.java | 6 +- .../moa/id/auth/data/AuthenticationSession.java | 353 ++++++++------- .../id/auth/data/AuthenticationSessionWrapper.java | 492 +++++++++++++++++++++ .../id/auth/data/ExtendedSAMLAttributeImpl.java | 24 +- .../egovernment/moa/id/auth/data/IdentityLink.java | 220 +++++---- .../moa/id/auth/data/InfoboxValidationResult.java | 9 +- .../id/auth/data/InfoboxValidationResultImpl.java | 1 + .../id/auth/data/VerifyXMLSignatureResponse.java | 217 ++++----- .../id/auth/modules/AbstractAuthServletTask.java | 32 +- .../tasks/EvaluateSSOConsentsTaskImpl.java | 18 +- .../internal/tasks/FinalizeAuthenticationTask.java | 7 +- .../auth/parser/IdentityLinkAssertionParser.java | 5 +- .../StartAuthentificationParameterParser.java | 22 +- .../parser/VerifyXMLSignatureResponseParser.java | 5 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 14 +- .../moa/id/auth/servlet/LogOutServlet.java | 5 +- .../moa/id/data/AuthenticationData.java | 15 +- .../at/gv/egovernment/moa/id/data/IAuthData.java | 7 +- .../at/gv/egovernment/moa/id/data/MISMandate.java | 39 +- .../moa/id/moduls/AuthenticationManager.java | 120 ++--- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 47 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 13 +- .../AbstractAuthProtocolModulController.java | 51 ++- .../protocols/ProtocolFinalizationController.java | 67 ++- .../MandateProfRepDescAttributeBuilder.java | 4 +- .../MandateProfRepOIDAttributeBuilder.java | 4 +- .../id/protocols/pvp2x/AttributQueryAction.java | 10 +- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 6 +- .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 9 +- .../metadata/MOASPMetadataSignatureFilter.java | 4 +- .../storage/DBAuthenticationSessionStoreage.java | 121 ++--- .../id/storage/IAuthenticationSessionStoreage.java | 80 ++-- 36 files changed, 1342 insertions(+), 799 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 4a5cbd55f..b26c9c1a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -31,11 +31,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -177,7 +177,7 @@ public class MOAReversionLogger { } - public void logMandateEventSet(IRequest pendingReq, MISMandate mandate) { + public void logMandateEventSet(IRequest pendingReq, IMISMandate mandate) { if (MiscUtil.isNotEmpty(mandate.getOWbPK())) logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK, mandate.getOWbPK()); @@ -222,7 +222,7 @@ public class MOAReversionLogger { * @param identityLink */ public void logPersonalInformationEvent(IRequest pendingReq, - IdentityLink identityLink) { + IIdentityLink identityLink) { logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH, buildPersonInformationHash( identityLink.getGivenName(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 14c0800b1..5b0f5115d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -43,7 +43,6 @@ import org.springframework.transaction.annotation.Transactional; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -51,13 +50,14 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -149,7 +149,7 @@ public class StatisticLogger implements IStatisticLogger{ if (authData.isUseMandate()) { dblog.setMandatelogin(authData.isUseMandate()); - MISMandate mandate = authData.getMISMandate(); + IMISMandate mandate = authData.getMISMandate(); if (mandate != null) { if (MiscUtil.isNotEmpty(mandate.getProfRep())) { @@ -254,23 +254,32 @@ public class StatisticLogger implements IStatisticLogger{ //dblog.setOaID(dbOA.getHjid()); dblog.setBusinessservice(isBusinessService(dbOA)); - try { - AuthenticationSession moasession = authenticatedSessionStorage. - getSession(errorRequest.getMOASessionIdentifier()); - if (moasession != null) { - if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { - dblog.setBkuurl(moasession.getBkuURL()); - dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); - } - - dblog.setMandatelogin(moasession.isMandateUsed()); + IAuthenticationSession moasession = null; + if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) { + Logger.debug("Use MOA session information from SSO session for ErrorLogging"); + try { + moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier()); + + } catch (MOADatabaseException e) { + Logger.error("Error during database communication", e); + } - - } catch (MOADatabaseException e) { - Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information."); + + } else { + Logger.debug("Use MOA session information from pending-req for ErrorLogging"); + moasession = errorRequest.getMOASession(); } - + + if (moasession != null) { + if (MiscUtil.isNotEmpty(moasession.getBkuURL())) { + dblog.setBkuurl(moasession.getBkuURL()); + dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); + } + + dblog.setMandatelogin(moasession.isMandateUsed()); + } + generateErrorLogFormThrowable(throwable, dblog); entityManager.persist(dblog); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java index 20f2029cb..f0d9741d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java @@ -4,11 +4,8 @@ package at.gv.egovernment.moa.id.auth; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; /** * API for MOA ID Authentication Service.
{@link AuthenticationSession} is @@ -20,32 +17,7 @@ import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; */ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { - @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired protected AuthConfiguration authConfig; - /** - * Retrieves a session from the session store. - * - * @param id session ID - * @return AuthenticationSession stored with given session ID (never {@code null}). - * @throws AuthenticationException in case the session id does not reflect a valic, active session. - */ - public AuthenticationSession getSession(String id) - throws AuthenticationException { - AuthenticationSession session; - try { - session = authenticationSessionStorage.getSession(id); - - if (session == null) - throw new AuthenticationException("auth.02", new Object[]{id}); - return session; - - } catch (MOADatabaseException e) { - throw new AuthenticationException("auth.02", new Object[]{id}); - - } catch (Exception e) { - throw new AuthenticationException("parser.04", new Object[]{id}); - } - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 16d320ea5..3264fc3bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -47,11 +47,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -61,6 +57,11 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; @@ -110,13 +111,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { public IAuthData buildAuthenticationData(IRequest pendingReq, - AuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration()); } public IAuthData buildAuthenticationData(IRequest pendingReq, - AuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + IAuthenticationSession session, IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { AuthenticationData authdata = null; //only needed for SAML1 legacy support @@ -253,7 +254,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException { Collection includedToGenericAuthData = null; @@ -273,8 +274,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //#################################################### //parse user info's from identityLink - IdentityLink idlFromPVPAttr = null; - IdentityLink identityLink = session.getIdentityLink(); + IIdentityLink idlFromPVPAttr = null; + IIdentityLink identityLink = session.getIdentityLink(); if (identityLink != null) { parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData); @@ -515,7 +516,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } //mandate functionality - MISMandate misMandate = null; + IMISMandate misMandate = null; if (session.isMandateUsed()) { //#################################################### //set Mandate reference value @@ -766,7 +767,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { //#################################################################### //parse AuthBlock signature-verification response //INFO: this parameters are only required for SAML1 auth. protocol - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + IVerifiyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); if (verifyXMLSigResp != null) { authData.setQualifiedCertificate(verifyXMLSigResp .isQualifiedCertificate()); @@ -833,7 +834,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { return false; } - private void parseBasicUserInfosFromIDL(AuthenticationData authData, IdentityLink identityLink, Collection includedGenericSessionData) { + private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection includedGenericSessionData) { //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); @@ -919,7 +920,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @return Pair which was received by PVP-Attribute and could be decrypted for this Service Provider, * or null if no attribute exists or can not decrypted */ - private Pair getEncryptedbPKFromPVPAttribute(AuthenticationSession session, + private Pair getEncryptedbPKFromPVPAttribute(IAuthenticationSession session, AuthenticationData authData, IOAAuthParameters spConfig) { //set List of encrypted bPKs to authData DAO String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class); @@ -981,7 +982,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param session MOASession, but never null * @return bPK, which was received by PVP-Attribute, or null if no attribute exists */ - private String getbPKValueFromPVPAttribute(AuthenticationSession session) { + private String getbPKValueFromPVPAttribute(IAuthenticationSession session) { String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class); if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) { @@ -1015,7 +1016,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { * @param session MOASession, but never null * @return bPKType, which was received by PVP-Attribute, or null if no attribute exists */ - private String getbPKTypeFromPVPAttribute(AuthenticationSession session) { + private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) { String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) { @@ -1065,7 +1066,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } - private IdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IdentityLink idl, String bPK, String bPKType) throws MOAIDException { + private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException { if (oaParam.getBusinessService()) { Element idlassertion = idl.getSamlAssertion(); //set bpk/wpbk; @@ -1076,7 +1077,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { prIdentificationType.getFirstChild().setNodeValue(bPKType); IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink businessServiceIdl = idlparser.parseIdentityLink(); + IIdentityLink businessServiceIdl = idlparser.parseIdentityLink(); //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index ac93d7af9..9ca15c76f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -29,12 +29,12 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -74,7 +74,7 @@ public class SignatureVerificationUtils { } } - public VerifyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { try { //build signature-verification request Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); @@ -84,7 +84,7 @@ public class SignatureVerificationUtils { .verifyXMLSignature(domVerifyXMLSignatureRequest); // parses the - VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); return verifyXMLSignatureResponse; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index a72f6c2ea..94651915e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -46,20 +46,26 @@ import java.util.Map; import org.apache.commons.collections4.map.HashedMap; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import iaik.x509.X509Certificate; /** - * Session data to be stored between AuthenticationServer API calls. * - * @author Paul Ivancsics - * @version $Id$ + * Serializable implementation of the {@link IAuthenticationSession} interface, which could be stored into a + * AuthenticationSession database + * + * @author Thomas Lenz + * */ -public class AuthenticationSession implements Serializable { +public class AuthenticationSession implements Serializable, IAuthenticationSession { /** * @@ -94,7 +100,7 @@ public class AuthenticationSession implements Serializable { * * Mandate element */ - private MISMandate mandate; + private IMISMandate mandate; /** * Reference value for mandate bussiness service for the assertion @@ -110,7 +116,7 @@ public class AuthenticationSession implements Serializable { /** * identity link read from smartcard */ - private IdentityLink identityLink; + private IIdentityLink identityLink; /** * authentication block to be signed by the user @@ -151,7 +157,7 @@ public class AuthenticationSession implements Serializable { private String QAALevel = null; - private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + private IVerifiyXMLSignatureResponse XMLVerifySignatureResponse; private boolean isForeigner; @@ -170,14 +176,61 @@ public class AuthenticationSession implements Serializable { } + /** + * @param id + * @param now + * @param moaSession + */ + public AuthenticationSession(String id, Date now, IAuthenticationSession moaSession) { + sessionID = id; + sessionCreated = now; + + authBlock = moaSession.getAuthBlock(); + authBlockTokken = moaSession.getAuthBlockTokken(); + authenticated = moaSession.isAuthenticated(); + bkuURL = moaSession.getBkuURL(); + extendedSAMLAttributesAUTH = moaSession.getExtendedSAMLAttributesAUTH(); + extendedSAMLAttributesOA = moaSession.getExtendedSAMLAttributesOA(); + + genericSessionDataStorate = moaSession.getGenericSessionDataStorage(); + + identityLink = moaSession.getIdentityLink(); + isForeigner = moaSession.isForeigner(); + isOW = moaSession.isOW(); + issueInstant = moaSession.getIssueInstant(); + mandate = moaSession.getMISMandate(); + mandateReferenceValue = moaSession.getMandateReferenceValue(); + misSessionID = moaSession.getMISSessionID(); + QAALevel = moaSession.getQAALevel(); + samlAttributeGebeORwbpk = moaSession.getSAMLAttributeGebeORwbpk(); + sessionCreated = moaSession.getSessionCreated(); + signerCertificate = moaSession.getEncodedSignerCertificate(); + useMandates = moaSession.isMandateUsed(); + XMLVerifySignatureResponse = moaSession.getXMLVerifySignatureResponse(); + + //TODO: implement session construction from existing eID information + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + */ + @Override public boolean isAuthenticated() { return authenticated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + */ + @Override public void setAuthenticated(boolean authenticated) { this.authenticated = authenticated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override public X509Certificate getSignerCertificate() { try { return new X509Certificate(signerCertificate); @@ -188,10 +241,18 @@ public class AuthenticationSession implements Serializable { } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override public byte[] getEncodedSignerCertificate() { return this.signerCertificate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate) + */ + @Override public void setSignerCertificate(X509Certificate signerCertificate) { try { this.signerCertificate = signerCertificate.getEncoded(); @@ -201,174 +262,141 @@ public class AuthenticationSession implements Serializable { } } - /** - * Returns the identityLink. - * - * @return IdentityLink + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() */ - public IdentityLink getIdentityLink() { + @Override + public IIdentityLink getIdentityLink() { return identityLink; } - /** - * Returns the sessionID. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() */ + @Override public String getSessionID() { return sessionID; } - /** - * Sets the identityLink. - * - * @param identityLink - * The identityLink to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) */ - public void setIdentityLink(IdentityLink identityLink) { + @Override + public void setIdentityLink(IIdentityLink identityLink) { this.identityLink = identityLink; } - /** - * Sets the sessionID. - * - * @param sessionId - * The sessionID to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) */ + @Override public void setSessionID(String sessionId) { this.sessionID = sessionId; } - /** - * Returns the BKU URL. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() */ + @Override public String getBkuURL() { return bkuURL; } - /** - * Sets the bkuURL - * - * @param bkuURL - * The BKU URL to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) */ + @Override public void setBkuURL(String bkuURL) { this.bkuURL = bkuURL; } - /** - * Returns the authBlock. - * - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock() */ + @Override public String getAuthBlock() { return authBlock; } - /** - * Sets the authBlock. - * - * @param authBlock - * The authBlock to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String) */ + @Override public void setAuthBlock(String authBlock) { this.authBlock = authBlock; } - /** - * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe null. - * - * @return The SAML Attributes to be appended to the AUTHBlock. Maybe null. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH() */ + @Override public List getExtendedSAMLAttributesAUTH() { if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList(); return extendedSAMLAttributesAUTH; } - /** - * Sets the SAML Attributes to be appended to the AUTHBlock. - * - * @param extendedSAMLAttributesAUTH - * The SAML Attributes to be appended to the AUTHBlock. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List) */ + @Override public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; } - /** - * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online - * application. Maybe null. - * - * @return The SAML Attributes to be appended to the SAML assertion delivered to the online - * application + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA() */ + @Override public List getExtendedSAMLAttributesOA() { return extendedSAMLAttributesOA; } - /** - * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online - * application. - * - * @param extendedSAMLAttributesOA - * The SAML Attributes to be appended to the SAML assertion delivered to the online - * application. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List) */ + @Override public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; } - /** - * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the - * SAML Assertion or not. - * - * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or - * false if not. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk() */ + @Override public boolean getSAMLAttributeGebeORwbpk() { return this.samlAttributeGebeORwbpk; } - /** - * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the - * SAML Assertion or not. - * - * @param samlAttributeGebeORwbpk - * The boolean for value either a target or wbPK is provided as SAML Attribute in the - * SAML Assertion or not. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean) */ + @Override public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; } - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() */ + @Override public String getIssueInstant() { return issueInstant; } - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant - * The issueInstant to set. + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) */ + @Override public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } - /** - * - * @param useMandate - * indicates if mandate is used or not + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String) */ + @Override public void setUseMandate(String useMandate) { if (useMandate.compareToIgnoreCase("true") == 0) this.useMandates = true; @@ -377,141 +405,172 @@ public class AuthenticationSession implements Serializable { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + */ + @Override public void setUseMandates(boolean useMandates) { this.useMandates = useMandates; } - /** - * @return + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() */ + @Override public boolean isMandateUsed() { return this.useMandates; } - /** - * - * @param misSessionID - * indicates the MIS session ID + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) */ + @Override public void setMISSessionID(String misSessionID) { this.misSessionID = misSessionID; } - /** - * Returns the MIS session ID - * - * @return + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID() */ + @Override public String getMISSessionID() { return this.misSessionID; } - /** - * @return the mandateReferenceValue + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue() */ + @Override public String getMandateReferenceValue() { return mandateReferenceValue; } - /** - * @param mandateReferenceValue - * the mandateReferenceValue to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String) */ + @Override public void setMandateReferenceValue(String mandateReferenceValue) { this.mandateReferenceValue = mandateReferenceValue; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() + */ + @Override public boolean isForeigner() { return isForeigner; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + */ + @Override public void setForeigner(boolean isForeigner) { this.isForeigner = isForeigner; } - public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse() + */ + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { return XMLVerifySignatureResponse; } - public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse) + */ + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { XMLVerifySignatureResponse = xMLVerifySignatureResponse; } - public MISMandate getMISMandate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate() + */ + @Override + public IMISMandate getMISMandate() { return mandate; } - public void setMISMandate(MISMandate mandate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate) + */ + @Override + public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } - /** - * @return the isOW + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() */ + @Override public boolean isOW() { return isOW; } - /** - * @param isOW - * the isOW to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) */ + @Override public void setOW(boolean isOW) { this.isOW = isOW; } - /** - * @return the authBlockTokken + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() */ + @Override public String getAuthBlockTokken() { return authBlockTokken; } - /** - * @param authBlockTokken - * the authBlockTokken to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String) */ + @Override public void setAuthBlockTokken(String authBlockTokken) { this.authBlockTokken = authBlockTokken; } - /** - * eIDAS QAA level - * - * @return the qAALevel + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() */ + @Override public String getQAALevel() { return QAALevel; } - /** - * set QAA level in eIDAS form - * - * @param qAALevel the qAALevel to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) */ + @Override public void setQAALevel(String qAALevel) { QAALevel = qAALevel; } - /** - * @return the sessionCreated + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() */ + @Override public Date getSessionCreated() { return sessionCreated; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + */ + @Override public Map getGenericSessionDataStorage() { return genericSessionDataStorate; } - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @return The session-data object or null if no data is found with this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) */ + @Override public Object getGenericDataFromSession(String key) { if (MiscUtil.isNotEmpty(key)) { return genericSessionDataStorate.get(key); @@ -523,13 +582,10 @@ public class AuthenticationSession implements Serializable { } - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @param clazz The class type which is stored with this key - * @return The session-data object or null if no data is found with this key + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) */ + @Override public T getGenericDataFromSession(String key, final Class clazz) { if (MiscUtil.isNotEmpty(key)) { Object data = genericSessionDataStorate.get(key); @@ -555,13 +611,10 @@ public class AuthenticationSession implements Serializable { } - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) */ + @Override public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { if (MiscUtil.isEmpty(key)) { Logger.warn("Generic session-data can not be stored with a 'null' key"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java new file mode 100644 index 000000000..5419e8ae0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java @@ -0,0 +1,492 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.data; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants { + + + private Map sessionData; + + /** + * @param genericDataStorage + */ + public AuthenticationSessionWrapper(Map genericDataStorage) { + this.sessionData = genericDataStorage; + } + + private T wrapStringObject(String key, Object defaultValue, Class clazz) { + if (MiscUtil.isNotEmpty(key)) { + Object obj = sessionData.get(key); + if (obj != null && clazz.isInstance(obj)) + return (T) obj; + } + + if (defaultValue == null) + return null; + + else if (clazz.isInstance(defaultValue)) + return (T)defaultValue; + + else { + Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName()); + + } + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated() + */ + @Override + public boolean isAuthenticated() { + return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean) + */ + @Override + public void setAuthenticated(boolean authenticated) { + sessionData.put(FLAG_IS_AUTHENTICATED, authenticated); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate() + */ + @Override + public X509Certificate getSignerCertificate() { + byte[] encCert = getEncodedSignerCertificate(); + + if (encCert != null) { + try { + return new X509Certificate(encCert); + } + catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + + } + } + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getEncodedSignerCertificate() + */ + @Override + public byte[] getEncodedSignerCertificate() { + return wrapStringObject(VALUE_SIGNER_CERT, null, byte[].class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSignerCertificate(iaik.x509.X509Certificate) + */ + @Override + public void setSignerCertificate(X509Certificate signerCertificate) { + try { + sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded()); + + }catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink() + */ + @Override + public IIdentityLink getIdentityLink() { + return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID() + */ + @Override + public String getSessionID() { + return wrapStringObject(VALUE_SESSIONID, null, String.class); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink) + */ + @Override + public void setIdentityLink(IIdentityLink identityLink) { + sessionData.put(VALUE_IDENTITYLINK, identityLink); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String) + */ + @Override + public void setSessionID(String sessionId) { + sessionData.put(VALUE_SESSIONID, sessionId); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getBkuURL() + */ + @Override + public String getBkuURL() { + return wrapStringObject(VALUE_BKUURL, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setBkuURL(java.lang.String) + */ + @Override + public void setBkuURL(String bkuURL) { + sessionData.put(VALUE_BKUURL, bkuURL); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlock() + */ + @Override + public String getAuthBlock() { + return wrapStringObject(VALUE_AUTHBLOCK, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlock(java.lang.String) + */ + @Override + public void setAuthBlock(String authBlock) { + sessionData.put(VALUE_AUTHBLOCK, authBlock); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesAUTH() + */ + @Override + public List getExtendedSAMLAttributesAUTH() { + return wrapStringObject(VALUE_EXTENTEDSAMLATTRAUTH, new ArrayList(), List.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesAUTH(java.util.List) + */ + @Override + public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { + sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getExtendedSAMLAttributesOA() + */ + @Override + public List getExtendedSAMLAttributesOA() { + return wrapStringObject(VALUE_EXTENTEDSAMLATTROA, null, List.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setExtendedSAMLAttributesOA(java.util.List) + */ + @Override + public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { + sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSAMLAttributeGebeORwbpk() + */ + @Override + public boolean getSAMLAttributeGebeORwbpk() { + return wrapStringObject(FLAG_SAMLATTRIBUTEGEBEORWBPK, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSAMLAttributeGebeORwbpk(boolean) + */ + @Override + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant() + */ + @Override + public String getIssueInstant() { + return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String) + */ + @Override + public void setIssueInstant(String issueInstant) { + sessionData.put(VALUE_ISSUEINSTANT, issueInstant); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandate(java.lang.String) + */ + @Override + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + setUseMandates(true); + else + setUseMandates(false); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean) + */ + @Override + public void setUseMandates(boolean useMandates) { + sessionData.put(FLAG_USE_MANDATE, useMandates); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed() + */ + @Override + public boolean isMandateUsed() { + return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String) + */ + @Override + public void setMISSessionID(String misSessionID) { + sessionData.put(VALUE_MISSESSIONID, misSessionID); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISSessionID() + */ + @Override + public String getMISSessionID() { + return wrapStringObject(VALUE_MISSESSIONID, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMandateReferenceValue() + */ + @Override + public String getMandateReferenceValue() { + return wrapStringObject(VALUE_MISREFVALUE, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMandateReferenceValue(java.lang.String) + */ + @Override + public void setMandateReferenceValue(String mandateReferenceValue) { + sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner() + */ + @Override + public boolean isForeigner() { + return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean) + */ + @Override + public void setForeigner(boolean isForeigner) { + sessionData.put(FLAG_IS_FOREIGNER, isForeigner); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getXMLVerifySignatureResponse() + */ + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { + return wrapStringObject(VALUE_VERIFYSIGRESP, null, IVerifiyXMLSignatureResponse.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setXMLVerifySignatureResponse(at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse) + */ + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { + sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getMISMandate() + */ + @Override + public IMISMandate getMISMandate() { + return wrapStringObject(VALUE_MISMANDATE, null, IMISMandate.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISMandate(at.gv.egovernment.moa.id.data.MISMandate) + */ + @Override + public void setMISMandate(IMISMandate mandate) { + sessionData.put(VALUE_MISMANDATE, mandate); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW() + */ + @Override + public boolean isOW() { + return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean) + */ + @Override + public void setOW(boolean isOW) { + sessionData.put(FLAG_IS_ORGANWALTER, isOW); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken() + */ + @Override + public String getAuthBlockTokken() { + return wrapStringObject(VALUE_AUTNBLOCKTOKKEN, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthBlockTokken(java.lang.String) + */ + @Override + public void setAuthBlockTokken(String authBlockTokken) { + sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel() + */ + @Override + public String getQAALevel() { + return wrapStringObject(VALUE_QAALEVEL, null, String.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String) + */ + @Override + public void setQAALevel(String qAALevel) { + sessionData.put(VALUE_QAALEVEL, qAALevel); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated() + */ + @Override + public Date getSessionCreated() { + return wrapStringObject(VALUE_CREATED, null, Date.class); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage() + */ + @Override + public Map getGenericSessionDataStorage() { + Map result = new HashMap(); + for (String el : sessionData.keySet()) { + if (el.startsWith(GENERIC_PREFIX)) + result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el)); + + } + + return result; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String) + */ + @Override + public Object getGenericDataFromSession(String key) { + return sessionData.get(GENERIC_PREFIX + key); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericDataFromSession(String key, Class clazz) { + return wrapStringObject(GENERIC_PREFIX + key, null, clazz); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object) + */ + @Override + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + sessionData.put(GENERIC_PREFIX + key, object); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index c7fa58eaf..f1d48935f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. @@ -92,13 +94,13 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali * The following values are allowed: *
    *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} *
  • *
* @@ -111,28 +113,28 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getValue() */ public Object getValue() { return value_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getName() */ public String getName() { return name_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getNameSpace() */ public String getNameSpace() { return namespace_; } /** - * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock() + * @see at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#getAddToAUTHBlock() */ public int getAddToAUTHBlock() { return addToAUTHBlock_; @@ -144,16 +146,16 @@ public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Seriali * @param addToAUTHBlock One of the following values: *
    *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK} *
  • *
  • - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY} *
  • *
- * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK} */ public void setAddToAUTHBlock(int addToAUTHBlock) { addToAUTHBlock_ = addToAUTHBlock; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 78f1e14f0..2690bc2cc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -54,6 +54,7 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.DOMUtils; @@ -64,7 +65,7 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink implements Serializable{ +public class IdentityLink implements Serializable, IIdentityLink{ private static final long serialVersionUID = 1L; @@ -128,188 +129,183 @@ public class IdentityLink implements Serializable{ public IdentityLink() { } - /** - * Returns the dateOfBirth. - * @return Calendar - */ - public String getDateOfBirth() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth() + */ + @Override +public String getDateOfBirth() { return dateOfBirth; } - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName() + */ + @Override +public String getFamilyName() { return familyName; } - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName() + */ + @Override +public String getGivenName() { return givenName; } - /** - * Returns the name. - * @return The name. - */ - public String getName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName() + */ + @Override +public String getName() { if (name == null) { name = givenName + " " + familyName; } return name; } - /** - * Returns the identificationValue. - * "identificationValue" is the translation of "Stammzahl". - * @return String - */ - public String getIdentificationValue() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue() + */ + @Override +public String getIdentificationValue() { return identificationValue; } - /** - * Returns the identificationType. - * "identificationType" type of the identificationValue in the IdentityLink. - * @return String + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType() */ + @Override public String getIdentificationType() { return identificationType; } - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String) + */ + @Override +public void setDateOfBirth(String dateOfBirth) { this.dateOfBirth = dateOfBirth; } - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String) + */ + @Override +public void setFamilyName(String familyName) { this.familyName = familyName; } - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String) + */ + @Override +public void setGivenName(String givenName) { this.givenName = givenName; } - /** - * Sets the identificationValue. - * "identificationValue" is the translation of "Stammzahl". - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String) + */ + @Override +public void setIdentificationValue(String identificationValue) { this.identificationValue = identificationValue; } - /** - * Sets the Type of the identificationValue. - * @param identificationType The type of identificationValue to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String) */ + @Override public void setIdentificationType(String identificationType) { this.identificationType = identificationType; } - /** - * Returns the samlAssertion. - * @return Element - */ - public Element getSamlAssertion() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion() + */ + @Override +public Element getSamlAssertion() { return samlAssertion; } - /** - * Returns the samlAssertion. - * @return Element - */ - public String getSerializedSamlAssertion() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion() + */ + @Override +public String getSerializedSamlAssertion() { return serializedSamlAssertion; } - /** - * Sets the samlAssertion and the serializedSamlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element) + */ + @Override +public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { this.samlAssertion = samlAssertion; this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion); } - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - public Element[] getDsigReferenceTransforms() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms() + */ + @Override +public Element[] getDsigReferenceTransforms() { return dsigReferenceTransforms; } - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[]) + */ + @Override +public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { this.dsigReferenceTransforms = dsigReferenceTransforms; } - /** - * Returns the publicKey. - * @return PublicKey[] - */ - public PublicKey[] getPublicKey() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey() + */ + @Override +public PublicKey[] getPublicKey() { return publicKey; } - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - public void setPublicKey(PublicKey[] publicKey) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[]) + */ + @Override +public void setPublicKey(PublicKey[] publicKey) { this.publicKey = publicKey; } - /** - * Returns the prPerson. - * @return Element - */ - public Element getPrPerson() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson() + */ + @Override +public Element getPrPerson() { return prPerson; } - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - public void setPrPerson(Element prPerson) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element) + */ + @Override +public void setPrPerson(Element prPerson) { this.prPerson = prPerson; } - /** - * Returns the issuing time of the identity link SAML assertion. - * - * @return The issuing time of the identity link SAML assertion. - */ - public String getIssueInstant() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant() + */ + @Override +public String getIssueInstant() { return issueInstant; } - /** - * Sets the issuing time of the identity link SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - public void setIssueInstant(String issueInstant) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String) + */ + @Override +public void setIssueInstant(String issueInstant) { this.issueInstant = issueInstant; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java index e9a278d0f..82263f7a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java @@ -46,12 +46,13 @@ package at.gv.egovernment.moa.id.auth.data; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; /** * Includes the result of an extended infobox validation. * * If validation succeeds, an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute ExtendedSAMLAttributes} * maybe provided. Each of these SAML-Attributes will be either appended to the * final SAML-Assertion passed to the online application or to the AUTH-Block, * or to both. @@ -65,7 +66,7 @@ public interface InfoboxValidationResult { /** * The method returns true if validation succeeds. In that case * method {@link #getExtendedSamlAttributes()} may provide an array of - * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the * AUTH-Block or to both. *
@@ -78,14 +79,14 @@ public interface InfoboxValidationResult { public boolean isValid(); /** - * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * Returns an array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be added to the SAML-Assertion * provided to the online application. * The SAML-Attributes in that array will be added to the final * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged * in the array this method returns. * - * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute + * @return An array of {@link at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute * ExtendedSAMLAttributes} that should be added to the SAML-Assertion * provided to the online application, the AUTH-Block, or both. If no attributes should * be added this array maybe null or empty. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java index 0ba17eb2f..c5183d29c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.data; +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; /** * Default implementation of the {@link InfoboxValidationResult} interface. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index 6cf1de319..c054976ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -49,6 +49,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; import java.util.Date; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import iaik.x509.X509Certificate; /** @@ -59,7 +60,7 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse implements Serializable{ +public class VerifyXMLSignatureResponse implements Serializable, IVerifiyXMLSignatureResponse{ private static final long serialVersionUID = 1L; @@ -89,173 +90,179 @@ public class VerifyXMLSignatureResponse implements Serializable{ private Date signingDateTime; - /** - * Returns the certificateCheckCode. - * @return int - */ - public int getCertificateCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getCertificateCheckCode() + */ + @Override +public int getCertificateCheckCode() { return certificateCheckCode; } - /** - * Returns the signatureCheckCode. - * @return int - */ - public int getSignatureCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureCheckCode() + */ + @Override +public int getSignatureCheckCode() { return signatureCheckCode; } - /** - * Returns the xmlDSIGManifestCheckCode. - * @return int - */ - public int getXmlDSIGManifestCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDSIGManifestCheckCode() + */ + @Override +public int getXmlDSIGManifestCheckCode() { return xmlDSIGManifestCheckCode; } - /** - * Returns the xmlDsigSubjectName. - * @return String - */ - public String getXmlDsigSubjectName() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getXmlDsigSubjectName() + */ + @Override +public String getXmlDsigSubjectName() { return xmlDsigSubjectName; } - /** - * Sets the certificateCheckCode. - * @param certificateCheckCode The certificateCheckCode to set - */ - public void setCertificateCheckCode(int certificateCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setCertificateCheckCode(int) + */ + @Override +public void setCertificateCheckCode(int certificateCheckCode) { this.certificateCheckCode = certificateCheckCode; } - /** - * Sets the signatureCheckCode. - * @param signatureCheckCode The signatureCheckCode to set - */ - public void setSignatureCheckCode(int signatureCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureCheckCode(int) + */ + @Override +public void setSignatureCheckCode(int signatureCheckCode) { this.signatureCheckCode = signatureCheckCode; } - /** - * Sets the xmlDSIGManifestCheckCode. - * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set - */ - public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManifestCheckCode(int) + */ + @Override +public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) { this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode; } - /** - * Sets the xmlDsigSubjectName. - * @param xmlDsigSubjectName The xmlDsigSubjectName to set - */ - public void setXmlDsigSubjectName(String xmlDsigSubjectName) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDsigSubjectName(java.lang.String) + */ + @Override +public void setXmlDsigSubjectName(String xmlDsigSubjectName) { this.xmlDsigSubjectName = xmlDsigSubjectName; } - /** - * Returns the publicAuthorityCode. - * @return int - */ - public String getPublicAuthorityCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getPublicAuthorityCode() + */ + @Override +public String getPublicAuthorityCode() { return publicAuthorityCode; } - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityCode The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthorityCode(java.lang.String) + */ + @Override +public void setPublicAuthorityCode(String publicAuthorityCode) { this.publicAuthorityCode = publicAuthorityCode; } - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isQualifiedCertificate() + */ + @Override +public boolean isQualifiedCertificate() { return qualifiedCertificate; } - /** - * Returns the x509certificate. - * @return X509Certificate - */ - public X509Certificate getX509certificate() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getX509certificate() + */ + @Override +public X509Certificate getX509certificate() { return x509certificate; } - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setQualifiedCertificate(boolean) + */ + @Override +public void setQualifiedCertificate(boolean qualifiedCertificate) { this.qualifiedCertificate = qualifiedCertificate; } - /** - * Sets the x509certificate. - * @param x509certificate The x509certificate to set - */ - public void setX509certificate(X509Certificate x509certificate) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setX509certificate(iaik.x509.X509Certificate) + */ + @Override +public void setX509certificate(X509Certificate x509certificate) { this.x509certificate = x509certificate; } - /** - * Returns the xmlDSIGManigest. - * @return boolean - */ - public boolean isXmlDSIGManigest() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isXmlDSIGManigest() + */ + @Override +public boolean isXmlDSIGManigest() { return xmlDSIGManigest; } - /** - * Sets the xmlDSIGManigest. - * @param xmlDSIGManigest The xmlDSIGManigest to set - */ - public void setXmlDSIGManigest(boolean xmlDSIGManigest) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setXmlDSIGManigest(boolean) + */ + @Override +public void setXmlDSIGManigest(boolean xmlDSIGManigest) { this.xmlDSIGManigest = xmlDSIGManigest; } - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#isPublicAuthority() + */ + @Override +public boolean isPublicAuthority() { return publicAuthority; } - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setPublicAuthority(boolean) + */ + @Override +public void setPublicAuthority(boolean publicAuthority) { this.publicAuthority = publicAuthority; } - /** - * Returns the the resulting code of the signature manifest check. - * - * @return The code of the sigature manifest check. - */ - public int getSignatureManifestCheckCode() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSignatureManifestCheckCode() + */ + @Override +public int getSignatureManifestCheckCode() { return signatureManifestCheckCode; } - /** - * Sets the signatureManifestCode. - * - * @param signatureManifestCheckCode The signatureManifestCode to set. - */ - public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSignatureManifestCheckCode(int) + */ + @Override +public void setSignatureManifestCheckCode(int signatureManifestCheckCode) { this.signatureManifestCheckCode = signatureManifestCheckCode; } - public Date getSigningDateTime() { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#getSigningDateTime() + */ +@Override +public Date getSigningDateTime() { return signingDateTime; } - public void setSigningDateTime(Date signingDateTime) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) + */ +@Override +public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 1b78ff677..ec6dbc951 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing @@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public abstract class AbstractAuthServletTask extends MoaIdTask { @Autowired protected IRequestStorage requestStoreage; - @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; + //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; protected static final String ERROR_CODE_PARAM = "errorid"; protected IRequest pendingReq = null; - protected AuthenticationSession moasession = null; + protected IAuthenticationSession moasession = null; public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException; @@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { * @throws MOADatabaseException */ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { - String moasessionid = pendingReq.getMOASessionIdentifier(); - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - try { - moasession = authenticatedSessionStorage.getSession(moasessionid); - - if (moasession == null) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - } + Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID()); + moasession = pendingReq.getMOASession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index dfb90da3a..1c26ff5ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { private static final String PARAM_SSO_CONSENTS = "value"; @Autowired private SSOManager ssoManager; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { ssoConsents = Boolean.parseBoolean(ssoConsentsString); //perform default task initialization - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - if (!(isValidSSOSession && moasession.isAuthenticated() )) { + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); + //Populate this pending request with SSO session information + pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession); + + //user allow single sign-on authentication if (ssoConsents) { + //authenticate pending-request pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 6a1ed7203..4eff0fcf5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { try { defaultTaskInitialization(request, executionContext); - //set MOASession to authenticated and store MOASession + //set MOASession to authenticated moasession.setAuthenticated(true); - String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); - //set pendingRequest to authenticated and set new MOASessionID - ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); + //set pending request to authenticated pendingReq.setAuthenticated(true); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index a5783bfb7..8f7364f62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -61,6 +61,7 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -256,8 +257,8 @@ public class IdentityLinkAssertionParser { * @throws ParseException on any parsing error */ - public IdentityLink parseIdentityLink() throws ParseException { - IdentityLink identityLink; + public IIdentityLink parseIdentityLink() throws ParseException { + IIdentityLink identityLink; try { identityLink = new IdentityLink(); identityLink.setSamlAssertion(assertionElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 140c7aebc..92d76751f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -30,13 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -51,7 +51,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ @Autowired AuthConfiguration authConfig; - public void parse(AuthenticationSession moasession, + public void parse(IAuthenticationSession moasession, String target, String oaURL, String bkuURL, @@ -221,8 +221,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } - public void parse(ExecutionContext ec, HttpServletRequest req, - AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { + public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) + throws WrongParametersException, MOAIDException { //get Parameters from request String oaURL = (String) ec.get(PARAM_OA); @@ -231,20 +231,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ String useMandate = (String) ec.get(PARAM_USEMANDATE); String ccc = (String) ec.get(PARAM_CCC); - if (request.getOnlineApplicationConfiguration() != null && - request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { - Logger.debug("Service " + request.getOnlineApplicationConfiguration().getPublicURLPrefix() + if (pendingReq.getOnlineApplicationConfiguration() != null && + pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { + Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + " only allows authentication with mandates. --> Set useMandate to TRUE."); - useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); + useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); } - oaURL = request.getOAURL(); + oaURL = pendingReq.getOAURL(); //only needed for SAML1 - String target = request.getGenericData("saml1_target", String.class); + String target = pendingReq.getGenericData("saml1_target", String.class); - parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 7bce406e0..b54a43fff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -56,6 +56,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -168,9 +169,9 @@ public class VerifyXMLSignatureResponseParser { * @throws ParseException on any parsing error */ - public VerifyXMLSignatureResponse parseData() throws ParseException { + public IVerifiyXMLSignatureResponse parseData() throws ParseException { - VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 5e09380ae..a146f778e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -134,16 +134,14 @@ public class IDPSingleLogOutServlet extends AbstractController { try { if (ssoManager.isValidSSOSession(ssoid, null)) { - String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid); - - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID); - if(authSession != null) { - authManager.performSingleLogOut(req, resp, authSession, authURL); - return; + AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid); + + if(authSession != null) { + authManager.performSingleLogOut(req, resp, authSession, authURL); + return; - } } + } } catch (Exception e) { handleErrorNoRedirect(e, req, resp, false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 15333a933..8ef047300 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -56,6 +56,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -105,8 +106,8 @@ public class LogOutServlet { //TODO: Single LogOut Implementation //delete SSO session and MOA session - String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid); - authmanager.performOnlyIDPLogOut(req, resp, moasessionid); + AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid); + authmanager.performOnlyIDPLogOut(moasessionid); Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index d306ec005..f5f056ccc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -34,7 +34,8 @@ import java.util.Map; import org.apache.commons.collections4.map.HashedMap; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; @@ -74,7 +75,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * user identityLink specialized to OAParamter */ - private IdentityLink identityLink; + private IIdentityLink identityLink; /** * application specific user identifier (bPK/wbPK) @@ -138,7 +139,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String pvpAttribute_OU = null; private boolean useMandate = false; - private MISMandate mandate = null; + private IMISMandate mandate = null; private String mandateReferenceValue = null; private boolean foreigner =false; @@ -390,14 +391,14 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @return the identityLink */ - public IdentityLink getIdentityLink() { + public IIdentityLink getIdentityLink() { return identityLink; } /** * @param identityLink the identityLink to set */ - public void setIdentityLink(IdentityLink identityLink) { + public void setIdentityLink(IIdentityLink identityLink) { this.identityLink = identityLink; } @@ -436,7 +437,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @return the mandate */ - public MISMandate getMISMandate() { + public IMISMandate getMISMandate() { return mandate; } @@ -461,7 +462,7 @@ public class AuthenticationData implements IAuthData, Serializable { /** * @param mandate the mandate to set */ - public void setMISMandate(MISMandate mandate) { + public void setMISMandate(IMISMandate mandate) { this.mandate = mandate; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java index c32564679..4c15cd3d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -27,7 +27,8 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; /** * @author tlenz @@ -62,7 +63,7 @@ public interface IAuthData { List getEncbPKList(); - IdentityLink getIdentityLink(); + IIdentityLink getIdentityLink(); byte[] getSignerCertificate(); String getAuthBlock(); @@ -74,7 +75,7 @@ public interface IAuthData { String getPublicAuthorityCode(); boolean isQualifiedCertificate(); - MISMandate getMISMandate(); + IMISMandate getMISMandate(); Element getMandate(); String getMandateReferenceValue(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java index 81157994e..25d50f57a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java @@ -51,12 +51,13 @@ import java.io.Serializable; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; -public class MISMandate implements Serializable{ +public class MISMandate implements Serializable, IMISMandate{ private static final long serialVersionUID = 1L; @@ -81,23 +82,47 @@ public class MISMandate implements Serializable{ private String owBPK = null; // private boolean isFullMandateIncluded = false; + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getProfRep() + */ + @Override public String getProfRep() { return oid; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setProfRep(java.lang.String) + */ + @Override public void setProfRep(String oid) { this.oid = oid; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setOWbPK(java.lang.String) + */ + @Override public void setOWbPK(String oWbPK) { this.owBPK = oWbPK; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getOWbPK() + */ + @Override public String getOWbPK() { return owBPK; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandate() + */ + @Override public byte[] getMandate() { return mandate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateDOM() + */ + @Override public Element getMandateDOM() { try { byte[] byteMandate = mandate; @@ -111,6 +136,10 @@ public class MISMandate implements Serializable{ } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getMandateJaxB() + */ + @Override public Mandate getMandateJaxB() { Element domMandate = getMandateDOM(); if (domMandate != null) @@ -119,10 +148,18 @@ public class MISMandate implements Serializable{ return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#setMandate(byte[]) + */ + @Override public void setMandate(byte[] mandate) { this.mandate = mandate; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IMISMandate#getTextualDescriptionOfOID() + */ + @Override public String getTextualDescriptionOfOID() { if (MiscUtil.isNotEmpty(this.oid)) { if (this.oid.equalsIgnoreCase(OID_NOTAR)) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 34b250bf0..f718777b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired(required=true) private MOAMetadataProvider metadataProvider; public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, null, authURL); } + /** + * @param req + * @param resp + * @param moasessionid + */ + public void performOnlyIDPLogOut(AuthenticationSession authSession) { + + if (authSession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return; + + } + + try { + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + + authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); + return; + } + + } + + public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String moaSessionID) { + HttpServletResponse response, String internalMOASsoSessionID) { Logger.info("Remove active user-session"); - if(moaSessionID == null) { - moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + if(internalMOASsoSessionID == null) { + internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID); } - if(moaSessionID == null) { + if(internalMOASsoSessionID == null) { Logger.info("NO MOA Session to logout"); return; } AuthenticationSession authSession; try { - authSession = authenticatedSessionStore.getSession(moaSessionID); + authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroySession(moaSessionID); - - //session.invalidate(); - + + performOnlyIDPLogOut(authSession); + } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } @@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - authenticatedSessionStore.destroySession(correspondingMOASession); + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); ssoManager.deleteSSOSessionID(httpReq, httpResp); } } @@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession moaSession = null; + AuthenticationSession ssoMOASession = null; if (isValidSSOSession && isSSOAllowed) { - String moasessionID = ssoManager.getMOASession(ssoId); - moaSession = authenticatedSessionStore.getSession(moasessionID); + ssoMOASession = ssoManager.getInternalMOASession(ssoId); - if (moaSession == null) + if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); else { @@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - + boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); + //force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, httpResp, pendingReq); @@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (isSessionAuthenticated) { // Passive authentication ok! revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { throw new NoPassivAuthenticationException(); @@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { // Is authenticated .. proceed revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { // Start authentication! @@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @return true if session is already authenticated, otherwise false * @throws MOAIDException */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { //if no MOASession exist -> authentication is required - if (moaSession == null) { + if (ssoMOASession == null) { return false; } else { - //if MOASession is Found but not authenticated --> authentication is required - if (!moaSession.isAuthenticated()) { + //if MOA SSO-Session is found but not authenticated --> authentication is required + if (!ssoMOASession.isAuthenticated()) { return false; } //if MOASession is already authenticated and protocol-request is authenticated // --> no authentication is required any more - else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest } else if (!protocolRequest.isAuthenticated() - && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); protocolRequest.setAuthenticated(true); - protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; } @@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create MOASession object - AuthenticationSession moasession; - try { - moasession = authenticatedSessionStore.createSession(pendingReq); - pendingReq.setMOASessionIdentifier(moasession.getSessionID()); - - } catch (MOADatabaseException e1) { - Logger.error("Database Error! MOASession can not be created!"); - throw new MOAIDException("init.04", new Object[] {}); - - } - + //create authentication process execution context ExecutionContext executionContext = new ExecutionContextImpl(); @@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; @@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //terminate MOASession try { - authenticatedSessionStore.destroySession(session.getSessionID()); + authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); @@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants { e.printStackTrace(); } } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index ffc6012c9..b612352c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.net.MalformedURLException; import java.net.URL; import java.util.Collection; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -35,10 +36,14 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.metadata.provider.MetadataProvider; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -67,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String requestID; - private String moaSessionIdentifier; private String processInstanceId; + private String ssoMoaSessionId; private String uniqueTransactionIdentifer; private String uniqueSessionIdentifer; @@ -91,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private Map genericDataStorage = new HashMap(); + private IAuthenticationSession moaSSOSessionContainer = null; + /** * @throws ConfigurationException @@ -99,11 +106,14 @@ public abstract class RequestImpl implements IRequest, Serializable{ public final void initialize(HttpServletRequest req) throws ConfigurationException { //set requestID requestID = Random.nextLongRandom(); - + //set unique transaction identifier for logging uniqueTransactionIdentifer = Random.nextLongRandom(); TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); + //initialize session object + genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date()); + genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom()); //check if End-Point is valid String authURLString = HTTPUtils.extractAuthURLFromRequest(req); @@ -247,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{ return requestID; } - public String getMOASessionIdentifier() { - return this.moaSessionIdentifier; + public String getInternalSSOSessionIdentifier() { + return this.ssoMoaSessionId; + } + + /** + * Set the internal SSO session identifier, which associated with this pending request + * + * @param internalSSOSessionId + */ + public void setInternalSSOSessionIdentifier(String internalSSOSessionId) { + this.ssoMoaSessionId = internalSSOSessionId; } - public void setMOASessionIdentifier(String moaSessionIdentifier) { - this.moaSessionIdentifier = moaSessionIdentifier; + public IAuthenticationSession getMOASession() { + //if SSO session information are set, use this + if (moaSSOSessionContainer != null) + return moaSSOSessionContainer; + else + return new AuthenticationSessionWrapper(genericDataStorage); + } + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { + if (ssoSession instanceof AuthenticationSession) { + moaSSOSessionContainer = ssoSession; + + } else + throw new IllegalStateException("Session information can only be populated with SSO information from database"); + + + } + + public IOAAuthParameters getOnlineApplicationConfiguration() { return this.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index c27012ba9..557d9af48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -157,7 +158,7 @@ public class SSOManager { } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); try { - authenticatedSessionStore.destroySession(storedSession.getSessionid()); + authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid()); } catch (MOADatabaseException e) { Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e); @@ -175,8 +176,8 @@ public class SSOManager { } - public String getMOASession(String ssoSessionID) { - return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); + public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException { + return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); } @@ -184,9 +185,9 @@ public class SSOManager { public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); + AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); + if (moaSession != null) { + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID()); return extSessionInformation.getUniqueSessionId(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java index 79afba412..95a7660d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -37,7 +37,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -86,10 +86,10 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro } - AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); - if (moaSession != null) { + AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq); + if (ssoMoaSession != null) { //authenticated MOASession already exists --> protocol-specific postProcessing can start directly - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession); //transaction is finished, log transaction finished event revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); @@ -111,7 +111,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, AuthenticationSession moaSession) { + IRequest pendingReq, IAuthenticationSession moaSession) { Logger.debug("Add SSO information to MOASession."); //Store SSO information into database @@ -140,7 +140,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro * @throws Exception */ protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, AuthenticationSession moaSession) throws Exception { + IRequest pendingReq, IAuthenticationSession moaSession) throws Exception { String newSSOSessionId = null; @@ -161,9 +161,27 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //Store OA specific SSO session information if an SSO cookie is set if (isSSOCookieSetted) { - try { - authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), - newSSOSessionId, sloInformation, pendingReq); + try { + AuthenticationSession internalDBSSOSession = null; + + //create new SSO session, if actually no SSO session exists + if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) { + internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq); + authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + //MOA SSO-session already exists only update is required + } else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) && + moaSession instanceof AuthenticationSession) { + authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), + newSSOSessionId, sloInformation, pendingReq); + + } else { + Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName() + + " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier()); + throw new AuthenticationException("1299", null); + + } } catch (AuthenticationException e) { Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); @@ -218,19 +236,8 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro protected void removeUserSession(IRequest pendingReq, HttpServletRequest req, HttpServletResponse resp) { - try { - AuthenticationSession moaSession = authenticatedSessionStorage.getSession( - pendingReq.getMOASessionIdentifier()); - - if (moaSession != null) - authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); - - } catch (MOADatabaseException e) { - Logger.error("Remove user-session FAILED." , e); - - } - - + authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier()); + } protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 0da43d818..0f9b615a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -32,14 +32,12 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -112,48 +110,33 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon try { Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); - //get MOASession from database - String sessionID = pendingReq.getMOASessionIdentifier(); - - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12"); - - } + //get MOA session data object from pending request + IAuthenticationSession pendingMoaSession = pendingReq.getMOASession(); - //load MOASession from database - AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID); - if (moaSession == null) { - Logger.error("No MOASession with ID " + sessionID + " found.!"); - handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true); - - } else { + //check if pending-request has 'abortedByUser' flag set + if (pendingReq.isAbortedByUser()) { + //send authentication aborted error to Service Provider + buildProtocolSpecificErrorResponse( + new AuthenticationException("auth.21", new Object[] {}), + req, resp, pendingReq); - //check if pending-request has 'abortedByUser' flag set - if (pendingReq.isAbortedByUser()) { - //send authentication aborted error to Service Provider - buildProtocolSpecificErrorResponse( - new AuthenticationException("auth.21", new Object[] {}), - req, resp, pendingReq); + //do not remove the full active SSO-Session + // in case of only one Service-Provider authentication request is aborted + if ( !(pendingMoaSession.isAuthenticated() + && pendingReq.needSingleSignOnFunctionality()) ) { + removeUserSession(pendingReq, req, resp); - //do not remove the full active SSO-Session - // in case of only one Service-Provider authentication request is aborted - if ( !(moaSession.isAuthenticated() - && pendingReq.needSingleSignOnFunctionality()) ) { - removeUserSession(pendingReq, req, resp); - - } - - //check if MOASession and pending-request are authenticated - } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); - - } else { - //suspect state: pending-request is not aborted but also are not authenticated - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - - } + } + + //check if MOASession and pending-request are authenticated + } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession); + + } else { + //suspect state: pending-request is not aborted but also are not authenticated + Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); + handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); + } } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index a611c72b9..b7d21f903 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -26,8 +26,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -45,7 +45,7 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class); if (MiscUtil.isEmpty(profRepName)) { - MISMandate misMandate = authData.getMISMandate(); + IMISMandate misMandate = authData.getMISMandate(); if(misMandate == null) { throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java index bef9afd8f..04de3288a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -23,8 +23,8 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -41,7 +41,7 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class); if (MiscUtil.isEmpty(profRepOID)) { - MISMandate mandate = authData.getMISMandate(); + IMISMandate mandate = authData.getMISMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index cd14664f9..365a31fe1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -107,10 +107,10 @@ public class AttributQueryAction implements IAction { try { //get Single Sign-On information for the Service-Provider // which sends the Attribute-Query request - AuthenticationSession moaSession = authenticationSessionStorage.getSession(pendingReq.getMOASessionIdentifier()); + AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); if (moaSession == null) { - Logger.warn("No MOASession with ID:" + pendingReq.getMOASessionIdentifier() + " FOUND."); - throw new MOAIDException("auth.02", new Object[]{pendingReq.getMOASessionIdentifier()}); + Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND."); + throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()}); } InterfederationSessionStore nextIDPInformation = @@ -155,9 +155,9 @@ public class AttributQueryAction implements IAction { throw new MOAIDException("pvp2.01", null, e); } catch (MOADatabaseException e) { - Logger.error("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() + " is not found in Database", e); - throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() }); + throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index f09a3c30c..a7a249eed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -56,7 +56,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; @@ -600,7 +600,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { //check active MOASession String nameID = attrQuery.getSubject().getNameID().getValue(); - AuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID); + IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID); if (session == null) { Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); throw new AttributQueryException("auth.31", null); @@ -620,7 +620,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { pendingReq.setAction(AttributQueryAction.class.getName()); //add moasession - pendingReq.setMOASessionIdentifier(session.getSessionID()); + pendingReq.setInternalSSOSessionIdentifier(session.getSessionID()); //write revisionslog entry revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index c762e2505..ff703d585 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -37,11 +37,11 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -94,7 +94,7 @@ public class SingleLogOutAction implements IAction { MOARequest samlReq = (MOARequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - AuthenticationSession session = + IAuthenticationSession session = authenticationSessionStorage.searchMOASessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); @@ -114,10 +114,9 @@ public class SingleLogOutAction implements IAction { sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); return null; - } else { - String moasession = ssomanager.getMOASession(ssoID); + } else { try { - session = authenticationSessionStorage.getSession(moasession); + session = ssomanager.getInternalMOASession(ssoID); if (session == null) throw new MOADatabaseException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index 2457d2fe4..b6fed5934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -33,7 +33,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -78,7 +78,7 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter { SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); - VerifyXMLSignatureResponse result = sigVerify.verify( + IVerifiyXMLSignatureResponse result = sigVerify.verify( serialized, trustProfileID); //check signature-verification result diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 7dd6d15cd..ad200e400 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -75,12 +76,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //@Autowired MOASessionDBUtils moaSessionDBUtils; @Override - public boolean isAuthenticated(String moaSessionID) { + public boolean isAuthenticated(String internalSsoSessionID) { AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID); + session = searchInDatabase(internalSsoSessionID); return session.isAuthenticated(); } catch (MOADatabaseException e) { @@ -89,8 +90,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { - String id = Random.nextRandom(); + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { + String id = Random.nextLongRandom(); try { AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); dbsession.setSessionid(id); @@ -106,12 +107,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier()); dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - AuthenticationSession session = new AuthenticationSession(id, now); + AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession()); encryptSession(session, dbsession); //store AssertionStore element to Database entityManager.persist(dbsession); - Logger.info("Create MOASession with sessionID: " + id); + Logger.info("Create MOA SSO-Session with internal sessionID: " + id); return session; @@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + public AuthenticationSession getInternalSSOSession(String sessionID) throws MOADatabaseException { if (MiscUtil.isEmpty(sessionID)) return null; @@ -189,30 +190,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - - encryptSession(session, dbsession); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setAuthenticated(session.isAuthenticated()); - dbsession.setUpdated(new Date()); - - entityManager.merge(dbsession); - Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - } - } - - @Override - public void destroySession(String moaSessionID) throws MOADatabaseException { + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { Query query = entityManager.createNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); + query.setParameter("sessionid", internalSsoSessionID); List results = query.getResultList(); Logger.trace("Found entries: " + results.size()); @@ -229,39 +210,6 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } - @Override - public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException { - - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - - Logger.debug("Change SessionID from " + session.getSessionID() - + "to " + newSessionID); - - session.setSessionID(newSessionID); - encryptSession(session, dbsession); - - dbsession.setSessionid(newSessionID); - dbsession.setAuthenticated(session.isAuthenticated()); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setUpdated(new Date()); - - entityManager.merge(dbsession); - - Logger.trace("Change SessionID complete."); - - return newSessionID; - - } - - @Override - public String changeSessionID(AuthenticationSession session) - throws BuildException, MOADatabaseException { - String id = Random.nextRandom(); - return changeSessionID(session, id); - - } - @Override public void setAuthenticated(String moaSessionID, boolean isAuthenticated) { @@ -279,7 +227,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public String getMOASessionSSOID(String SSOSessionID) { + public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException { MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); @@ -295,7 +243,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return null; } else - return results.get(0).getSessionid(); + try { + return decryptSession(results.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e); + throw new MOADatabaseException("MOASession deserialization-exception"); + } } @@ -413,7 +367,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public List getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + public List getAllActiveOAFromMOASession(IAuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database."); @@ -429,7 +383,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { + public List getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database."); @@ -444,7 +398,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(userNameID, "userNameID"); Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " @@ -475,7 +429,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType) { MiscUtil.assertNotNull(moaSession, "MOASession"); MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); MiscUtil.assertNotNull(protocolType, "usedProtocol"); @@ -505,7 +459,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String) */ @Override - public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) { + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) { OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule); if (activeOA != null) { activeOA.setAttributeQueryUsed(true); @@ -516,7 +470,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } @Override - public AuthenticationSession getSessionWithUserNameID(String nameID) { + public IAuthenticationSession getSessionWithUserNameID(String nameID) { MiscUtil.assertNotNull(nameID, "nameID"); Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); @@ -592,20 +546,35 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { AuthenticatedSessionStore dbsession = null; + AuthenticationSession moaSession = null; Date now = new Date(); //search for active session - String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier()); - if (MiscUtil.isNotEmpty(moaSession)) { + if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) { + Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO"); + moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier()); + + } else { + Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object"); + moaSession = createInternalSSOSession(req); + + } + + if (moaSession != null) { try { - dbsession = searchInDatabase(moaSession); + dbsession = searchInDatabase(moaSession.getSessionID()); }catch (MOADatabaseException e) { Logger.error("NO MOASession found but MOASession MUST already exist!"); throw e; - } - } - + } + + } else { + Logger.error("NO MOASession found but MOASession MUST already exist!"); + throw new MOADatabaseException("NO MOASession found but MOASession MUST already exist!"); + + } + dbsession.setUpdated(now); //decrypt MOASession diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java index 934b7ca65..c8d09e17e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -30,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -48,103 +49,74 @@ public interface IAuthenticationSessionStoreage { /** * Check if the stored MOASession is already authenticated * - * @param moaSessionID MOASession identifier + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return true if the MOASession is authenticated, otherwise false */ - public boolean isAuthenticated(String moaSessionID); + public boolean isAuthenticated(String internalSsoSessionID); /** - * Create a new MOASession + * Create a new MOA SSO-Session object in database + * The SSO session object get populated with eID information from pending request * * @param target Pending Request which is associated with this MOASession * @return MOASession object * @throws MOADatabaseException MOASession storage operation FAILED * @throws BuildException MOASession encryption FAILED */ - public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException; + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException; /** * Get a MOASession with sessionID * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return MOASession, or null if no session exists with this ID * @throws MOADatabaseException MOASession load operation FAILED */ - public AuthenticationSession getSession(String sessionID) throws MOADatabaseException; + public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException; /** * Get the session-data extension-object for a MOASession * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null * @throws MOADatabaseException MOASession load operation FAILED */ - public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException; + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) throws MOADatabaseException; /** * Store a session-data extension-object to MOASession * - * @param sessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @param sessionExtensions AuthenticationSessionExtensions object * @throws MOADatabaseException MOASession storage operation FAILED */ - public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; + public void setAuthenticationSessionExtensions(String internalSsoSessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; - /** - * Store a MOASession - * - * @param session MOASession which should be stored - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption FAILED - */ - public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException; - /** * Delete a MOASession * - * @param moaSessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @throws MOADatabaseException MOASession delete operation FAILED */ - public void destroySession(String moaSessionID) throws MOADatabaseException; - - - /** - * Change the sessionID of a MOASession - * - * @param session MOASession for which the sessionID should be changed - * @param newSessionID new MOASessionID which should be used - * @return new MOASessionID - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption/decryption FAILED - */ - public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException; - - /** - * Change the sessionID of a MOASession - * - * @param session MOASession for which the sessionID should be changed - * @return new MOASessionID - * @throws MOADatabaseException MOASession storage operation FAILED - * @throws BuildException MOASession encryption/decryption FAILED - */ - public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException; - + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException; + /** * Set the isAuthenticated flag to MOASession * - * @param moaSessionID SessionID which corresponds to a MOASession + * @param internalSsoSessionID Internal MOA SSO-Session identifier * @param isAuthenticated Is authenticated flag (true/false) */ - public void setAuthenticated(String moaSessionID, boolean isAuthenticated); + public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated); /** * Find the MOASessionId of an active Single Sign-On session * * @param SSOSessionID Single Sign-On sessionID - * @return MOASessionID of the associated MOASession + * @return internal MOA SSO-Session of the associated SSO-Session Id + * @throws MOADatabaseException */ - public String getMOASessionSSOID(String SSOSessionID); + public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException; /** * Check if a MOASession is an active Single Sign-On session @@ -182,7 +154,7 @@ public interface IAuthenticationSessionStoreage { * @param moaSession MOASession data object * @return List of Service-Provider information */ - public List getAllActiveOAFromMOASession(AuthenticationSession moaSession); + public List getAllActiveOAFromMOASession(IAuthenticationSession moaSession); /** @@ -191,7 +163,7 @@ public interface IAuthenticationSessionStoreage { * @param moaSession MOASession data object * @return List of Interfederation-IDP information */ - public List getAllActiveIDPsFromMOASession(AuthenticationSession moaSession); + public List getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession); /** * Search a MOASession by using already transfered authentication information @@ -200,7 +172,7 @@ public interface IAuthenticationSessionStoreage { * @param userNameID UserId (bPK), which was send to this Service-Provider * @return MOASession, or null if no corresponding MOASession is found */ - public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); + public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); /** * Search a active Single Sign-On session for a specific Service-Provider @@ -210,7 +182,7 @@ public interface IAuthenticationSessionStoreage { * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider * @return Internal Single Sign-On information for this Service-Provider */ - public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType); + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType); /** @@ -219,7 +191,7 @@ public interface IAuthenticationSessionStoreage { * @param nameID UserID (bPK) * @return MOASession, or null if no corresponding MOASession is found */ - public AuthenticationSession getSessionWithUserNameID(String nameID); + public IAuthenticationSession getSessionWithUserNameID(String nameID); /** * Search an active federation IDP which could be used for federated Single Sign-On @@ -283,7 +255,7 @@ public interface IAuthenticationSessionStoreage { * @param oaurl * @param requestedModule */ - public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule); + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule); /** * @param nextIDPInformation -- cgit v1.2.3